On September 12, 2021 2:47:38 PM UTC, "Andrew M.A. Cater" <amaca...@einval.com>
wrote:
nice summary, Andy. a couple of things that i feel are important to add. first
(i accidentally trimmed context) is about debian package distribution.
for those people unfamiliar with it, who have been used to other package
management being distributed via "trusted" website download (node, pypi,
Mozilla B2G), debian CRITICALLY DOES NOT rely on or trust web sites or SSL
Certificates in any way, shape or form.
debian's distribution validation is *fundamentally* tied to the web-of-trust
GPG keyring, which is itself signed and distributed as a debian package.
if you are of the belief that the debian *website* or *domain* are the sole
exclusive trust authority then you have left yourself open and vulnerable to
attacks of many different varieties, too numerous to list here.
please, therefore: trust and check the *GPG signatures*.
>4. Other platforms may have more/less support: this is not for want of
>effort
>and a unified approach would be really very helpful. [This might need a
>more standard approach to boot methods/co-operation from manufacturers
>and is not something to be solved immediately].
second, is about this. sad to say, any expectations of collaboration from
manufacturers is expecting far too much.
shockingly, LG's Lawyers for example actually consider it to be a failure *on
their part* if you even *notice* that LG's TV products have been criminally
infringing copyright law for decades.
Allwinner Chinese employees are paranoid about IP Theft by Westerners because
they themselves do it all the time, and therefore expect Westerners to "punish"
them by stealing or hacking their networks at their offices.
yes, really.
i was invited to visit the Allwinner offices a few years ago and the Chinese
staff treated me like I was there to commit Industrial Espionage. i felt so
unsafe as a result, i could not dare consider a return visit.
from a product perspective, products involving ARM SoCs are *NOT* designed for
user programmability "convenience". they're not even designed for the *OEM's*
convenience!
both Mediatek and LG have a policy of designing products *entirely on behalf*
of OEMs. they design it, they program it, they deliver it. LG even *make* the
damn products: the first time the OEM ever sees it is when it turns up at the
Customs port!
i am basically painting a picture here of the realities of ARM SoCs, which is
that the Fabless Semi Companies are ACTIVELY HOSTILE to the entire Free
Software Community.
we are a THREAT to them.
how DARE we reverse-engineer THEIR products and steal all THEIR secret
commercial information!
never mind the fact that without Free Software they wouldn't even be able to
sell one single product: in their minds, one tiny change to one single header
file is sufficient justification to flagrantly and blatantly ignore the
fundamental tenets of Copyright Law.
even those Companies that understand Copyright Law *still* do not wish to
cooperate or collaborate because (a) it costs money to do so (b) it reveals
commercially confidental information (c) it doesn't help sell product that (d)
is *specifically designed for non-end-user-programmability in the first place*!
much as i and everyone else is terribly frustrated with how badly the Free
Software Community is treated by the Fabless Semi companies, expecting *any*
type of cooperation from them *or from ARM* is unfortunately completely
unrealistic.
Roger spent considerable time kindly explaining how long it took to get Linaro
established. Linaro is about the limit of what ARM can do, only working with
*willing* participatory Fabless Semi companies to create standards. given the
sheer massive diversity with literally thousands of ARM licensees, any attempt
at "restrictive" standardisation is going to result in pushback and resultant
loss of business for ARM.
it's a shitty sutuation but important to understand the context, so that we do
not, as a community, spend too much of our time either complaining or fighting
or unrealistically wishing things were different.
personally i am so absolutely fed up with seeing so much of *our* (collective)
personal money going into "fixing" the mess that Fabless Semi companies leave
behind that i concluded that the only way to properly fix it is to *become* a
Fabless Semiconductor ASIC designer, and create an actual SoC that actually
properly respects Software Libre to the bedrock (http://libre-soc.org)
unfortunately, due to ARM's licensing model, it can't be an ARM-compatible
design. we picked Power ISA instead.
l.
