Re: [U-Boot] U-book and GPLv3? (fwd)
Mike Frysinger wrote: Obviously the second item here will become void if vendor lockout of updates becomes common. So what will be left of the essential freedoms? I can study the code, I can modify it, but I am not allowed to run it. Excellent. and this is why i dislike the GPLv3. the GPLv2 was all about the source, so the conversation between developers and everyone else was you can take my source and modify it all you want, but i want to see the changes. sounds fair. GPLv3 (ignoring the fix for the loophole with web applications) adds *nothing* to this premise. instead, it's used as an ideological club such that the conversation is now i have all these ideas about how software should and shouldnt be utilized, so if you want to use my software, you too now have to subscribe to my way of thinking and you have to show me the changes. so what does moving from GPLv2 to GPLv3 gain us in terms of protections ? nothing. it does however allow us to restrict the people who want to use u- boot to using it in only ways we've blessed. that's plain wrong in my eyes and none of our business in the first place. Wow, I was just about to compose a mail summarizing my point of view when I realized you had done it already :-) While I think fighting for extensible and hackable hardware is good, I think a software license is the wrong way to go about it. Let's stick to the proven model of GPLv2: You can use my software if I get to use your improvements. Trying to impose restrictions on this model in order to fight a different battle against restricted hardware will only make the software less attractive and hurt us in the long run. I think it is not a coincidence that devices which can be updated with arbitrary firmware sells pretty good in the meantime. Who buys routers capable of running OpenWRT because of their original firmware? then let your wallet/politicians do the talking. i certainly do -- i avoid purchasing any music/games encumbered with DRM, or companies that employ such methods. but i'm above going around and forcing people to think the way i do with licenses. Exactly. Hardware manufacturers already seem to recognize that open hardware designs lead to better sales, and that has _nothing_ to do with GPLv3 (though it may or may not have something to do with the Defective By Design campaign.) These are only my personal opinions; I'm not speaking for Atmel as a whole. Haavard ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Dear Haavard Skinnemoen, In message 20090707135141.79798...@hskinnemoen-d830 you wrote: While I think fighting for extensible and hackable hardware is good, I think a software license is the wrong way to go about it. Let's stick to the proven model of GPLv2: You can use my software if I get to use your improvements. Trying to impose restrictions on this model in order The point is that GPLv2 results in situations where you cannot use and modify your own software any more because it is protected and any versions you build don't run. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de Philosophy: A route of many roads leading from nowhere to nothing. - Ambrose Bierce ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Wolfgang Denk wrote: In message 20090707135141.79798...@hskinnemoen-d830 you wrote: While I think fighting for extensible and hackable hardware is good, I think a software license is the wrong way to go about it. Let's stick to the proven model of GPLv2: You can use my software if I get to use your improvements. Trying to impose restrictions on this model in order The point is that GPLv2 results in situations where you cannot use and modify your own software any more because it is protected and any versions you build don't run. But this is a problem with the _hardware_, not the software. I think placing restrictions on the hardware design is way outside the scope of a software license. Even if the hardware is restricted this way, you can still take the software, modify it, and run it on a different, better piece of hardware. If you play your cards right, you might even come out with a healthy profit as people see that your product based on unrestricted hardware is simply _better_ (which is a term I think covers more free as well.) In my experience, the most popular AVR-based boards are the ones that not only allow the firmware to be replaced freely, but which actively encourage modification by making lots of signals available through expansion headers. This kind of hackability can never be enforced through any kind of software license. Haavard ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Dear Haavard, In message 20090707155005.2e4a4...@hskinnemoen-d830 you wrote: The point is that GPLv2 results in situations where you cannot use and modify your own software any more because it is protected and any versions you build don't run. But this is a problem with the _hardware_, not the software. I think placing restrictions on the hardware design is way outside the scope of a software license. I'm only talking about software (code and data) here. If I cannot change (or just rebuild) the (Free!) software any more because to actually run it I need some secret data (like a signature) then this is still a software problem. One that can be prevented by releasing the software under adequate licensing terms. In my experience, the most popular AVR-based boards are the ones that not only allow the firmware to be replaced freely, but which actively encourage modification by making lots of signals available through expansion headers. This kind of hackability can never be enforced through any kind of software license. Agreed. Hardware should be hackable, too :-) (which includes documentation where you don't have to sell your soul and sign NDAs that are plain evil). Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de This message was made from 100% recycled electrons. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Wolfgang Denk wrote: I'm only talking about software (code and data) here. If I cannot change (or just rebuild) the (Free!) software any more because to actually run it I need some secret data (like a signature) then this is still a software problem. One that can be prevented by releasing the software under adequate licensing terms. The mechanism preventing reprogramming of the target device is not part of the software being licensed. So I just don't think it's reasonable for us to prevent the software from being used on such devices, even though I don't particularly like such restrictions either. This assuming GPLv3 actually does prevent such problems, of course. There seems to be a few loopholes in there, as others have pointed out (though I won't claim to fully understand it, which is another reason I'm not particularly fond of it.) Agreed. Hardware should be hackable, too :-) (which includes documentation where you don't have to sell your soul and sign NDAs that are plain evil). Absolutely. Haavard ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Dear Jon Smirl, In message 9e4733910907070828o7517b17td411ff88c62a8...@mail.gmail.com you wrote: I agree -- all ATMs, voting machines, slot machines, electricity meters, traffic lights, navigation systems, safety interlocks, etc should be hackable. I'm sure that no idiot teenager is going to change the firmware and allow an unsuspecting person to use the device. Aren't they? Just break the seal and use a screw driver and some other tools. And when it comes to some voting machines you don't even need this. You don't understand at all what we are talking about, or what security means and how gets implemented, or what certification procedures are about. There is no difference between conventional (even softwre-free electro-mechanical devices) and software. There is just a lot of clueless people. Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de The problem ... is typical to internet discussions where the less complex the problem is, the more idiots come in and think they have something to contribute :-) Ben Herrenschmidt in 1243495925.3171.134.ca...@pasglop ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Fri, Jul 03, 2009 at 09:47:20AM -0400, Richard Stallman wrote: You'd make me happy if I was able to access cable TV signals I have paid for without DRM. I think it is not quite correct to call cable scrambling DRM. DRM restricts the use of data you have a copy of. Cable scrambling prevents you from getting the data if you do not pay for the descrambler; however, as far as I know, once you do have the descrambler, and do get the data, it does not seriously impede your use of the data. It requires that I use a specific tuner, whereas unscrambled channels allow me to use any tuner (including one built into the TV, VCR, DVR, etc). Often this tuner must be rented from the cable company on a per-TV basis, in addition to the cost of subscribing to the channels -- and channel changing from a DVR must happen via a sluggish and sometimes error-prone infrared interface. It's not as bad as full DRM, sure, but it's more annoying than if they'd just filtered out the unsubscribed channels. -Scott ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
You'd make me happy if I was able to access cable TV signals I have paid for without DRM. I think it is not quite correct to call cable scrambling DRM. DRM restricts the use of data you have a copy of. Cable scrambling prevents you from getting the data if you do not pay for the descrambler; however, as far as I know, once you do have the descrambler, and do get the data, it does not seriously impede your use of the data. So this is more akin to buying a copy than to DRM. When I speak of abolishing DRM, it doesn't include this. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
If the cell phone operator's rule says that operating of a modified device should not effect non-modified devices in close proximity (jamming - which I think meets the materially and adversely affects the operation of the network statement) It makes no difference, because the text in GPLv3 says nothing about this. It does not say that the network operator power gets all power he might need to enforce whatever rules he may make. It only recognizes that he is allowed to deny access to use his own network. Right - but the cell phone provider should have the ability to alter the state of the device (not allow the radio to be turned on), so it can't adversely affects the operation of the network - shouldn't they? No, they should not have such power. And in fact they do not have such power, with phones not tied to one provider. It is impossible to stop people from making radio jammers, so it is pointless to go to excess just to block one of the many possible methods. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Fri, Jul 3, 2009 at 9:47 AM, Richard Stallmanr...@gnu.org wrote: You'd make me happy if I was able to access cable TV signals I have paid for without DRM. I think it is not quite correct to call cable scrambling DRM. DRM restricts the use of data you have a copy of. Cable scrambling prevents you from getting the data if you do not pay for the descrambler; however, as far as I know, once you do have the descrambler, and do get the data, it does not seriously impede your use of the data. So this is more akin to buying a copy than to DRM. When I speak of abolishing DRM, it doesn't include this. The encrypted digital cable signal comes out from the cable box as HDCP encrypted HDMI. Your TV securely decrypts this. A complex loop hole exists in the ability to re-digitize the analog component out signals. This is what a SlingBox does. The cable industry is on a schedule to remove component out two years from now. When component out is gone there will be no more analog hole. Broadcast TV signals are carried in the clear. That's five out of the 600 channels on a normal cable system. The other 595 are encrypted. Digital TV spells the end for the MythTV project and to some extent the death of TIVO. The only DVR you will be able to use is the one you rent from the cable company. So I am paying for those 595 channels with no ability to archive them under my control unless I rent a secured DVR from the cable company. I took the disk out of mine, the information on the disk is encrypted. Recently the head of the MPAA has been quoted as saying that the only fair use exemption is to use a video camera to photograph your TV. -- Jon Smirl jonsm...@gmail.com ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
While I probably would not want to change my glucometer, the practice of designing hardware so that people cannot change it is becoming more and more of a threat to our freedom in general. Can you be a bit more specific on this? Which devices are you aware of, that use GPLv2 code and avoid an update? This is a partial miscommunication -- I was talking more generally of designing hardware so that people cannot change it, so it controls them. Sometimes the hardware might contain tivoized software too, but that is an evil we already understand. The point that just struck me is that the hardware can be a system of control even aside from possible tivoization. But I don't have a list of examples. about a possibility which has already outworn itself (like DRM media, which seem to be getting more and more unpolular)? I wish we could regard DRM as a fading threat. In music we see a retreat from DRM, but in e-books the threat is increasing. I hope that our campaign against DRM is succeeding in building opposition. See DefectiveByDesign.org if you want to participate. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. The way I read that is that it is the unit you are on will have it's radio off, I think you have misinterpreted those words. Denying a user or a machine access to a network means cutting off communication in the network, not altering the machine. This clause is not an exception to the requirement for installation information. Cell phones must offer installation information just like other User Products. This clause says that, if a phone network operator sells you a phone with GPLv3-covered code, it does not thereby promise to continue trying providing service to the phone if your changes cause it not violate protocols and mess up network service. The operator is allowed to cut off service for this phone as it would any other malfunctioning phone. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
As it happens, Bison can also be used to develop non-free programs. This is because we decided to explicitly permit the use of the Bison standard parser program in Bison output files without restriction. We made the decision because there were other tools comparable to Bison which already permitted use for non-free programs. If you aren't happy that they help proprietary software - why not change the license to make it so? You recently had the chance to do that with the gcc runtime libraries - but you (or the FSF/GCC steering committee) also decided not to. I have a feeling those actions would backfire. Proprietary software is always bad, but that doesn't mean every possible attack against proprietary software is always good. http://www.fsf.org/licensing/licenses/gcc-exception-faq.html We decided to permit this because forbidding it seemed likely to backfire, and because using small libraries to limit the use of GCC seemed like the tail wagging the dog. I don't understand the how on one hand there is the uncompromising attitude on ethical issues (at least according to wikipedia) - but the FSF decides the practical considerations for other projects - the tail wagging the dog. The decision being discussed in that page is a decision for GCC, not a decision for other projects. (We can't decide for other projects.) The text describes why we did not put a stronger condition in a certain GCC license. How is the certification authority issue - whether is is a cell carrier (which the GPL3 says is an acceptable certification authority) and the FDA (which the GPL3 does not say is acceptable) determine when something is the tail or the dog? This has wandered rather far away from what the GPL says and from what I said. A cell phone carrier is not a certification authority, but the question is irrelevant to GPLv3 since it gives no special privilege to certification authorities. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thu, Jul 2, 2009 at 9:56 AM, Richard Stallmanr...@gnu.org wrote: about a possibility which has already outworn itself (like DRM media, which seem to be getting more and more unpolular)? I wish we could regard DRM as a fading threat. In music we see a retreat from DRM, but in e-books the threat is increasing. I hope that our campaign against DRM is succeeding in building opposition. See DefectiveByDesign.org if you want to participate. You'd make me happy if I was able to access cable TV signals I have paid for without DRM. I can't stand having to rent cable boxes everywhere for the sole purpose of decoding DRM that I don't want. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot -- Jon Smirl jonsm...@gmail.com ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thu 2 Jul 2009 09:56, Richard Stallman pondered: Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. The way I read that is that it is the unit you are on will have it's radio off, I think you have misinterpreted those words. Denying a user or a machine access to a network means cutting off communication in the network, not altering the machine. If the cell phone operator's rule says that operating of a modified device should not effect non-modified devices in close proximity (jamming - which I think meets the materially and adversely affects the operation of the network statement) - in a TDMA network (like GSM is) - the only way to enforce that rule - is on the client side - not on the network side. There is nothing on the network side you can do to stop that that I'm aware of. I'm aware that most devices today separate the datapump and the application processor, but this doesn't seem to be the trend - the trend is run both on the same CPU (as it decreases the cost). This clause is not an exception to the requirement for installation information. Cell phones must offer installation information just like other User Products. Right - but the cell phone provider should have the ability to alter the state of the device (not allow the radio to be turned on), so it can't adversely affects the operation of the network - shouldn't they? Or is this where one person's freedom (the ability to modify their phone, and turn it into a jamming device), is more important than the freedom of everyone else to actually use their phones on the same network. (Which actually - wouldn't be a completely bad idea - when I have been standing near someone talking too loud into their phone in a public place, I often wish for a jam the network app on my phone :) ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thursday 02 July 2009 10:44:39 Jon Smirl wrote: On Thu, Jul 2, 2009 at 9:56 AM, Richard Stallmanr...@gnu.org wrote: about a possibility which has already outworn itself (like DRM media, which seem to be getting more and more unpolular)? I wish we could regard DRM as a fading threat. In music we see a retreat from DRM, but in e-books the threat is increasing. I hope that our campaign against DRM is succeeding in building opposition. See DefectiveByDesign.org if you want to participate. You'd make me happy if I was able to access cable TV signals I have paid for without DRM. I can't stand having to rent cable boxes everywhere for the sole purpose of decoding DRM that I don't want. i'm fairly certain you can sue over that. i recall comcast or charter or some other large cable company getting spanked because they forced a lock in to their cable boxes thus preventing the consumer from using any other cable box provider. -mike signature.asc Description: This is a digitally signed message part. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Robin Getz wrote: On Thu 2 Jul 2009 09:56, Richard Stallman pondered: Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. The way I read that is that it is the unit you are on will have it's radio off, I think you have misinterpreted those words. Denying a user or a machine access to a network means cutting off communication in the network, not altering the machine. If the cell phone operator's rule says that operating of a modified device should not effect non-modified devices in close proximity (jamming - which I think meets the materially and adversely affects the operation of the network statement) - in a TDMA network (like GSM is) - the only way to enforce that rule - is on the client side - not on the network side. There is nothing on the network side you can do to stop that that I'm aware of. I'm aware that most devices today separate the datapump and the application processor, but this doesn't seem to be the trend - the trend is run both on the same CPU (as it decreases the cost). This clause is not an exception to the requirement for installation information. Cell phones must offer installation information just like other User Products. Right - but the cell phone provider should have the ability to alter the state of the device (not allow the radio to be turned on), so it can't adversely affects the operation of the network - shouldn't they? Or is this where one person's freedom (the ability to modify their phone, and turn it into a jamming device), is more important than the freedom of everyone else to actually use their phones on the same network. (Which actually - wouldn't be a completely bad idea - when I have been standing near someone talking too loud into their phone in a public place, I often wish for a jam the network app on my phone :) In the United States, most radio transmitters must be type accepted (certified) by the Federal Communications Commission. Modification voids the type acceptance, so operating a modified mobile phone on its original frequencies would be illegal regardless of what the phone company's rules say. However, no certification is necessary for transmitters operated according to the rules for the Amateur Radio Service. Thus, an licensed amateur could legally use a modified mobile phone, provided it transmitted on frequencies allocated for amateur radio and met the other requirements for amateur operation, including not causing harmful interference to other services. This has been the situation in the US for many years, and I believe almost all countries are at least as restrictive. Best regards, Larry ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thu 2 Jul 2009 12:11, Larry Johnson pondered: In the United States, most radio transmitters must be type accepted (certified) by the Federal Communications Commission. Modification voids the type acceptance, so operating a modified mobile phone on its original frequencies would be illegal regardless of what the phone company's rules say. However, no certification is necessary for transmitters operated according to the rules for the Amateur Radio Service. Thus, an licensed amateur could legally use a modified mobile phone, provided it transmitted on frequencies allocated for amateur radio and met the other requirements for amateur operation, including not causing harmful interference to other services. Assuming that the _licensed_ amateur could modify the phone enough that it _could_ operate on frequencies allocated for amateur use. The only thing that would be potentially close is a European GSM phone: Rx Tx E-GSM-900 880.0–915.0 925.0–960.0 MHz R-GSM-900 876.0–915.0 921.0–960.0 MHz T-GSM-900 870.4–876.0 915.4–921.0 MHz the US amateur band at 902 - 928 MHz. I don't think any of the CDMA phones are close enough to the amateur bands to have a hope of working - but I'm not as familiar with CDMA as GSM. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Robin Getz a écrit : On Thu 2 Jul 2009 09:56, Richard Stallman pondered: This clause is not an exception to the requirement for installation information. Cell phones must offer installation information just like other User Products. Right - but the cell phone provider should have the ability to alter the state of the device (not allow the radio to be turned on), so it can't adversely affects the operation of the network - shouldn't they? Or is this where one person's freedom (the ability to modify their phone, and turn it into a jamming device), is more important than the freedom of everyone else to actually use their phones on the same network. (Which actually - wouldn't be a completely bad idea - when I have been standing near someone talking too loud into their phone in a public place, I often wish for a jam the network app on my phone :) An operator can only deny the access to his network. It can't *legaly* modify the user device without the user agreement. A user is *technically* free to modify a device to do what he want. But it can't *legaly* emit a signal not in conformance to the relevant regulations. There is a lot of them in the case of the a GSM/3G device: http://www.3gpp.mobi/specifications Jean-Christian de Rivaz ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Not to go down a rat hole - but as a normal part of development of non-free software, people use emacs, gcc, and gdb all the time - you aren't proud of the contributions you made to those projects? Yes, I am, but not because they help proprietary software. What I set out to change is not the face of computing but rather its ethical heart. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Aneesh Chopra was Virginia s Fourth Secretary of Technology, and has recently been sworn in as the Federal CTO. I doubt I could get an appointment with such a high-ranked public servant without help from a high-ranked public master (businessman). But we can try. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
I can't see how someone can deny access to the network, while still allowing anyone's software to be run on the device, without some sort of key system in the networking hardware - is that what you had in mind? This is aimed at cell phone networks: it recognizes they are allowed to make the network refuse to talk to a phone if the users's changes cause the phone to screw up the network. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Wed, Jul 1, 2009 at 9:46 PM, Richard Stallmanr...@gnu.org wrote: I can't see how someone can deny access to the network, while still allowing anyone's software to be run on the device, without some sort of key system in the networking hardware - is that what you had in mind? This is aimed at cell phone networks: it recognizes they are allowed to make the network refuse to talk to a phone if the users's changes cause the phone to screw up the network. Interesting, you allow the hardware software designer to apply restrictions on the end user because their changes could 'screw up a network' but do not believe that the same restrictions apply when the changes could 'kill the user' I admire your efforts with the GPL in version 3 in order to stop a blatant abuse of free software. However, I agree with many others in this thread, there are cases where GPL3 went just a little too far. I think GPL3 should have stopped where legislation requires that the software running on the device be certified. I know you fear 'Big Corporations' pushing around governments to pass legislation like 'All Media Players must only allow software developed by the manufacturer of the device' and 'Any attempt to reverse engineer audio or video Codecs for use on non-proprietary systems is punishable by xyz'. But this is where advocates like yourself really need to stand tall - This argument goes way beyond Software Freedom - It bleeds into Copyright and Patents on algorithms, business methods, mathematical formula, DNA, arbitrary ideas - the list goes on. You seem a little reluctant to take this battle to this second (and arguably far more important) front. You have done a marvelous job of changing the attitudes of individuals and corporations towards software development. There are only a few pockets of resistance that fail to grok the fact that the more people can play with your code, the better it becomes at a fraction of the price. These pockets reacted by 'Tivosation' and 'Patents' - You tried to counter-punch by saying 'You are not allowed to be part of our community' rather than doing what you did with the source code - Prove that the system works better without the restrictions - Make the restrictions an encumbrance on those that embrace them just like the the non-free developers are now encumbered by not embracing software freedom ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Graeme Russ wrote: On Wed, Jul 1, 2009 at 9:46 PM, Richard Stallmanr...@gnu.org wrote: I can't see how someone can deny access to the network, while still allowing anyone's software to be run on the device, without some sort of key system in the networking hardware - is that what you had in mind? This is aimed at cell phone networks: it recognizes they are allowed to make the network refuse to talk to a phone if the users's changes cause the phone to screw up the network. Interesting, you allow the hardware software designer to apply restrictions on the end user because their changes could 'screw up a network' but do not believe that the same restrictions apply when the changes could 'kill the user' The network restriction makes an explicit distinction at an ownership boundary. The network statement quoted by Robin is: From the GPL3: Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Note that the network is owned by the service provider, *not* the end user. The end user is free to modify his gadget to his heart's content, but the service provider is *also* free to disallow that modified gadget from interacting with his (the service provider's) network. In other words, the modification permissiveness boundary matches the ownership boundary. Mapping this concept to the gaming world, I would say that gaming machine owners should be allowed the freedom to modify a gaming machine, but the casino (governmental regulatory agency) would also be free to disallow paying out any winnings to that machine. Public access to the modified machine should not be allowed because that crosses the ownership boundary. IOW, if *you* game the machine, *you* can play to *your* heart's content, but but the gaming (in both senses) is bounded at the machine's boundary and the ownership boundary. Mapping this to the medical world, you should be free to modify the firmware in medical devices 1) that you own and 2) are only used by yourself, as owner. Beyond that, there are already enough disclaimers that adding another disclaimer if you rewrite this firmware, you could kill yourself would be simple to add. Percentage-wise, it would probably add 1% to the pages of disclaimers already present. There are already innumerable ways of harming (many ways fatally) oneself with medicines and medical equipment and these are already (theoretically) exhaustively listed. When I pick up a subscription from a pharmacy, I am forced to wait for the pharmacist to make sure I understand the pages of how I could do myself great bodily harm and *literally* sign a document that I was instructed in the dangers. Add a firmware modification disclaimer and you are all set... theoretically. The classic warning sticker example is stepladders: http://www.michigan.gov/documents/cis_wsh_cet0403_103227_7.pdf Note that there is no interlock to prevent you from using the stepladder as a straight ladder or from using it on uneven slopes. tongueincheek Stepladder safety interlocks could be created - just think how much the world would save in emergency room costs if we eradicated stepladder injuries. /tongueincheek A related classic: http://1.bp.blogspot.com/_XEQbaTzjzsw/SGDiFJSSyyI/B5o/0NbNlsZI_5o/s320/unsafe+ladder+on+truck.jpg [snip] Best regards, gvb ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Wed 1 Jul 2009 07:45, Richard Stallman pondered: Not to go down a rat hole - but as a normal part of development of non-free software, people use emacs, gcc, and gdb all the time - you aren't proud of the contributions you made to those projects? Yes, I am, but not because they help proprietary software. http://www.fsf.org/licensing/licenses/gpl-faq.html#CanIUseGPLToolsForNF As it happens, Bison can also be used to develop non-free programs. This is because we decided to explicitly permit the use of the Bison standard parser program in Bison output files without restriction. We made the decision because there were other tools comparable to Bison which already permitted use for non-free programs. If you aren't happy that they help proprietary software - why not change the license to make it so? You recently had the chance to do that with the gcc runtime libraries - but you (or the FSF/GCC steering committee) also decided not to. http://www.fsf.org/licensing/licenses/gcc-exception-faq.html However, the FSF decided long ago to allow developers to use GCC's libraries to compile any program, regardless of its license. [snip] We decided to permit this because forbidding it seemed likely to backfire, and because using small libraries to limit the use of GCC seemed like the tail wagging the dog. I don't understand the how on one hand there is the uncompromising attitude on ethical issues (at least according to wikipedia) - but the FSF decides the practical considerations for other projects - the tail wagging the dog. How is the certification authority issue - whether is is a cell carrier (which the GPL3 says is an acceptable certification authority) and the FDA (which the GPL3 does not say is acceptable) determine when something is the tail or the dog? I just don't understand the difference? -Robin ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Wed 1 Jul 2009 07:46, Richard Stallman pondered: I can't see how someone can deny access to the network, while still allowing anyone's software to be run on the device, without some sort of key system in the networking hardware - is that what you had in mind? This is aimed at cell phone networks: it recognizes they are allowed to make the network refuse to talk to a phone if the users's changes cause the phone to screw up the network. There is a difference between the network not talking to you, and you not able to be on the network. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. The way I read that is that it is the unit you are on will have it's radio off, and you will not be able to use it, not the network will not talk to you. You could apply the same thing to VoIP phones... When manufacture makes a VoIP phone, they test it against various networking tests (all internal, since they are not required to release this info) to make sure that it acts properly on the network. They sign this image to make sure that flash is not failing. If something doesn't match the signature - how can the manufacture believe that is doesn't violate the rules or protocols of ethernet? So - it denies access to the network - by not booting that image. That is the only way that they can deny access to the network all SoC variations that I'm familiar with. This is in no way trying to interperate the GPL3 for others (that is for lawyers to do) - but just a question from an interested developer - to me - it seems like tivo all over again. All Tivo needs to do is just make the network a piece of their application - and they have an out... -Robin ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Portable hand held medical devices - such as Glucometers. They fall into both categories. They are medical devices, who's bad software could cause a user to give them selves too much insulin (hypoglycemia - pass out - seizure - death), or too little insulin (Hyperglycaemia - stupor - coma - death). That would be a good reason for the user not to change the software in this device. However, that does not mean he should be stopped. After all, the user could also change the circuitry in the device, if he is inclined to do so. That too could make it give bad readings. So what? We do not need a nanny state stopping people from going out of their way to take risks. Warning them is enough. They are marketted, and purchased by end consumers (Amazon shows 115 results in their search), and I would think that would make them fall into the User Products. These are indeed User Products, and the user who buys them should have control over what they do. I hope that you can respect my choice - and not try to convince me or others that your choices are superior to mine. If your mind is made up, I will not pointlessly annoy you by trying to convince you. I will continue trying to convince others. In 1983, almost everyone thought my ideas were foolish, but I did not let that stop me, so now we have the GNU/Linux operating system. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Files without a copyright notice and a license notice are a legal problem. Legally, every file is copyrighted. If there's no copyright notice, that just means it gives no info about who the copyright holder is. The lack of a license notice is a problem. If the file is trivial, just a few lines, maybe it does not matter. But otherwise, if there is no license, that means it doesn't give people permission to copy or change or redistribute the file. Perhaps even the U-boot developers don't have this permission. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Richard Stallman wrote: Files without a copyright notice and a license notice are a legal problem. Legally, every file is copyrighted. If there's no copyright notice, that just means it gives no info about who the copyright holder is. The lack of a license notice is a problem. If the file is trivial, just a few lines, maybe it does not matter. But otherwise, if there is no license, that means it doesn't give people permission to copy or change or redistribute the file. Perhaps even the U-boot developers don't have this permission. Agreed. I was just doing a simplistic grep looking for fingerprints of GPL and BSD licenses and I did not find them in 436 files. I looked at a couple of files to confirm that my greping wasn't over simplistic (it wasn't in the cases I checked). I also did not see any licenses other than GPL or BSD, but I did not look at many of the files in question so it is possible that there are other licenses out there, but probably not. I did *not* analyze the files for complexity and appropriateness of copyright/license information in the file. That should be done regardless of the results of the GPLv3 debate and the files that should have copyright/license information in their headers need to be either fixed or replaced. Best regards, gvb ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi Jerry, thanks a lot for your work of analyzing the current situation - I appreciate that very much. I did *not* analyze the files for complexity and appropriateness of copyright/license information in the file. That should be done regardless of the results of the GPLv3 debate and the files that should have copyright/license information in their headers need to be either fixed or replaced. Yes indeed - it has become more than clear that we have to get clean on this front now, regardless of any licensing changes. Everyone who wants to help on this front is invited to do so. Hopefully git can help us track down people if we need to. If it turns out to be of help, I can surely dig up the last CVS repository before the conversion to git. Cheers Detlev -- Wenn ein Kopf und ein Buch zusammenstossen und es klingt hohl; ist denn das allemal im Buche? - Lichtenberg -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: d...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Richard Stallman wrote: In 1983, almost everyone thought my ideas were foolish, but I did not let that stop me, so now we have the GNU/Linux operating system. BTW, thanks for that, and GCC, and all that follows... We've all been enriched by your efforts. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Mon, Jun 29, 2009 at 10:03:09PM -0400, Jerry Van Baren wrote: Total number of files that are GPLv2: $ grep -i -r 'Free Software Foundation' * | grep -i 'version 2' ~/ugplv2.txt $ wc -l ~/ugplv2.txt 4588 This assumes version 2 and Free Software Foundation are on the same line... 76 files are GPLv2 *ONLY*: $ grep -i -v 'either version 2' ~/ugplv2.txt | awk '{print $1}' | sed 's/:$//' ...causing drivers/mtd/nand/nand_base.c, for example, to be missed here. -Scott ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
That would be a good reason for the user not to change the software in this device. However, that does not mean he should be stopped. The FDA disagrees :) Governments often oppose people's freedom. That is why fighting for freedom is hard. They add requirements to ensure they detect faulty devices. It is a fact of physics that flash devices go bad over time - I'm sure even you appreciate the ability to know if something in your devices is the image that you thought it is, and doesn't have bit errors. That sounds like a good feature. But if it is done in a way that permits the manufacturer to change the software after sale, then it can be done in a way that permits the owner to change the software too. All the circuitry are integrated circuits. There are very few (none) external components to modify. Test strips are connected directly to the measurement IC, and the measurement IC is connected directly the the processor. I did not know that. Thank you for the information. While I probably would not want to change my glucometer, the practice of designing hardware so that people cannot change it is becoming more and more of a threat to our freedom in general. If a product is required to be locked down by a certifying authority, (whom ever that may be), they can't use GPL3 code. If the users' freedom is protected by GPLv3, the certifying authority that attacks users' freedom blocks the use of this code. While I recognize that developers who get in the middle of this battle did not cause the battle, I will not surrender the fight just for their sake. This really has nothing to do with tivoization, since in the Tivo case - they had no greater certification authority - and were just trying to restrict people's use. These companies (if I understand the facts correctly from what people have said here) are doing the same thing to the user that tivo does, so it is equally wrong. The wrong is not in their motive, it is in what they do. Suppose there were an official certification authority for video players. (Hollywood could probably buy such a law if it wanted to; Obama would be glad to sign it.) Would that make the tivo ok? Obviously not. Thus, the existence of a certification authority does not alter the concluisions about the ethical issue of tivoization. I support effective steps to protect safety for the users of medical devices. But, as I've explained above, that does not require tivoization, so it does not excuse tivoization either. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
That is great - and I applaud your efforts. I think that the work you are doing is valuable, and the contributions you have made have been critically important to the free and closed software developments that people to today. If you mean that my work has contrubuted to non-free software developments, I am not proud of that. It is not a good thing that people develop or use non-free software. (I don't refer to proprietary software as closed source, since what I advocate is not open source.) ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Maybe you should be working with these types of certification authorities, rather than individual developers? I would be glad to do so. I have no contacts in the FDA, and I am not so famous that mere mention of my name would make them pay attention. But maybe some of these developers could introduce me to someone useful to talk with. If you know them, would you like to try? I'm sure that you could get a meeting with Ms Hamburg or Aneesh Chopra before I could Who are they? Can you tell me how to contact them? http://www.fda.gov/AboutFDA/CommissionersPage/default.htm I will send mail to fetch that page. If I see any chance of discussing this with them, I will at that point want to read the relevant certifications so that I can speak with them fully briefed. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
BTW, thanks for that, and GCC, and all that follows... I am glad it is useful. I hope people will recall once in a while that I did this so that users could control their computing. I wrote the GNU GPL (all versions) towards this same end. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Tue 30 Jun 2009 15:12, Richard Stallman pondered: That is great - and I applaud your efforts. I think that the work you are doing is valuable, and the contributions you have made have been critically important to the free and closed software developments that people to today. If you mean that my work has contrubuted to non-free software developments, I am not proud of that. It is not a good thing that people develop or use non-free software. Not to go down a rat hole - but as a normal part of development of non-free software, people use emacs, gcc, and gdb all the time - you aren't proud of the contributions you made to those projects? I was trying to say that your efforts have changed the face of computing in general, in both that it has created the free and non-free software software categories, and helped inform users of their freedoms they should be expecting. To use someone else's words - an IDC 2006 study Open Source in Global Software: Market Impact, Disruption, and Business Models described free software and open source as the most significant all-encompassing and long-term trend that the software industry has seen since the early 1980s and found that over 70 percent of all developers are leveraging open-source and free software. In any movement - there needs to be the golden standard - that is unwavering in its ethics and standards. Not everyone likes that standard - but it needs to be there. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Tue 30 Jun 2009 15:12, Richard Stallman pondered: While I probably would not want to change my glucometer, the practice of designing hardware so that people cannot change it is becoming more and more of a threat to our freedom in general. It is simple economics - it is about consumers making choices. Most people in the general public don't _want_ to change anything, so they buy the cheapest unit. The price of that unit drops as the volume goes up. The suppliers compete, and integrate more into their ICs. The price drops more, and consumers line up to buy more, since the price is now cheaper. People don't know what they are loosing if they don't know it exists. If a product is required to be locked down by a certifying authority, (whom ever that may be), they can't use GPL3 code. If the users' freedom is protected by GPLv3, the certifying authority that attacks users' freedom blocks the use of this code. While I recognize that developers who get in the middle of this battle did not cause the battle, I will not surrender the fight just for their sake. So understand where the fight needs to take place. It's not at the developer level - its at the regulator level. This really has nothing to do with tivoization, since in the Tivo case - they had no greater certification authority - and were just trying to restrict people's use. These companies (if I understand the facts correctly from what people have said here) are doing the same thing to the user that tivo does, so it is equally wrong. The wrong is not in their motive, it is in what they do. Suppose there were an official certification authority for video players. (Hollywood could probably buy such a law if it wanted to; Obama would be glad to sign it.) Would that make the tivo ok? Obviously not. Thus, the existence of a certification authority does not alter the concluisions about the ethical issue of tivoization. So - why does the the GPL3 have an out for networking? (which is going to be abused). From the GPL3: Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. I can't see how someone can deny access to the network, while still allowing anyone's software to be run on the device, without some sort of key system in the networking hardware - is that what you had in mind? I support effective steps to protect safety for the users of medical devices. But, as I've explained above, that does not require tivoization, so it does not excuse tivoization either. I understand the moral dilemma, and your viewpoint. Unfortunately, no one who writes the standards is asking my (or anyone on this list's) opinion of what the certification process is. -Robin ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Tue 30 Jun 2009 15:12, Richard Stallman pondered: Maybe you should be working with these types of certification authorities, rather than individual developers? I would be glad to do so. I have no contacts in the FDA, and I am not so famous that mere mention of my name would make them pay attention. But maybe some of these developers could introduce me to someone useful to talk with. If you know them, would you like to try? Can't promise much - but I can poke around. I'm sure that you could get a meeting with Ms Hamburg or Aneesh Chopra before I could Who are they? Can you tell me how to contact them? Aneesh Chopra was Virginia’s Fourth Secretary of Technology, and has recently been sworn in as the Federal CTO. http://radar.oreilly.com/2009/04/aneesh-chopra-great-federal-cto.html http://www.fda.gov/AboutFDA/CommissionersPage/default.htm I will send mail to fetch that page. If I see any chance of discussing this with them, I will at that point want to read the relevant certifications so that I can speak with them fully briefed. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Jerry Van Baren wrote: The discussion has mostly been emotional to date. Here are some statistics (not necessarily perfect, but pretty close)... Total number of files (after removing the .git files): $ find . -type f | wc -l 6055 Number of files that are identified as being copyrighted: $ grep -l -i -r 'Copyright' * | wc -l 5173 List of files with copyrights: $ grep -l -i -r 'Copyright' * | sort ~/ucopy.txt List of all files: $ find . -type f | sed 's/.\///' | sort ~/ufiles.txt List of files *WITHOUT* the string copyright in them: $ comm -3 ~/ufiles.txt ~/ucopy.txt ~/nocopyright.txt Of the above, 130 of the files have the GPL in the header but not the string copyright - incomplete headers: for file in `cat ~/nocopyright.txt` ; do grep -il 'General Public License' $file ; done | wc -l 130 - Improving my fingerprinting (thanks, Scott): Total number of files that are GPLv2. Sometimes the FSF and GPL strings are split across lines. This assumes that one of the two strings is all on one line. Still simplistic, but less so. Another important disclaimer: a lot of the GPLv2-ONLY files come from the linux kernel (see the list below). If and when we move to the U-Boot v2 driver interface, where we will be able to use linux drivers more easily, the number of GPLv2-ONLY driver files will likely increase. $ grep -i -l -r 'Free Software Foundation' * | sort ufsf.txt $ grep -i -l -r 'General Public License' * | sort ugpl.txt $ cat ufsf.txt ugpl.txt | sort -u ugplv2.txt $ wc -l ugplv2.txt 4798 ugplv2.txt $ cat ugplv2.txt | xargs grep 'either version 2' | awk '{print $1}' | sed 's/:#*//' ugplv2-or-later.txt $ wc -l ugplv2-or-later.txt 4539 ugplv2-or-later.txt $ for file in `cat ugplv2.txt` ; do grep -il 'version 2' $file ; done | wc -l 4763 Looking for GPLv2 ONLY files (has some false positives): $ comm -23 ugplv2.txt ugplv2-or-later.txt ugplv2-only.txt After reviewing the files, I come up with 233 GPLv2-only files: $ wc -l ugplv2-only.txt 233 ugplv2-only.txt $ cat ugplv2-only.txt board/amirix/ap1000/ap1000.c board/amirix/ap1000/ap1000.h board/amirix/ap1000/init.S board/atum8548/ddr.c board/freescale/common/pq-mds-pib.c board/freescale/common/pq-mds-pib.h board/freescale/mpc8323erdb/mpc8323erdb.c board/freescale/mpc8536ds/ddr.c board/freescale/mpc8540ads/ddr.c board/freescale/mpc8541cds/ddr.c board/freescale/mpc8544ds/ddr.c board/freescale/mpc8548cds/ddr.c board/freescale/mpc8555cds/ddr.c board/freescale/mpc8560ads/ddr.c board/freescale/mpc8568mds/ddr.c board/freescale/mpc8569mds/ddr.c board/freescale/mpc8572ds/ddr.c board/freescale/mpc8610hpcd/ddr.c board/freescale/mpc8641hpcn/ddr.c board/freescale/p2020ds/ddr.c board/linkstation/hwctl.c board/micronas/vct/smc_eeprom.c board/ml2/flash.c board/ml2/init.S board/ml2/ml2.c board/mpc8540eval/ddr.c board/mvblue/mvblue.c board/netstar/crcek.S board/netstar/eeprom.c board/netstar/eeprom_start.S board/pm854/ddr.c board/pm856/ddr.c board/sbc8548/ddr.c board/sbc8560/ddr.c board/sbc8641d/ddr.c board/socrates/ddr.c board/stxgp3/ddr.c board/stxssa/ddr.c board/voiceblue/eeprom.c board/voiceblue/eeprom_start.S board/voiceblue/Makefile board/voiceblue/setup.S board/voiceblue/voiceblue.c board/xes/xpedite5200/ddr.c common/cmd_onenand.c common/cmd_ubi.c common/ddr_spd.c cpu/arm926ejs/omap/cpuinfo.c cpu/mpc85xx/ddr-gen1.c cpu/mpc85xx/ddr-gen2.c cpu/mpc85xx/ddr-gen3.c cpu/mpc86xx/ddr-8641.c cpu/mpc86xx/fdt.c cpu/mpc8xxx/ddr/common_timing_params.h cpu/mpc8xxx/ddr/ctrl_regs.c cpu/mpc8xxx/ddr/ddr1_dimm_params.c cpu/mpc8xxx/ddr/ddr2_dimm_params.c cpu/mpc8xxx/ddr/ddr3_dimm_params.c cpu/mpc8xxx/ddr/ddr.h cpu/mpc8xxx/ddr/lc_common_dimm_params.c cpu/mpc8xxx/ddr/main.c cpu/mpc8xxx/ddr/Makefile cpu/mpc8xxx/ddr/options.c cpu/mpc8xxx/ddr/util.c drivers/bios_emulator/atibios.c drivers/bios_emulator/besys.c drivers/gpio/pca953x.c drivers/i2c/fsl_i2c.c drivers/misc/ds4510.c drivers/mmc/omap3_mmc.c drivers/mmc/pxa_mmc.h drivers/mtd/mtdcore.c drivers/mtd/nand/nand_base.c drivers/mtd/nand/nand_bbt.c drivers/mtd/nand/nand.c drivers/mtd/nand/nand_ids.c drivers/mtd/nand/nand_util.c drivers/mtd/onenand/onenand_base.c drivers/mtd/onenand/onenand_bbt.c drivers/mtd/onenand/onenand_uboot.c drivers/mtd/ubi/crc32.c drivers/net/5701rls.c drivers/net/5701rls.h drivers/net/ax88180.c drivers/net/ax88180.h drivers/net/bcm570x_autoneg.c drivers/net/bcm570x_autoneg.h drivers/net/bcm570x_bits.h drivers/net/bcm570x_debug.h drivers/net/bcm570x_lm.h drivers/net/bcm570x_mm.h drivers/net/bcm570x_queue.h drivers/net/dnet.c drivers/net/dnet.h drivers/net/natsemi.c drivers/net/nicext.h drivers/net/ns8382x.c drivers/net/tigon3.c drivers/net/tigon3.h drivers/net/vsc7385.c drivers/pci/fsl_pci_init.c drivers/rtc/rs5c372.c drivers/serial/arm_dcc.c drivers/usb/host/ehci-core.h drivers/usb/host/ehci.h drivers/usb/host/ehci-hcd.c drivers/usb/host/ehci-pci.c drivers/usb/host/r8a66597.h
Re: [U-Boot] U-book and GPLv3? (fwd)
Richard, Richard Stallman wrote: While I probably would not want to change my glucometer, the practice of designing hardware so that people cannot change it is becoming more and more of a threat to our freedom in general. Can you be a bit more specific on this? Which devices are you aware of, that use GPLv2 code and avoid an update? Except the once we were discussing here where it is questionable wheter the user actual should refrain from doing so, like medical devices and safety critical devices? We heard about Tivo, but what other devices are there? Or are we talking about a possibility which has already outworn itself (like DRM media, which seem to be getting more and more unpolular)? wkr, Thomas. -- Embedded Brains GmbH Thomas DoerflerObere Lagerstrasse 30 D-82178 Puchheim Germany email: thomas.doerf...@embedded-brains.de Phone: +49-89-18908079-2 Fax: +49-89-18908079-9 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Richard, Richard Stallman wrote: Wouldn't it make sense to add a paragraph to the GPL, stating that a company using GPL software in their system must also provide all that documentation to their customers? Only then the SW modification can be properly done? It is not possible for a software license to require this in general. It may be possible to require this in the case where the software is delivered with a product. For GPLv4, we could think about whether this is a good idea. But we are not yet working on a GPLv4. Obviously I should have set the ironic tag explicitly. Please don't do that. And if you do, please don't point to me as the originator of that idea. Because I think my idea is bad. wkr, Thomas. -- Embedded Brains GmbH Thomas DoerflerObere Lagerstrasse 30 D-82178 Puchheim Germany email: thomas.doerf...@embedded-brains.de Phone: +49-89-18908079-2 Fax: +49-89-18908079-9 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
In article pine.lnx.4.64ksi.0906271550150.14...@home-gw.koi8.net, k...@koi8.net says... On Sat, 27 Jun 2009, Jean-Christophe PLAGNIOL-VILLARD wrote: and this is why i dislike the GPLv3. the GPLv2 was all about the source, so the conversation between developers and everyone else was you can take my source and modify it all you want, but i want to see the changes. sounds fair. GPLv3 (ignoring the fix for the loophole with web applications) adds *nothing* to this premise. instead, it's used as an ideological club such that the conversation is now i have all these ideas about how software should and shouldnt be utilized, so if you want to use my software, you too now have to subscribe to my way of thinking and you have to show me the changes. so what does moving from GPLv2 to GPLv3 gain us in terms of protections ? nothing. it does however allow us to restrict the people who want to use u- boot to using it in only ways we've blessed. that's plain wrong in my eyes and none of our business in the first place. I think it is not a coincidence that devices which can be updated with arbitrary firmware sells pretty good in the meantime. Who buys routers capable of running OpenWRT because of their original firmware? then let your wallet/politicians do the talking. i certainly do -- i avoid purchasing any music/games encumbered with DRM, or companies that employ such methods. but i'm above going around and forcing people to think the way i do with licenses. agreed with Mike. Second that. --- ** * k...@homeKOI8 Net The impossible we do immediately. Third that. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thu 25 Jun 2009 10:41, Detlev Zundel pondered: Hi Mike, It is this certification is only possible like we say attitude which I seriously question. whether you question this attitude doesnt matter. you arent a lawyer in general, you arent a lawyer for these companies, and you arent indemnifying them. their legal review says that it's a requirement, so it is now a requirement for the software. anything beyond that is irrelevant. Now was this so hard? This is actually an important fact that it is a legal requirement for a company - thanks. As a quick web research did not help, if this is a legal requirement, then can you point me to the law which requires such a thing? As Mike said - there are many organisations which require this. Some from a legal standpoint, some from a certification standpoint. It depends on the end product. Your ability not to find them doesn't change the fact that they do exist. Search for: IEC 61508-3 : Functional safety of E/E/PE safety-related systems Part 3: Software requirements http://en.wikipedia.org/wiki/IEC_61508 IEC 601-1-4 : Safety Requirements for Programmable Electronic Medical Systems ANSI/UL 1998 : Standard for Safety Software in Programmable Components There are other that are industry specific - the gambling industry is a good one (that ksi already pointed out) http://gaming.nv.gov/stats_regs/reg14_tech_stnds.pdf 1.080 Control program requirements. (a) Employ a mechanism approved by the chairman which verifies that all control program components, including data and graphic information, are authentic copies of the approved components. The chairman may require tests to verify that components used by Nevada licensees are approved components. The verification mechanism must have an error rate of less than 1 in 10 to the 38th power and must prevent the execution of any control program component if any component is determined to be invalid. That doesn't use the words secure boot - but if that is what the chairman of the Nevada gaming commision decides - then that is what is is... As Mike has stated - we work on many devices who's products would fall under the GPL 3's “User Products” category - who's manufactures have told us No GPL3. They have this right - the right to use the software - or the right to choose something else. They have indicated they will exercise this right - so far - I believe them. If Wolfgang decides to remove all the GPL-2 only code, and re-write that, and release U-Boot under GPL-3 - that is his right - he needs to do the things that let him sleep better at night. If he decides to do so - it just means that I will need to exercise my rights - and either fork, or go work on MicroMonitor - neither are really that appealing for me - but they are the only choice I have with a GPL-3 U-Boot. Part of any freedom is the freedom to have an amicable disagreement, and make an alternative choice. I will only need to make that choice when I see a commit to: http://git.denx.de/cgi-bin/gitweb.cgi?p=u-boot.git;a=blob;f=COPYING;hb=HEAD which updates it to GPL3. Until then - it is just time wasted, when I should be doing more productive things. :) -Robin Although this is a bad analogy for the existing topic - I have always told my kids - part of freedom is the right to make choices, and allow others to make choices you don't agree with. If you choose to believe your water bottle is some sort of deity, and want to worship it - that is fine. I'll stand up and defend your rights to do so. I will still think you are nuts and will not join you in your water bottle worship (no offence meant to any existing, future or past water bottle worshippers). Freedom does not mean my freedom - it is not my right to enforce my belief system on you, but my obligation to stand and defend your rights to do something I don't like. Pushing one's person's belief system on another belongs in comp.sys.mac.advocacy and no where else. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Mon, Jun 29, 2009 at 4:56 PM, Arno Fischera.f@novotech.co.at wrote: In article pine.lnx.4.64ksi.0906271550150.14...@home-gw.koi8.net, k...@koi8.net says... On Sat, 27 Jun 2009, Jean-Christophe PLAGNIOL-VILLARD wrote: and this is why i dislike the GPLv3. the GPLv2 was all about the source, so the conversation between developers and everyone else was you can take my source and modify it all you want, but i want to see the changes. sounds fair. GPLv3 (ignoring the fix for the loophole with web applications) adds *nothing* to this premise. instead, it's used as an ideological club such that the conversation is now i have all these ideas about how software should and shouldnt be utilized, so if you want to use my software, you too now have to subscribe to my way of thinking and you have to show me the changes. so what does moving from GPLv2 to GPLv3 gain us in terms of protections ? nothing. it does however allow us to restrict the people who want to use u- boot to using it in only ways we've blessed. that's plain wrong in my eyes and none of our business in the first place. I think it is not a coincidence that devices which can be updated with arbitrary firmware sells pretty good in the meantime. Who buys routers capable of running OpenWRT because of their original firmware? then let your wallet/politicians do the talking. i certainly do -- i avoid purchasing any music/games encumbered with DRM, or companies that employ such methods. but i'm above going around and forcing people to think the way i do with licenses. agreed with Mike. Second that. --- ** * ...@home KOI8 Net The impossible we do immediately. Third that. Arno: I thought only main developers could state their opinion regarding this? You don't seem to be that according to git-log. Detlev: If one-line patch contributers are allowed to vote (which may not be fair), my vote goes for GPLv3. Keep fighting for freedom ;-) ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Monday 29 June 2009 11:27:35 Frank Svendsbøe wrote: On Mon, Jun 29, 2009 at 4:56 PM, Arno Fischera.f@novotech.co.at wrote: Third that. Arno: I thought only main developers could state their opinion regarding this? You don't seem to be that according to git-log. the question is posed to the community -mike signature.asc Description: This is a digitally signed message part. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi Frank, Arno: I thought only main developers could state their opinion regarding this? You don't seem to be that according to git-log. Detlev: If one-line patch contributers are allowed to vote (which may not be fair), my vote goes for GPLv3. Keep fighting for freedom ;-) We're not holding a formal vote here - reread the beginning - Wolfgang wrote: I know that we have had similar discussions before (see for example http://thread.gmane.org/gmane.comp.boot-loaders.u-boot/24029), but I would like to take the chance and re-poll what the community's opinion about this is. The fact that you read this mailing list is probably a good proof that you both are part of the U-Boot community, so actually I appreciate both inputs. Thanks Detlev -- error compiling committee.c: too many arguments to function -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: d...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
As Mike has stated - we work on many devices who's products would fall under the GPL 3's User Products category - who's manufactures have told us No GPL3. Would you like to describe one such product? All the product types discussed so far are outside the category of User Products. The laws you cites also seem to apply to things which are not User Products. They have this right - the right to use the software - or the right to choose something else. They have indicated they will exercise this right - so far - I believe them. If a company seeks to restrict users like you and me, I strongly hope my software does not help them. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Mon 29 Jun 2009 14:48, Richard Stallman pondered: As Mike has stated - we work on many devices who's products would fall under the GPL 3's User Products category - who's manufactures have told us No GPL3. Would you like to describe one such product? Portable hand held medical devices - such as Glucometers. They fall into both categories. They are medical devices, who's bad software could cause a user to give them selves too much insulin (hypoglycemia - pass out - seizure - death), or too little insulin (Hyperglycaemia - stupor - coma - death). Yeah, death is over the top - as most diabetics understand their body well enough not recognise the signs much before the pass out stages - but for the person who isn't familiar with things - it is possible. They are marketted, and purchased by end consumers (Amazon shows 115 results in their search), and I would think that would make them fall into the User Products. All the product types discussed so far are outside the category of User Products. The laws you cites also seem to apply to things which are not User Products. I don't think I had any links to laws - only specifications. Years ago - I helped develop a cloths dryer which needed to pass UL 1998 - since the cut off switch (open the door, the dryer stops spinning), was a GPIO on a 8-bit microcontroller... White goods are as consumer/user products as you can get - all need to pass some sort of safety spec, when software failures can hurt people. They have this right - the right to use the software - or the right to choose something else. They have indicated they will exercise this right - so far - I believe them. If a company seeks to restrict users like you and me, I strongly hope my software does not help them. And I think that is great that you feel like that. You have every right to limit the use of the software you write and support - just like I have that same right not to feel the same way. I feel that companies should have the right to choose how to use the software I develop, as long they give things back, and I can use it on _my_ hardware (which the GPL2 allows/encourages) - I don't really care what they do on their hardware. That is their business, not mine. I hope that you can respect my choice - and not try to convince me or others that your choices are superior to mine. -Robin ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
The discussion has mostly been emotional to date. Here are some statistics (not necessarily perfect, but pretty close)... Total number of files (after removing the .git files): $ find . -type f | wc -l 6055 Number of files that are identified as being copyrighted: $ grep -l -i -r 'Copyright' * | wc -l 5173 List of files with copyrights: $ grep -l -i -r 'Copyright' * | sort ~/ucopy.txt List of all files: $ find . -type f | sed 's/.\///' | sort ~/ufiles.txt List of files *WITHOUT* the string copyright in them: $ comm -3 ~/ufiles.txt ~/ucopy.txt ~/nocopyright.txt Of the above, 130 of the files have the GPL in the header but not the string copyright - incomplete headers: for file in `cat ~/nocopyright.txt` ; do grep -il 'General Public License' $file ; done | wc -l 130 - Total number of files that are GPLv2: $ grep -i -r 'Free Software Foundation' * | grep -i 'version 2' ~/ugplv2.txt $ wc -l ~/ugplv2.txt 4588 Number of files that are GPLv2 *or later*: $ grep -i -r 'Free Software Foundation' * | grep -i 'either version 2' | wc -l 4512 76 files are GPLv2 *ONLY*: $ grep -i -v 'either version 2' ~/ugplv2.txt | awk '{print $1}' | sed 's/:$//' board/stxgp3/ddr.c board/netstar/eeprom_start.S board/sbc8560/ddr.c board/mpc8540eval/ddr.c board/socrates/ddr.c board/pm856/ddr.c board/freescale/p2020ds/ddr.c board/freescale/mpc8541cds/ddr.c board/freescale/mpc8641hpcn/ddr.c board/freescale/mpc8555cds/ddr.c board/freescale/mpc8536ds/ddr.c board/freescale/mpc8568mds/ddr.c board/freescale/mpc8548cds/ddr.c board/freescale/mpc8610hpcd/ddr.c board/freescale/mpc8544ds/ddr.c board/freescale/mpc8560ads/ddr.c board/freescale/mpc8572ds/ddr.c board/freescale/mpc8569mds/ddr.c board/freescale/mpc8540ads/ddr.c board/atum8548/ddr.c board/stxssa/ddr.c board/xes/xpedite5200/ddr.c board/voiceblue/voiceblue.c board/voiceblue/eeprom_start.S board/voiceblue/setup.S board/pm854/ddr.c board/sbc8641d/ddr.c board/sbc8548/ddr.c common/ddr_spd.c cpu/mpc86xx/fdt.c cpu/mpc86xx/ddr-8641.c cpu/mpc85xx/ddr-gen3.c cpu/mpc85xx/ddr-gen2.c cpu/mpc85xx/ddr-gen1.c cpu/mpc8xxx/ddr/ctrl_regs.c cpu/mpc8xxx/ddr/Makefile cpu/mpc8xxx/ddr/ddr.h cpu/mpc8xxx/ddr/ddr2_dimm_params.c cpu/mpc8xxx/ddr/common_timing_params.h cpu/mpc8xxx/ddr/ddr1_dimm_params.c cpu/mpc8xxx/ddr/options.c cpu/mpc8xxx/ddr/main.c cpu/mpc8xxx/ddr/util.c cpu/mpc8xxx/ddr/ddr3_dimm_params.c cpu/mpc8xxx/ddr/lc_common_dimm_params.c drivers/gpio/pca953x.c drivers/pci/fsl_pci_init.c drivers/misc/ds4510.c drivers/mtd/nand/nand.c drivers/i2c/fsl_i2c.c drivers/usb/host/ehci-pci.c drivers/usb/host/r8a66597.h drivers/usb/host/ehci.h drivers/usb/host/r8a66597-hcd.c drivers/usb/host/ehci-core.h drivers/usb/host/ehci-hcd.c drivers/mmc/omap3_mmc.c include/asm-ppc/fsl_ddr_sdram.h include/asm-ppc/fsl_i2c.h include/asm-ppc/fsl_dma.h include/asm-ppc/mpc8xxx_spi.h include/asm-ppc/fsl_ddr_dimm_params.h include/pca953x.h include/ds4510.h include/configs/MPC8610HPCD.h include/configs/voiceblue.h include/spi_flash.h include/ddr_spd.h include/asm-m68k/fsl_i2c.h include/addr_map.h include/sha1.h include/nand.h include/asm-arm/arch-omap3/mmc.h include/asm-arm/arch-omap3/mmc_host_def.h lib_generic/sha1.c lib_generic/addr_map.c Number of files that are BSD licensed (but the seven (7) libfdt files are dual-licensed GPLv2 or later / BSD): $ grep -r 'EXPRESS OR IMPLIED WARRANTIES' * | wc -l 156 Number of doc/* files (most have no copyright statement): $ find doc/ -type f | wc -l 147 Number of doc/* files that *do* have a copyright statement: $ grep -il copyright doc/* | wc -l 15 This implies... 156 -7 = 149 files use the BSD license (7 dual licensed) 5173 - 4588 - 149 = 436 files have license header problems or a different license? 6055 - 5173 = 882 files don't have a copyright statement in them. 147 - 15 = 132 doc/* files have no copyright 882 - 132 = 750 files are not doc/* files and don't have copyright Best regards, gvb ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Saturday 27 June 2009 16:07:36 Richard Stallman wrote: then i guess since u-boot is already doing what is right, this thread is a big waste of time I hope the main developers of U-Boot will conclude that it is right to move to GPLv3. guess that depends on what you're defining as main developers. if you look at the statistics of people who are actually doing the majority of the work, many have chimed in that they do not wish to move to the GPL-3. if your assumption is that the noisy people in this thread arent doing any real work wrt u-boot contributions, you're sorely mistaken. -mike ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
I am sure. Those are not consumer products. They are made for businesses only. Wrong, as example your cell phone For the record, I do not have a cell phone, because I object to the surveillance they do. can be a part of the PPT, and your also have product on the market that allow you to use a PPT at home instead of just write your credit card number on a website. Here is the definition from the GPL v3: A User Product is either (1) a consumer product, which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. I am assuming PPT refers to point-of-sale terminals, but I can't be sure of that. Sale terminals models meant for business use are not consumer products; whether they contain a kind of cell phone does not affect the question. If there is a terminal model made for home use, that might be a consumer product. If so, GPLv3 would require allowing the user to install modified software. It follows that the bank that the user deals with would check for a valid credit card in its server rather than in the device. This is not hard. To deny the key to the user is not acceptable. It makes the software non-free, and gives the developer power over the user that nobody should have. Certanly not, it will make the product not hackable certanly not the software non-free. The reason access to source code and freedom to change it are important is so that you can use your changed version. If the product you bought requires changes to be authorized by someone other than you, that freedom has been reduced to a theoretical fiction. So the software is not free. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Wouldn't it make sense to add a paragraph to the GPL, stating that a company using GPL software in their system must also provide all that documentation to their customers? Only then the SW modification can be properly done? It is not possible for a software license to require this in general. It may be possible to require this in the case where the software is delivered with a product. For GPLv4, we could think about whether this is a good idea. But we are not yet working on a GPLv4. Don't forget that a proper test area is also needed, which can simulate all kind of street conditions. For ABS/Airbag you may also need a crash test environment including soem sample cars to try thigns out. Without access to these, you will not be able to prove proper system behaviour to the certification authorities. I don't know what standards they use. If certification is hard to get, that may discourage people from changing this software. Whether that is a good or a bad outcome, I am not sure. If the certification is indeed necessary, and done reasonably, I suppose the outcome is good. Be that as it may, it does not excuse letting manufacturers restrict the users for their own purposes. So once again I think GPLv3 for U-Boot would avoid using it in many possible applications, which would be a loss for the project and its users. It is important for free software users to remember that they are giving the users something, not vice versa. If people use U-Boot, that is their gain; if they don't use it, that is their loss. During my work on GCC and other programs, companies often asked me to weaken the license and in exchange we would get more use of the program. I respond to them, More use of the program is just a subgoal; the main goal is to give more users freedom. Sometimes companies say that they would put a lot of effort into improving a program if the developers change the license. But they do not necessarily contribute much if the developer caves. In effect they are asking to buy a license change on credit and won't even sign an IOU. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Detlev, Detlev Zundel schrieb: Hi Jean-Christophe, On 00:50 Fri 26 Jun , Richard Stallman wrote: ... If you buy a car, or a medical tool for my own use, you deserve to be able to change the software in it, just as you can change it physically. Certanly not when you use your car your are also on the public domain (road) so it your car have a system faillure you can kill yourself and kill other people. Remember that you are not allow to modify your car as your wish there is law that will forbiden you to do this in a lot' of country. ... Of course you can modify your own car. This is *not* forbidden - why do you claim such a thing? Heck you can even attach a rocket to it *as long* as you don't use the car on public streets. If you do, all you got to do is to get your modifications approved. No big deal, go to a insert favorite car brand here meeting and look at the cars there. I can even build my own car from scratch and get it certified. Maybe you are right. But for actually modifying safety critcal software (e.g. for airbag control, ABS/ESP control, not talking about break-by-wire/steer by wire systems) properly you will need MUCH more than the source code. You will need the requirements specifications, the SW design documentation, the test specifications. Wouldn't it make sense to add a paragraph to the GPL, stating that a company using GPL software in their system must also provide all that documentation to their customers? Only then the SW modification can be properly done? Don't forget that a proper test area is also needed, which can simulate all kind of street conditions. For ABS/Airbag you may also need a crash test environment including soem sample cars to try thigns out. Without access to these, you will not be able to prove proper system behaviour to the certification authorities. (set the irony tag wherever you find it suitable. Back to being earnest: I think the GPL is a very important license to generate open-source software and that the results on the SW quality are very significant. The switch to GPLv3 may make sense for many SW systems, mainly in the desktop/gadget area. Even the traditional industry has learned in the last few years, that open source software is nothing to be afraid of and that sharing the own general know how based on SW improvements is a benefit for all. But similar to the fact, that there is not ONE operating system fitting all needs and ONE SW package fitting all needs, there also is not ONE OS license, that fits to all requirements. So once again I think GPLv3 for U-Boot would avoid using it in many possible applications, which would be a loss for the project and its users. wkr, Thomas. -- Embedded Brains GmbH Thomas Doerfler Obere Lagerstr. 30 D-82178 Puchheim Germany email: thomas.doerf...@embedded-brains.de Phone: +49-89-18908079-2 Fax: +49-89-18908079-9 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Detlev Zundel schrieb: Hi Jean-Christophe, On 00:50 Fri 26 Jun , Richard Stallman wrote: If I use a GPLv3 bootloader in a medical tool, a car, Point of payment terminal, Military System, etc... it is a grave security flaw. I'm not sure that you will be very happy if someone can modify the Firmware freely. As you may loose money to be killed and at the extrem kill millions of people. There is no need to exaggerate. Millions of people modify cars physically, and it is not a dangerous practice. It is. If you buy a car, or a medical tool for my own use, you deserve to be able to change the software in it, just as you can change it physically. Certanly not when you use your car your are also on the public domain (road) so it your car have a system faillure you can kill yourself and kill other people. Remember that you are not allow to modify your car as your wish there is law that will forbiden you to do this in a lot' of country. It seems that you have very strong interests on the software side, which need to be considered separately, but here you are really distorting actual reality. As this example is likely best known to everybody, I'll comment on this one - it seems currently too much work without a prospect of any gain to comment on everything. Of course you can modify your own car. This is *not* forbidden - why do you claim such a thing? Heck you can even attach a rocket to it *as long* as you don't use the car on public streets. If you do, all you got to do is to get your modifications approved. No big deal, go to a insert favorite car brand here meeting and look at the cars there. I can even build my own car from scratch and get it certified. Although I wanted to restrict myself to cars - it's the same with planes. It is common practice for example to modify glider planes (increasing wing span for example to be more competitive today) for which the manufacturer even *does not exist* any more today. Admittedly this is some work to get it certified, but it is doable by a private person for sure, I personally know some. Actually I can even build my own *plane* and still get it certified (this is not uncommon). Cheers Detlev -- Embedded Brains GmbH Thomas Doerfler Obere Lagerstr. 30 D-82178 Puchheim Germany email: thomas.doerf...@embedded-brains.de Phone: +49-89-18908079-2 Fax: +49-89-18908079-9 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On 17:35 Fri 26 Jun , Richard Stallman wrote: The other systems that you speak of are not consumer products, so this requirement in GPLv3 does not apply to them. in a Point of payment terminal it does not apply are sure? I am sure. Those are not consumer products. They are made for businesses only. Wrong, as example your cell phone can be a part of the PPT, and your also have product on the market that allow you to use a PPT at home instead of just write your credit card number on a website. So your definition of consumer produts is dangerous and will not fit at all because you can not known what we can create You seem to be worried about something you haven't described clearly. I think you're afraid of shadows, but since you have not described them clearly, I really don't know. as example with the v3 you force me to give you my private key that I use to protect the product this is not acceptable To deny the key to the user is not acceptable. It makes the software non-free, and gives the developer power over the user that nobody should have. Certanly not, it will make the product not hackable certanly not the software non-free. Best Regards, J. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
- medical equipment: Think what nice features could be implemented into these many machines located in the emergency room... Accessible to any person who comes by. Being free to change your copy of a program does not mean you must let anyone and everyone change your copy. For instance, the code on my netbook is all free software, but it is not generally accessible to anyone but me. none of your scenarios are applicable to the issues Thomas raised. My argument shows that his scenario is unrealistic in supposing that any person who comes by can change the software in computers in the hospital. If the hospital has the key to install modified software, any person who comes by will not know the key. Even most of the staff will not know it. There probably are ways that people could sabotage the equipment if they were determined to do so. Physically, that is. A person with experience in servicing these machines could find a way to make them work wrong but not obviously wrong in a couple of minutes. Computers don't change the situation. It makes no sense to demand a double set of bars over the window while ignoring the flimsy door with a weak lock. Therefore, there is no real issue with these medical devices. But even if there were, the requirement for installation information in GPLv3 does not apply to products specifically for hospitals, since they are not consumer products. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
then i guess since u-boot is already doing what is right, this thread is a = big=20 waste of time I hope the main developers of U-Boot will conclude that it is right to move to GPLv3. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
and this is why i dislike the GPLv3. the GPLv2 was all about the source, so the conversation between developers and everyone else was you can take my source and modify it all you want, but i want to see the changes. sounds fair. GPLv3 (ignoring the fix for the loophole with web applications) adds *nothing* to this premise. instead, it's used as an ideological club such that the conversation is now i have all these ideas about how software should and shouldnt be utilized, so if you want to use my software, you too now have to subscribe to my way of thinking and you have to show me the changes. so what does moving from GPLv2 to GPLv3 gain us in terms of protections ? nothing. it does however allow us to restrict the people who want to use u- boot to using it in only ways we've blessed. that's plain wrong in my eyes and none of our business in the first place. I think it is not a coincidence that devices which can be updated with arbitrary firmware sells pretty good in the meantime. Who buys routers capable of running OpenWRT because of their original firmware? then let your wallet/politicians do the talking. i certainly do -- i avoid purchasing any music/games encumbered with DRM, or companies that employ such methods. but i'm above going around and forcing people to think the way i do with licenses. agreed with Mike. Best Regards, J. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Sat, 27 Jun 2009, Jean-Christophe PLAGNIOL-VILLARD wrote: and this is why i dislike the GPLv3. the GPLv2 was all about the source, so the conversation between developers and everyone else was you can take my source and modify it all you want, but i want to see the changes. sounds fair. GPLv3 (ignoring the fix for the loophole with web applications) adds *nothing* to this premise. instead, it's used as an ideological club such that the conversation is now i have all these ideas about how software should and shouldnt be utilized, so if you want to use my software, you too now have to subscribe to my way of thinking and you have to show me the changes. so what does moving from GPLv2 to GPLv3 gain us in terms of protections ? nothing. it does however allow us to restrict the people who want to use u- boot to using it in only ways we've blessed. that's plain wrong in my eyes and none of our business in the first place. I think it is not a coincidence that devices which can be updated with arbitrary firmware sells pretty good in the meantime. Who buys routers capable of running OpenWRT because of their original firmware? then let your wallet/politicians do the talking. i certainly do -- i avoid purchasing any music/games encumbered with DRM, or companies that employ such methods. but i'm above going around and forcing people to think the way i do with licenses. agreed with Mike. Second that. --- ** * k...@homeKOI8 Net The impossible we do immediately. * * Las Vegas NV, USA Miracles require 24-hour notice. * ** ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Richard, Richard Stallman wrote: - automotive control units: Think about cars being on the highway with many fancy features built into their electronics (from their owners), which unfortunately are a security risk for the owner and others on the road. I don't think cars depend on software for safety as such. If a computer breaks down, the engine mail run badly -- but if you run out of gas, it might stop entirely. You can still steer the car. You are only concentrating on the motor control. I am not sure about the technical skill of the American automotive industry (grin, grin), but at least in Europe SOME cars already have some safety functions based on computer systems for good reason. If someday cars do have computers whose proper functioning is necessary for safety, we could use airplanes as a policy example. If you own a small plane, you are free to change it, but you need to get the change inspectied for airworthiness. Right. The car owner must. But what happens if he doesn't? After a major accident, will the lawyers really sue the car owner? Or the company who let the car owner tinker around in the ECU? Keep in mind that for most car owners, it is much easier to understand the safety aspects of a mechanical modification of the car than all safety aspects of a SW modification. - medical equipment: Think what nice features could be implemented into these many machines located in the emergency room... Accessible to any person who comes by. Being free to change your copy of a program does not mean you must let anyone and everyone change your copy. For instance, the code on my netbook is all free software, but it is not generally accessible to anyone but me. Just out of curiousity: Which percentage of that SW is already GPLv3? wkr, Thomas. -- Embedded Brains GmbH Thomas DoerflerObere Lagerstrasse 30 D-82178 Puchheim Germany email: thomas.doerf...@embedded-brains.de Phone: +49-89-18908079-2 Fax: +49-89-18908079-9 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On 00:50 Fri 26 Jun , Richard Stallman wrote: If I use a GPLv3 bootloader in a medical tool, a car, Point of payment terminal, Military System, etc... it is a grave security flaw. I'm not sure that you will be very happy if someone can modify the Firmware freely. As you may loose money to be killed and at the extrem kill millions of people. There is no need to exaggerate. Millions of people modify cars physically, and it is not a dangerous practice. It is. If you buy a car, or a medical tool for my own use, you deserve to be able to change the software in it, just as you can change it physically. Certanly not when you use your car your are also on the public domain (road) so it your car have a system faillure you can kill yourself and kill other people. Remember that you are not allow to modify your car as your wish there is law that will forbiden you to do this in a lot' of country. The other systems that you speak of are not consumer products, so this requirement in GPLv3 does not apply to them. in a Point of payment terminal it does not apply are sure? There are distributed to storekeeper and you use your credit card in there shop. So in your idea they modify it and if they stole your credit card number and secret code and then stole your money. No Way I do not think the v3 is a benefit. I'll never accept the concept to an opensource licence that will force me to use a software in a specific way that someone will choose for me as do the v3. It will be freedom kill. You seem to be worried about something you haven't described clearly. I think you're afraid of shadows, but since you have not described them clearly, I really don't know. as example with the v3 you force me to give you my private key that I use to protect the product this is not acceptable All I can say is that no version of the GPL was meant to be an open source license. Thinking of it in terms of open source will tend to be an obstacle to understanding it. Sorry you only think about yourself and your interest, I respect the GPLv2 and the work have been done around. But the GPLv3 is an extremism that I do not want to go. Best Regards, J. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi Mike, On Thursday 25 June 2009 10:41:13 Detlev Zundel wrote: It is this certification is only possible like we say attitude which I seriously question. whether you question this attitude doesnt matter. you arent a lawyer in general, you arent a lawyer for these companies, and you arent indemnifying them. their legal review says that it's a requirement, so it is now a requirement for the software. anything beyond that is irrelevant. Now was this so hard? This is actually an important fact that it is a legal requirement for a company - thanks. As a quick web research did not help, if this is a legal requirement, then can you point me to the law which requires such a thing? nothing personal, but ... (1) you still arent a lawyer (2) i never said there was a law that stated this (3) i did say their legal team came to the conclusion that ... the law and your interpretation of it is irrelevant. Wow, the law is irrelevant. I give up. You repeatedly claim stuff without backing anything up. There is nothing more I can gain from this discussion, so I let it rest. Cheers Detlev -- Deutsches Grundgesetz Artikel 14 Absatz 2: Eigentum verpflichtet. Sein Gebrauch soll zugleich dem Wohle der Allgemeinheit dienen. -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: d...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi, On Thursday 25 June 2009 10:20:47 Detlev Zundel wrote: It's not the first time I hear this mantra. Can you give me some facts to back this up? i dont know what kind of facts you're looking for. i didnt make this scenario up, it was described to me by a customer in the US and their experience with Chinese cloners. i'm not going to give customer information or name names if that's what you want. Well, the problem with facts is that I like them to be backed up. I don't know whether I should believe this mantra until I have seen actual products and/or figures. If you don't need this - fine, your choice. well g'luck with that. you're going to have to find a customer yourself or find someone who *hasnt* signed a NDA. ... n ) Proof by intimidation n+1) Proof by vigorous handwaving n+2) Proof by obfuscation n+3) Proof by wishful citation n+4) Proof by vehement assertion n+5) Proof not available without NDA Now, wait a minute, I think we have an original new entry here to this list ;) Cheers Detlev -- Für jemanden, der in eine Religion geboren wurde, in der das Ringen um eine einzige Seele ein Stafettenlauf über viele Jahrhunderte sein kann [..], hat das Tempo des Christentums etwas Schwindelerregendes. Wenn der Hinduismus friedlich dahinfließt wie der Ganges, dann ist das Christentum Toronto in der Rushhour.-- Yann Martel -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: d...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
k...@koi8.net a écrit : Ah, that's absolutely orthogonal issue... We do NOT do something stupid from engineering standpoint because it makes sense (and quite often it doesn't) but because the regulations and the Commission's understanding of them requires that. Yes, many of those are stupid and outdated but they do a good job anyways; there is not that much cheating in our casinos. You seem to agree that a secure boot is maybe not more that only a marketing word... No, this does not have the same strict meaning as #6-32x1/2 slotted head steel zinc plated machine screw. It is a set of different features. Here is e.g. a Freescale's whitepaper on one of their SoCs: http://www.freescale.com/files/32bit/doc/white_paper/IMX31SECURITYWP.pdf This paper mainly describes hardware features that are not relevant for u-boot. The ROM authenticate a script that authenticate the boot loader (u-boot) that authenticate the firmware image (kernel and RO filesystem). The ability to update this system is controlled by a chain of asymmetric keys. It seem that the GPLv3 do not require to publish the private key if this is not a consumer product. I suspect that if a regulation exists for a product that require a security schema, then GPLv3 also do not force to publish the private key, but that must be carefully verified. In a more philosophical aspect, and as a customer, I can understand that some code are dangerous to modify and are secured, but there is a real issues that the security is also used to abuse the freedom to modify a system that don't require a high level of security. What you will do the day you can't find a computer that can't boot a Open Source system ? The GPLv3 is maybe right by requiring to allow to modify a system as long as this is not restricted by a regulation for safety reason. [...] Why do you think I want to fight regulation ? I actually be more concerned about understanding how a proprietary hidden piece of code into u-boot can possibly make a system satisfy a security regulation. It is not just hardware/software. The latter is only a part of solution. It is NOT the machine that pays that jackpot, it is real humans. There is no way to make the system unbreakable and impossible to cheat on. That's why an additional layer of security is being able to DETECT that system had been cheated on. So why using open source at all if you think that hidden code is a way to make a system more secure ? It highly not consistent ! Who is talking about hidden code? It can be open source. And quite often it is. And most of that code, BTW, is written by the people who are paid to do it. If you want to make us drop U-Boot and write our own firmware no problems, that's just additional job security for us. But don't expect all those people to do anything on U-Boot and forget about their contributions. Pretty aggressive position. If I understand you correctly, there is already a asymmetric key authentication code to secure a firmware in u-boot. Please point out where it is because I can't find it in the last GIT tree. Regards, Jean-Christian de Rivaz ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi Jean-Christophe, On 00:50 Fri 26 Jun , Richard Stallman wrote: If I use a GPLv3 bootloader in a medical tool, a car, Point of payment terminal, Military System, etc... it is a grave security flaw. I'm not sure that you will be very happy if someone can modify the Firmware freely. As you may loose money to be killed and at the extrem kill millions of people. There is no need to exaggerate. Millions of people modify cars physically, and it is not a dangerous practice. It is. If you buy a car, or a medical tool for my own use, you deserve to be able to change the software in it, just as you can change it physically. Certanly not when you use your car your are also on the public domain (road) so it your car have a system faillure you can kill yourself and kill other people. Remember that you are not allow to modify your car as your wish there is law that will forbiden you to do this in a lot' of country. It seems that you have very strong interests on the software side, which need to be considered separately, but here you are really distorting actual reality. As this example is likely best known to everybody, I'll comment on this one - it seems currently too much work without a prospect of any gain to comment on everything. Of course you can modify your own car. This is *not* forbidden - why do you claim such a thing? Heck you can even attach a rocket to it *as long* as you don't use the car on public streets. If you do, all you got to do is to get your modifications approved. No big deal, go to a insert favorite car brand here meeting and look at the cars there. I can even build my own car from scratch and get it certified. Although I wanted to restrict myself to cars - it's the same with planes. It is common practice for example to modify glider planes (increasing wing span for example to be more competitive today) for which the manufacturer even *does not exist* any more today. Admittedly this is some work to get it certified, but it is doable by a private person for sure, I personally know some. Actually I can even build my own *plane* and still get it certified (this is not uncommon). Cheers Detlev -- Those who would trade safety for freedom deserve neither. -- Thomas Jefferson -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: d...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Friday 26 June 2009 04:25:42 Detlev Zundel wrote: On Thursday 25 June 2009 10:20:47 Detlev Zundel wrote: It's not the first time I hear this mantra. Can you give me some facts to back this up? i dont know what kind of facts you're looking for. i didnt make this scenario up, it was described to me by a customer in the US and their experience with Chinese cloners. i'm not going to give customer information or name names if that's what you want. Well, the problem with facts is that I like them to be backed up. I don't know whether I should believe this mantra until I have seen actual products and/or figures. If you don't need this - fine, your choice. well g'luck with that. you're going to have to find a customer yourself or find someone who *hasnt* signed a NDA. ... n ) Proof by intimidation n+1) Proof by vigorous handwaving n+2) Proof by obfuscation n+3) Proof by wishful citation n+4) Proof by vehement assertion n+5) Proof not available without NDA Now, wait a minute, I think we have an original new entry here to this list ;) basically you're making the assertion that (1) i just made all of this sh*t up, (2) i'm basically a liar, and (3) i must be making these claims because i think this discussion is fun. rather than providing funny little lists, why dont you come straight out and call someone a filthy liar. frankly, you can kiss my ass. i attempted to provide real world experience with the information i'm allowed, and apparently that wasnt good enough for you, how convenient for your little crusade to control the usage of others. -mike ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Friday 26 June 2009 04:21:15 Detlev Zundel wrote: On Thursday 25 June 2009 10:41:13 Detlev Zundel wrote: It is this certification is only possible like we say attitude which I seriously question. whether you question this attitude doesnt matter. you arent a lawyer in general, you arent a lawyer for these companies, and you arent indemnifying them. their legal review says that it's a requirement, so it is now a requirement for the software. anything beyond that is irrelevant. Now was this so hard? This is actually an important fact that it is a legal requirement for a company - thanks. As a quick web research did not help, if this is a legal requirement, then can you point me to the law which requires such a thing? nothing personal, but ... (1) you still arent a lawyer (2) i never said there was a law that stated this (3) i did say their legal team came to the conclusion that ... the law and your interpretation of it is irrelevant. Wow, the law is irrelevant. I give up. You repeatedly claim stuff without backing anything up. There is nothing more I can gain from this discussion, so I let it rest. why not try keeping up with the thread instead of taking things out of context. the point of this subthread was that the software people doing the work are told to do XYZ by their legal team. thus it is a software requirement irregardless of anything else. plus, the law in these areas is hardly ever clear. it may state one thing, and yet there are precedences that take it a different way. or the laws have no precedence at all (which is fairly typical with open source) in which case lawyers are often very conservative. after all, their screw up here could easily cost a company 6 or 7 figures if not worse penalties. your demand of black and white conformance in a pure gray legal world is completely unrealistic. -mike ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi, On Friday 26 June 2009 04:25:42 Detlev Zundel wrote: On Thursday 25 June 2009 10:20:47 Detlev Zundel wrote: It's not the first time I hear this mantra. Can you give me some facts to back this up? i dont know what kind of facts you're looking for. i didnt make this scenario up, it was described to me by a customer in the US and their experience with Chinese cloners. i'm not going to give customer information or name names if that's what you want. Well, the problem with facts is that I like them to be backed up. I don't know whether I should believe this mantra until I have seen actual products and/or figures. If you don't need this - fine, your choice. well g'luck with that. you're going to have to find a customer yourself or find someone who *hasnt* signed a NDA. ... n ) Proof by intimidation n+1) Proof by vigorous handwaving n+2) Proof by obfuscation n+3) Proof by wishful citation n+4) Proof by vehement assertion n+5) Proof not available without NDA Now, wait a minute, I think we have an original new entry here to this list ;) basically you're making the assertion that (1) i just made all of this sh*t up, (2) i'm basically a liar, and (3) i must be making these claims because i think this discussion is fun. rather than providing funny little lists, why dont you come straight out and call someone a filthy liar. I am not repsonsible for what you read into my mails. I never made such assertions. Cheers Detlev -- Summary [of object-oriented programming in Perl 5] That's all about there is to it. Now you just need to go off and buy a book about object-oriented design methodology, and bang your forehead with it for the next six months or so.Larry Wall [Creator of Perl] -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: d...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Friday 26 June 2009 09:56:21 Detlev Zundel wrote: On Friday 26 June 2009 04:25:42 Detlev Zundel wrote: On Thursday 25 June 2009 10:20:47 Detlev Zundel wrote: It's not the first time I hear this mantra. Can you give me some facts to back this up? i dont know what kind of facts you're looking for. i didnt make this scenario up, it was described to me by a customer in the US and their experience with Chinese cloners. i'm not going to give customer information or name names if that's what you want. Well, the problem with facts is that I like them to be backed up. I don't know whether I should believe this mantra until I have seen actual products and/or figures. If you don't need this - fine, your choice. well g'luck with that. you're going to have to find a customer yourself or find someone who *hasnt* signed a NDA. ... n ) Proof by intimidation n+1) Proof by vigorous handwaving n+2) Proof by obfuscation n+3) Proof by wishful citation n+4) Proof by vehement assertion n+5) Proof not available without NDA Now, wait a minute, I think we have an original new entry here to this list ;) basically you're making the assertion that (1) i just made all of this sh*t up, (2) i'm basically a liar, and (3) i must be making these claims because i think this discussion is fun. rather than providing funny little lists, why dont you come straight out and call someone a filthy liar. I am not repsonsible for what you read into my mails. I never made such assertions. Jon Stewart summed up this position fairly well with an example. I'm not saying your mother is a whore.I'm just saying, isnt it interesting that she has money. And I dont know what she does during the day. -mike ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Mike Frysinger vap...@gentoo.org writes: Jon Stewart summed up this position fairly well with an example. I'm not saying your mother is a whore.I'm just saying, isnt it interesting that she has money. And I dont know what she does during the day. You are disqualifying yourself here. Go on if you like, I will not join you on this level anymore. Cheers Detlev -- ``The number of UNIX installations has grown to 10, with more expected.'' Unix Programmers Manual -- 1972 The number of UNIX variants has grown to dozens, with more expected. -- 2001 -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: d...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Friday 26 June 2009 11:11:06 Detlev Zundel wrote: Mike Frysinger vap...@gentoo.org writes: Jon Stewart summed up this position fairly well with an example. I'm not saying your mother is a whore.I'm just saying, isnt it interesting that she has money. And I dont know what she does during the day. You are disqualifying yourself here. Go on if you like, I will not join you on this level anymore. i'm pretty sure you missed the point completely. review the structure, not the content. -mike ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Embedded systems using core soc silicon from a number of manufacturers have started to use what is known as 'secure boot'. This is typically the case in applications which utilise conditional access system software to protect content. The emphasis on using secure boot is largely driven by the conditional access industry itself. The principal purpose of these products is to restrict the public's freedom. So it is natural that their means involve restricting our freedom too. it sure is nice to make generalities as it makes your resulting argument so much easier to digest. the companies ive worked with could give two sh*ts about end customers tinkering with their products. they're interested in keeping their product secure from other people in their respective industry and from malicious tampering for regulation/safety purposes. The comment I responded to talked about the conditional access industry and my response was about those products too. I stand by what I said about them. Your various messages suggest that you are talking about other kinds of products, so that your experience does not conflict with what I said. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
The other systems that you speak of are not consumer products, so this requirement in GPLv3 does not apply to them. in a Point of payment terminal it does not apply are sure? I am sure. Those are not consumer products. They are made for businesses only. You seem to be worried about something you haven't described clearly. I think you're afraid of shadows, but since you have not described them clearly, I really don't know. as example with the v3 you force me to give you my private key that I use to protect the product this is not acceptable To deny the key to the user is not acceptable. It makes the software non-free, and gives the developer power over the user that nobody should have. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Richard, Richard Stallman wrote: Embedded systems using core soc silicon from a number of manufacturers have started to use what is known as 'secure boot'. This is typically the case in applications which utilise conditional access system software to protect content. The emphasis on using secure boot is largely driven by the conditional access industry itself. The principal purpose of these products is to restrict the public's freedom. So it is natural that their means involve restricting our freedom too. You are right in many cases, but on the other hand especially in the embedded market there are lots of systems which should definitivly NOT boot every code provided. Just some examples: - automotive control units: Think about cars being on the highway with many fancy features built into their electronics (from their owners), which unfortunately are a security risk for the owner and others on the road. If a major accident is caused by modified car control software, who will be sued in the first run? The owner (already dead?)? Or the car manufacturer who made the system open to changes from everyone? - medical equipment: Think what nice features could be implemented into these many machines located in the emergency room... Accessible to any person who comes by. My personal believe is that there are many examples of embedded systems, that should only execute software that has been carefully tested. And I don't like the idea to see this area as non-compatible with free software like U-Boot, Linux and others. wkr, Thomas. In DefectiveByDesign.org we organize protests against such devices. They don't deserve help. In this context, I believe both terms are interchangeable and effectively mean the same thing. It is secure because only authenticated code is allowed to be executed, thus another step to avoid piracy, If that is meant to refer to sharing of copies of published works, please don't call that piracy. That is a propaganda term which is used to spread the assumption that sharing is bad. See http://www.gnu.org/philosophy/words-to-avoid.html. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot -- Embedded Brains GmbH Thomas DoerflerObere Lagerstrasse 30 D-82178 Puchheim Germany email: thomas.doerf...@embedded-brains.de Phone: +49-89-18908079-2 Fax: +49-89-18908079-9 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi Scott, On Wed, Jun 24, 2009 at 11:09:49AM +0200, Detlev Zundel wrote: nand_ecc.c is an exception, which not only has the or later language but also has an exception that makes it non-viral. Why do you refer to one of the most important aspects of the effectiveness of the GPL as being viral? GPLd software neither attacks nor infects software so the wording is actively misleading. I was referring to the if you link me in, the entire project must be under my terms clause. For sure I know what you meant, but the term virus has a mental baggage way too big. I believe a metaphor only to be helpful if the attached concepts shed new light on the target domain, but this is simply not the case here. Of course I cannot forbid your using the word, but one should point out that the connotations are misleading. Regardless of what motivates it, people who sell hardware to such customers (and who also contribute to u-boot) may not want to risk losing that business by pushing GPLv3 on them. Actually I want to understand why people fear to loose business with GPLv3. What is the exact scenario that is so threatening? Unless this is understood, it is hard to argue in any way. U-boot contributor A wants to sell hardware to customer B, who wants secure boot, or for any other reason does not want to involve themselves in GPL3. I'm not going to provide names, but this is not hypothetical. If nobody wanted to do the things that GPLv3 prevents, there wouldn't be a GPLv3. :-) Actually I was trying to get more information about what those things that GPLv3 prevents and customers want are - and what business model they are a part of. It may come as a surprise, but I believe that the percentage of boards supported by U-Boot which are used in such scenarios is pretty small. Likely many of the newly added boards will fall into this category, but from the hundreds already supported not many will even care. To get a better impression about this ratio should also be an important point in this discussion. U-boot goes GPLv3. A has a choice to continue developing on mainline u-boot, in which case one of these happens: 1. A develops *another* bootloader in parallel (possibly based on old GPLv2 u-boot) for customer B, 2. B develops (or acquires) their own firmware, or 3. B buys hardware from someone else who provides non-GPL3 firmware. #2 seems unlikely if #3 is a reasonable option -- and if A is going to do #1, why wouldn't they develop *only* that non-GPL3 firmware if it is a superset of usefulness to A (who doesn't particularly care about the GPL3 agenda)? In other words, a fork. It is good to actually get more concrete here, but I was really after the original motiviation of people avoiding GPLv3. Thanks Detlev -- The limits of my language stand for the limits of my world. -- Ludwig Wittgenstein -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: d...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi Mike, but when customers absolutely state their requirements are secure boot and the ability to lock their hardware so no one else can run things, then i'm not about to argue with them. their response is simply fine, we'll move on to the next guy who will satisfy our requirements. It is your decision if you don't want to even understand your customers needs. wrong, we've actually done the opposite. we know what they want to do and it is doable with GPLv2. it is not doable with GPLv3. From what I read, I do not get this impression. Locking people out is not a ulterior motive but the outcome of a perceived threat to a business model. It was this business model that I wanted to get a clear picture of. It seems I cannot get any more informatino here. locking down a machine is part of due diligence as well when it comes to certification. not taking measures to prevent uncertified code from running is a legal liability for companies. An aircraft is also a certified product - won't you think? Do you believe that an airline carrier ships its planes to the manufacturer if they need to replace a screw? Obviously there must be ways to ensure certification even in such cases. Why should those methods not be applicable to other fields as well? It is this certification is only possible like we say attitude which I seriously question. you can chalk these use cases up as perceived threads to a business model all you like. many customers arent going to change because of your opinion, and while you may not business with them, i dont have a problem with doing it. Sure, you're decision. Although I cannot read it from what you wrote, if you do business knowingly entering grey areas of licensing questions (like writing closed source drivers for the Linux kernel), there is a pretty good chance that one could go to court for gross negligence. This is not a joke. Here in Germany lawyers actually evaluated if a manager can get sued for gross negligence when deploying Free Software in a company because of the everybody can change the software aspect. yes, there are cases of ingrained perceptions about how to accomplish something and GPLv3 blocks those methods. but again, it is *your* choice to attempt to educate people here, it is not the automatic burden of people to champion the GNU cause for you. What kind of axe do you have to grind here? We (as a project) were asked about our stance to move to GPLv3 which is a perfectly good question to pose. All I want to do is collect facts - your allegation that I want other people to carry a burden shows me that this way will bear no more fruit. i wasnt directing all of these comments directly at you. i dont know you nor do i care. Yep, thanks for the confirmation. they arent generally trying to lock out people who just want to toy, they're targeting people who want to clone their hardware or functionality to create knockoffs or they're trying to guarantee lock down so they can get certified (like medical devices). How does GPLv3 vs. GPLv2 touch the we will get cloned question? Maybe I do not see the obvious here, but sourcecode to binaries under either license must be available, so what's the difference? if you dont have the decryption keys, you cant read the end program. having access to the u-boot source doesnt matter. Having access to the physical device will. How long do you think will it take to get broken into? Unfortunately physics do not follow wishes of companies as seen over and over in the past. and companies understand that. i never said locking the device is a 100% guarantee to prevent cloning -- nothing in life is 100%. it does however significantly make it harder to reverse engineer a black box that is wiggling pins than it is to disassemble code and memory. the companies i work with are concerned with delaying clones for most of that product generation's life span, not eternity. if the clone comes in after the company has gotten their fair share out of it, then that's fine by them. clones are an unfortunate aspect of commercial life. without the secure boot aspect, people are able to create knockoffs with enough turn around time to do quite a bit of damage to the product's life span. It's not the first time I hear this mantra. Can you give me some facts to back this up? i personally dont have a problem with people locking their hardware. that is their choice and the GPLv2 allows them that freedom. You have a strange definition of freedom - for you it is limited to the provider of the devices not to the users of the devices. I guess this is what this all boils down to. no, i have a definition of freedom you cant cope with. Oh, I can cope with this definition for sure. It is rather misleading to attach it to the word freedom however. what i choose to do with my time and code i write is absolutely my
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi Mike, On Wednesday 24 June 2009 12:45:38 Detlev Zundel wrote: It is secure because only authenticated code is allowed to be executed, thus another step to avoid piracy, hacking of conditional access systems etc. Running only authenticated code does *not* ensure security, no matter how much this is wished for. But no matter, I now understand that security seems to mean data can only be handled in the way intended by the owners of the data which is a different concept to me. you ignored my simple straightforward example where both authenticity and security is provided. cpu only loads signed u-boot -- authenticity. u-boot only loads encrypted signed binaries -- security and authenticity. since the binaries stay inside of the CPU, for all practical (and then some) purposes, the decrypted binary will never be discovered from this system. Obviously we differ in what security means. Where I used security as an attribute of a communications channel which seems to be a popular interpretation in computer science, you interpret security to mean not discoverable from outside the device. The latter interpretation is used in the DRM systems trying to rub off the good annotations of security onto those systems - but still it is not synonymous to security for me. So by definition, an authenticated, encrypted (and non-discoverable binary) can still use non-secure communications channels. Those things are orthogonal and actually I do not know why we argue about that anyway because it is beside the point of this thread. and unless you're lumping data and code together under the term data, that part is also incorrect. Code is data for sure. Using higher level languages like e.g. Lisp, this should be extremely clear. Cheers Detlev -- Ich hoffe, Sie verzeihen mir meine Leidenschaft. Ich hätte Ihnen Ihre auch gerne verziehen. -- Dieter Hildebrandt -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: d...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
You have a strange definition of freedom - for you it is limited to the provider of the devices not to the users of the devices. I guess this is what this all boils down to. No, it is let the device providers and the users who have *chosen* to use those devices sort it out themselves, *I'm* not restricting anyone. More precisely stated, it's I'm not restricting anyone, and if someone else is, I don't care. The difference here is between defending freedom and standing aside while it gets lost. Leaving the powerful few and the weak divided many to sort it out is predictably likely to lead to bad results. (That is why consumer protection law exists -- because a market without regulation is dangerous. This is also why financial industry regulation exists, and if the powerful had not sabotaged it, we wouldn't have the current economic downturn.) ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thursday 25 June 2009 07:04:07 Detlev Zundel wrote: but when customers absolutely state their requirements are secure boot and the ability to lock their hardware so no one else can run things, then i'm not about to argue with them. their response is simply fine, we'll move on to the next guy who will satisfy our requirements. It is your decision if you don't want to even understand your customers needs. wrong, we've actually done the opposite. we know what they want to do and it is doable with GPLv2. it is not doable with GPLv3. From what I read, I do not get this impression. Locking people out is not a ulterior motive but the outcome of a perceived threat to a business model. It was this business model that I wanted to get a clear picture of. It seems I cannot get any more informatino here. locking down a machine is part of due diligence as well when it comes to certification. not taking measures to prevent uncertified code from running is a legal liability for companies. An aircraft is also a certified product - won't you think? Do you believe that an airline carrier ships its planes to the manufacturer if they need to replace a screw? Obviously there must be ways to ensure certification even in such cases. Why should those methods not be applicable to other fields as well? It is this certification is only possible like we say attitude which I seriously question. whether you question this attitude doesnt matter. you arent a lawyer in general, you arent a lawyer for these companies, and you arent indemnifying them. their legal review says that it's a requirement, so it is now a requirement for the software. anything beyond that is irrelevant. they arent generally trying to lock out people who just want to toy, they're targeting people who want to clone their hardware or functionality to create knockoffs or they're trying to guarantee lock down so they can get certified (like medical devices). How does GPLv3 vs. GPLv2 touch the we will get cloned question? Maybe I do not see the obvious here, but sourcecode to binaries under either license must be available, so what's the difference? if you dont have the decryption keys, you cant read the end program. having access to the u-boot source doesnt matter. Having access to the physical device will. How long do you think will it take to get broken into? Unfortunately physics do not follow wishes of companies as seen over and over in the past. and companies understand that. i never said locking the device is a 100% guarantee to prevent cloning -- nothing in life is 100%. it does however significantly make it harder to reverse engineer a black box that is wiggling pins than it is to disassemble code and memory. the companies i work with are concerned with delaying clones for most of that product generation's life span, not eternity. if the clone comes in after the company has gotten their fair share out of it, then that's fine by them. clones are an unfortunate aspect of commercial life. without the secure boot aspect, people are able to create knockoffs with enough turn around time to do quite a bit of damage to the product's life span. It's not the first time I hear this mantra. Can you give me some facts to back this up? i dont know what kind of facts you're looking for. i didnt make this scenario up, it was described to me by a customer in the US and their experience with Chinese cloners. i'm not going to give customer information or name names if that's what you want. -mike signature.asc Description: This is a digitally signed message part. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thursday 25 June 2009 07:22:10 Detlev Zundel wrote: On Wednesday 24 June 2009 12:45:38 Detlev Zundel wrote: It is secure because only authenticated code is allowed to be executed, thus another step to avoid piracy, hacking of conditional access systems etc. Running only authenticated code does *not* ensure security, no matter how much this is wished for. But no matter, I now understand that security seems to mean data can only be handled in the way intended by the owners of the data which is a different concept to me. you ignored my simple straightforward example where both authenticity and security is provided. cpu only loads signed u-boot -- authenticity. u-boot only loads encrypted signed binaries -- security and authenticity. since the binaries stay inside of the CPU, for all practical (and then some) purposes, the decrypted binary will never be discovered from this system. Obviously we differ in what security means. Where I used security as an attribute of a communications channel which seems to be a popular interpretation in computer science, you interpret security to mean not discoverable from outside the device. The latter interpretation is used in the DRM systems trying to rub off the good annotations of security onto those systems - but still it is not synonymous to security for me. you really should use the standard terms of the trade then, otherwise you will just keep confusing people. http://en.wikipedia.org/wiki/Information_security#Basic_principles -mike signature.asc Description: This is a digitally signed message part. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Wednesday 24 June 2009 20:59:11 Richard Stallman wrote: Embedded systems using core soc silicon from a number of manufacturers have started to use what is known as 'secure boot'. This is typically the case in applications which utilise conditional access system software to protect content. The emphasis on using secure boot is largely driven by the conditional access industry itself. The principal purpose of these products is to restrict the public's freedom. So it is natural that their means involve restricting our freedom too. it sure is nice to make generalities as it makes your resulting argument so much easier to digest. the companies ive worked with could give two sh*ts about end customers tinkering with their products. they're interested in keeping their product secure from other people in their respective industry and from malicious tampering for regulation/safety purposes. -mike signature.asc Description: This is a digitally signed message part. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi Mike, you really should use the standard terms of the trade then, otherwise you will just keep confusing people. I will not bother discussing this anymore with you but rather leave it up to the reader to decide on who is confusing. Cheers Detlev -- Win32 sucks so hard it could pull matter out of a Black Hole. -- Pohl Longsine -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: d...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Friday 19 June 2009 04:40:59 Detlev Zundel wrote: I was asked about relicensing U-Boot as GPLv3: From:Richard Stallman r...@gnu.org Subject: U-book and GPLv3? To: Wolfgang Denk w...@denx.de Date:Thu, 18 Jun 2009 09:17:28 -0400 I really enjoy the name U-boot. What are the advantages of U-boot over PMON? Have you considered moving U-boot to GPLv3-or-later? -- I know that we have had similar discussions before (see for example http://thread.gmane.org/gmane.comp.boot-loaders.u-boot/24029), but I would like to take the chance and re-poll what the community's opinion about this is. For what it's worth, I would appreciate moving to GPLv3. Sparing details, my reasoning is the following. Basically I think most people appreciate the GPL for what it means in pratical terms: * the freedom to use the software for any purpose, * the freedom to change the software to suit your needs, * the freedom to share the software with your friends and neighbors, * and * the freedom to share the changes you make. Obviously the second item here will become void if vendor lockout of updates becomes common. So what will be left of the essential freedoms? I can study the code, I can modify it, but I am not allowed to run it. Excellent. and this is why i dislike the GPLv3. the GPLv2 was all about the source, so the conversation between developers and everyone else was you can take my source and modify it all you want, but i want to see the changes. sounds fair. GPLv3 (ignoring the fix for the loophole with web applications) adds *nothing* to this premise. instead, it's used as an ideological club such that the conversation is now i have all these ideas about how software should and shouldnt be utilized, so if you want to use my software, you too now have to subscribe to my way of thinking and you have to show me the changes. so what does moving from GPLv2 to GPLv3 gain us in terms of protections ? nothing. it does however allow us to restrict the people who want to use u- boot to using it in only ways we've blessed. that's plain wrong in my eyes and none of our business in the first place. I think it is not a coincidence that devices which can be updated with arbitrary firmware sells pretty good in the meantime. Who buys routers capable of running OpenWRT because of their original firmware? then let your wallet/politicians do the talking. i certainly do -- i avoid purchasing any music/games encumbered with DRM, or companies that employ such methods. but i'm above going around and forcing people to think the way i do with licenses. -mike signature.asc Description: This is a digitally signed message part. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi Mike, It is this certification is only possible like we say attitude which I seriously question. whether you question this attitude doesnt matter. you arent a lawyer in general, you arent a lawyer for these companies, and you arent indemnifying them. their legal review says that it's a requirement, so it is now a requirement for the software. anything beyond that is irrelevant. Now was this so hard? This is actually an important fact that it is a legal requirement for a company - thanks. It was a pain to find out however. It's not the first time I hear this mantra. Can you give me some facts to back this up? i dont know what kind of facts you're looking for. i didnt make this scenario up, it was described to me by a customer in the US and their experience with Chinese cloners. i'm not going to give customer information or name names if that's what you want. Well, the problem with facts is that I like them to be backed up. I don't know whether I should believe this mantra until I have seen actual products and/or figures. If you don't need this - fine, your choice. It's like the patents strengthen innovation mantra. Regardless that there was no study to ever show such effect this was repeated over and over. People questioning it got shut up replies like you deal out. Unfortunately recent studies show the opposite of the claim, no matter how much the mantra is still repeated. Cheers Detlev -- Oh, didn't you know, the Lord did the original programming of the universe in COBOL. - That's why the world is the evil work of Satan. A true divine being would have used Scheme. - And, if so, Jesus would have been crucified on a big lambda symbol. -- K. Chafin, K. Schilling D. Hanley, on comp.lang.lisp -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: d...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thursday 25 June 2009 10:20:47 Detlev Zundel wrote: It's not the first time I hear this mantra. Can you give me some facts to back this up? i dont know what kind of facts you're looking for. i didnt make this scenario up, it was described to me by a customer in the US and their experience with Chinese cloners. i'm not going to give customer information or name names if that's what you want. Well, the problem with facts is that I like them to be backed up. I don't know whether I should believe this mantra until I have seen actual products and/or figures. If you don't need this - fine, your choice. well g'luck with that. you're going to have to find a customer yourself or find someone who *hasnt* signed a NDA. -mike signature.asc Description: This is a digitally signed message part. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi Mike, It is this certification is only possible like we say attitude which I seriously question. whether you question this attitude doesnt matter. you arent a lawyer in general, you arent a lawyer for these companies, and you arent indemnifying them. their legal review says that it's a requirement, so it is now a requirement for the software. anything beyond that is irrelevant. Now was this so hard? This is actually an important fact that it is a legal requirement for a company - thanks. As a quick web research did not help, if this is a legal requirement, then can you point me to the law which requires such a thing? Thanks Detlev -- [From 2.4 to 2.6 to 2.7 discussing release numbering of the Linux kernel] Let the bike-shed-painting begin. -- Linus Torvalds -- DENX Software Engineering GmbH, MD: Wolfgang Denk Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-40 Fax: (+49)-8142-66989-80 Email: d...@denx.de ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thu, 25 Jun 2009, Mike Frysinger wrote: On Wednesday 24 June 2009 20:59:11 Richard Stallman wrote: Embedded systems using core soc silicon from a number of manufacturers have started to use what is known as 'secure boot'. This is typically the case in applications which utilise conditional access system software to protect content. The emphasis on using secure boot is largely driven by the conditional access industry itself. The principal purpose of these products is to restrict the public's freedom. So it is natural that their means involve restricting our freedom too. it sure is nice to make generalities as it makes your resulting argument so much easier to digest. the companies ive worked with could give two sh*ts about end customers tinkering with their products. they're interested in keeping their product secure from other people in their respective industry and from malicious tampering for regulation/safety purposes. I would like to add that sometimes regulations EXPLICITELY require secure boot. No product can be approved without it. And this does not have anything to do with public's freedom. Just one example is gambling industry which I happen to work right now. Nobody cares about cloning or public's freedom here. What they care about is that nobody can cheat on those nice shiny machines that sometimes let a lucky person to win a multimillion jackpot. --- ** * k...@homeKOI8 Net The impossible we do immediately. * * Las Vegas NV, USA Miracles require 24-hour notice. * ** ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
k...@koi8.net a écrit : On Thu, 25 Jun 2009, Mike Frysinger wrote: On Wednesday 24 June 2009 20:59:11 Richard Stallman wrote: The principal purpose of these products is to restrict the public's freedom. So it is natural that their means involve restricting our freedom too. it sure is nice to make generalities as it makes your resulting argument so much easier to digest. the companies ive worked with could give two sh*ts about end customers tinkering with their products. they're interested in keeping their product secure from other people in their respective industry and from malicious tampering for regulation/safety purposes. I would like to add that sometimes regulations EXPLICITELY require secure boot. No product can be approved without it. And this does not have anything to do with public's freedom. Just one example is gambling industry which I happen to work right now. Nobody cares about cloning or public's freedom here. What they care about is that nobody can cheat on those nice shiny machines that sometimes let a lucky person to win a multimillion jackpot. Please point out precisely the regulations that require secure boot. Should be trivial as regulations are by definition public. I failed to understand how a secure booted machine can be updated by the manufacturer to fix a bug for example, but not by a customer. Regards, Jean-Christian de Rivaz ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thu, 25 Jun 2009, Jean-Christian de Rivaz wrote: k...@koi8.net a ?crit : On Thu, 25 Jun 2009, Mike Frysinger wrote: On Wednesday 24 June 2009 20:59:11 Richard Stallman wrote: The principal purpose of these products is to restrict the public's freedom. So it is natural that their means involve restricting our freedom too. it sure is nice to make generalities as it makes your resulting argument so much easier to digest. the companies ive worked with could give two sh*ts about end customers tinkering with their products. they're interested in keeping their product secure from other people in their respective industry and from malicious tampering for regulation/safety purposes. I would like to add that sometimes regulations EXPLICITELY require secure boot. No product can be approved without it. And this does not have anything to do with public's freedom. Just one example is gambling industry which I happen to work right now. Nobody cares about cloning or public's freedom here. What they care about is that nobody can cheat on those nice shiny machines that sometimes let a lucky person to win a multimillion jackpot. Please point out precisely the regulations that require secure boot. Should be trivial as regulations are by definition public. Do you happen to know what Google is? This is our Nevada regulations: http://gaming.nv.gov/stats_regs.htm I failed to understand how a secure booted machine can be updated by the manufacturer to fix a bug for example, but not by a customer. The manufacturer can _NOT_ update his machine at will. _EACH AND EVERY_ change goes through the same approval process. And one more hint--external hackers is _NOT_ the primary concern here. The most important task is to make cheating by casino _EMPLOYEES_ as difficult as it's possible. --- ** * k...@homeKOI8 Net The impossible we do immediately. * * Las Vegas NV, USA Miracles require 24-hour notice. * ** ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Wed, Jun 24, 2009 at 11:35 PM, Mike Frysingervap...@gentoo.org wrote: On Wednesday 24 June 2009 20:59:47 Richard Stallman wrote: their response is simply fine, we'll move on to the next= =20 guy who will satisfy our requirements. When people offer to use my programs if I relax the license requirements, my respose to them is, If you don't use my software, that's your loss. feel free to go write your own bootloader then. or improve grub2 such that it can actually compete with u-boot. then you may make these statements all you like. -mike These kind of snide comments don't address the point and it really bugs me, just like the typical political response of if you don't like 'x' then move to another country. Richard is simply explaining how he thinks and feels, his point of view. Most people are aware that it is within their rights to implement software as they so choose. Be confident enough in your opinion and viewpoint to let others opinions stand without this kind of nonsense. Chris ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thursday 25 June 2009 10:41:13 Detlev Zundel wrote: It is this certification is only possible like we say attitude which I seriously question. whether you question this attitude doesnt matter. you arent a lawyer in general, you arent a lawyer for these companies, and you arent indemnifying them. their legal review says that it's a requirement, so it is now a requirement for the software. anything beyond that is irrelevant. Now was this so hard? This is actually an important fact that it is a legal requirement for a company - thanks. As a quick web research did not help, if this is a legal requirement, then can you point me to the law which requires such a thing? nothing personal, but ... (1) you still arent a lawyer (2) i never said there was a law that stated this (3) i did say their legal team came to the conclusion that ... the law and your interpretation of it is irrelevant. customers are viewing this as a requirement and thus it's the same thing. if you think there is an image problem, then feel free to assist the GNU project in an awareness campaign. i work in the practical realm. -mike signature.asc Description: This is a digitally signed message part. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
Hi, since this threads gets more and more interesting, just a question out of my curiosity: which operating systems, that get typically booted using U-Boot are already under GPL3? I know that the license of the Boot Loader has nothing to do with the license of the booted software, what is the political benefit to put the boot loader under GPLv3, when the major OS of the software (e.g. linux) are under GPLv2? wkr, Thomas Doerfler. Wolfgang Denk schrieb: Hello, I was asked about relicensing U-Boot as GPLv3: --- Forwarded Message Date:Thu, 18 Jun 2009 09:17:28 -0400 From:Richard Stallman r...@gnu.org To: Wolfgang Denk w...@denx.de Subject: U-book and GPLv3? I really enjoy the name U-boot. What are the advantages of U-boot over PMON? Have you considered moving U-boot to GPLv3-or-later? --- End of Forwarded Message I know that we have had similar discussions before (see for example http://thread.gmane.org/gmane.comp.boot-loaders.u-boot/24029), but I would like to take the chance and re-poll what the community's opinion about this is. Comments welcome... [I intend to summarize and send this summary to RMS and post it here.] Best regards, Wolfgang Denk -- Embedded Brains GmbH Thomas Doerfler Obere Lagerstr. 30 D-82178 Puchheim Germany email: thomas.doerf...@embedded-brains.de Phone: +49-89-18908079-2 Fax: +49-89-18908079-9 ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thu, 25 Jun 2009, Thomas Doerfler wrote: Hi, since this threads gets more and more interesting, just a question out of my curiosity: which operating systems, that get typically booted using U-Boot are already under GPL3? I know that the license of the Boot Loader has nothing to do with the license of the booted software, what is the political benefit to put the boot loader under GPLv3, when the major OS of the software (e.g. linux) are under GPLv2? There is none. It is plain and simple case of paranoia that begs for clinical treatment. --- ** * k...@homeKOI8 Net The impossible we do immediately. * * Las Vegas NV, USA Miracles require 24-hour notice. * ** ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thursday 25 June 2009 14:46:10 Thomas Doerfler wrote: which operating systems, that get typically booted using U-Boot are already under GPL3? I know that the license of the Boot Loader has nothing to do with the license of the booted software, what is the political benefit to put the boot loader under GPLv3, when the major OS of the software (e.g. linux) are under GPLv2? typically the operating systems that u-boot would load are in the opposite licensing direction, i.e. BSD or commercial variants none of which require releasing any real details let alone restrict usage. i'm not aware of any OS that is under the GPL-3. ironically, it seems even GNU/Hurd is GPL-2. -mike signature.asc Description: This is a digitally signed message part. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
k...@koi8.net a écrit : Please point out precisely the regulations that require secure boot. Should be trivial as regulations are by definition public. Do you happen to know what Google is? Yes, thanks :-) For example this document have the term secure boot: http://www.dcg.virginia.gov/supplier/sup-rules/standards.shtm The wording is this one: D. Electronic Bingo [...] 3. [...] Security measures that may be employed to comply with these provisions include, but are not limited to the use of dongles, digital signature comparison hardware and software; secure boot loaders, encryption, and key and callback password systems. The term secure boot is listed as a possibility, not as a requirement. Now I don't have the time to parse every possible document that Google propose. This is why I politely ask a precise example, as I was under the impression that some peoples know very well this subject. This is our Nevada regulations: http://gaming.nv.gov/stats_regs.htm I don't have the time to parse all the documents listed at this URL, but I downloaded the one I suspect is the more relevant: http://gaming.nv.gov/stats_regs/reg14_tech_stnds.pdf And I cannot found secure boot into it. I failed to understand how a secure booted machine can be updated by the manufacturer to fix a bug for example, but not by a customer. The manufacturer can _NOT_ update his machine at will. _EACH AND EVERY_ change goes through the same approval process. Still, technically the hardware have only two possibility: 1) it can be reprogrammed. 2) it can't be reprogrammed. If 1), I dont' see how the a boot loader can't be replaced by a less secure one and let boot anything. if 2), there is not point as nobody can possibly make any update, so the firmware don't have to be secured. Regards, Jean-Christian de Rivaz ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thu, Jun 25, 2009 at 12:48:12PM -0400, Chris Morgan wrote: These kind of snide comments don't address the point and it really bugs me, just like the typical political response of if you don't like 'x' then move to another country. Actually, it's more like repeatedly telling a telemarketer, Sorry, I'm not interested. -Scott ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thu, 25 Jun 2009, Jean-Christian de Rivaz wrote: k...@koi8.net a ?crit : On Thu, 25 Jun 2009, Jean-Christian de Rivaz wrote: k...@koi8.net a ?crit : Please point out precisely the regulations that require secure boot. Should be trivial as regulations are by definition public. Do you happen to know what Google is? Yes, thanks :-) For example this document have the term secure boot: http://www.dcg.virginia.gov/supplier/sup-rules/standards.shtm The wording is this one: D. Electronic Bingo [...] 3. [...] Security measures that may be employed to comply with these provisions include, but are not limited to the use of dongles, digital signature comparison hardware and software; secure boot loaders, encryption, and key and callback password systems. The term secure boot is listed as a possibility, not as a requirement. Now I don't have the time to parse every possible document that Google propose. This is why I politely ask a precise example, as I was under the impression that some peoples know very well this subject. This is our Nevada regulations: http://gaming.nv.gov/stats_regs.htm I don't have the time to parse all the documents listed at this URL, but I downloaded the one I suspect is the more relevant: http://gaming.nv.gov/stats_regs/reg14_tech_stnds.pdf And I cannot found secure boot into it. Are you looking for a precise phrase? I want to look deeper into the subject. I think that if a regulation make a technical point as a requirement, then it must more or less describe the technical point so that it can be implemented is a way it work as expected. As an engineer, I think that a secure boot is only a buzz word: if the system can be physically modified, it can't be secured. If it can't be physically modified, then you don't need a secure boot. It is not just technical measures; it is a complex of them and different operating procedures. When you hit a jackpot the machine should be immediately stopped (hang) in that state and nobody should touch it. Then a controller comes into the scene. He pulls all the EPROM chips from the machine and checks them with MD5 or whatever is approved and checks every single piece of programmable hardware with some procedure approved for this particular model. That would not prevent a cheating casino employee from replacing some EPROM chip (or whatever) with his own one but it will NOT allow for stuffing the original one back once the jackpot is hit so the cheating will be detected. That's only one example... I failed to understand how a secure booted machine can be updated by the manufacturer to fix a bug for example, but not by a customer. The manufacturer can _NOT_ update his machine at will. _EACH AND EVERY_ change goes through the same approval process. Still, technically the hardware have only two possibility: 1) it can be reprogrammed. 2) it can't be reprogrammed. If 1), I dont' see how the a boot loader can't be replaced by a less secure one and let boot anything. if 2), there is not point as nobody can possibly make any update, so the firmware don't have to be secured. You are trying to make sense out of the regulations. It doesn't work this way. If regulations say one must use a screwdriver with a red handle on this screw one must use the red screwdriver. No matter if it makes sense or not. If you feel it's bullshit you should fight for the regulation to change that is a very long (years, not months) and very difficult process. In the meantime you _MUST_ use that red screwdriver. Then you should read not only technical part but also a procedural one on how approvals are given. You must persuade the Commision to give you an approval. And they give them at their discretion. And you can NOT sue them. In this second part, I don't make reference to regulation. I only talk about the technical problem of reprogramming a system. Ah, that's absolutely orthogonal issue... We do NOT do something stupid from engineering standpoint because it makes sense (and quite often it doesn't) but because the regulations and the Commission's understanding of them requires that. Yes, many of those are stupid and outdated but they do a good job anyways; there is not that much cheating in our casinos. Finally don't forget that your employees all want to get their salary paid and that comes from your business revenues. No approval == No business. Good luck fighting regulations. Why do you think I want to fight regulation ? I actually be more concerned about understanding how a proprietary hidden piece of code into u-boot can possibly make a system satisfy a security regulation. It is not just hardware/software. The latter is only a part of solution. It is NOT the machine that pays that jackpot, it is real humans. There is no way to make the system
Re: [U-Boot] U-book and GPLv3? (fwd)
On 20:59 Wed 24 Jun , Richard Stallman wrote: I can assure you that today If we switch the V2 to the v3 we will lose a lot of customers Are the users of U-Boot usually customers? That term normally refers to people that buy a commercial product or service. This where I disagree my customer are firm that will hire me or buy me something too. In this case the firm can require for their business secure boot. You only see the one part of the business and the world. And force to give the private key which use to sign the code is not reallist it's a security flaw I have a computer on which I can install any code I choose. I don't think that is a security flaw. For your personnal computer fine, but all products will not have the same requirements or targets. On the contrary, if only one company can install a new version, that is a grave security flaw for me as a user. If I use a GPLv3 bootloader in a medical tool, a car, Point of payment terminal, Military System, etc... it is a grave security flaw. I'm not sure that you will be very happy if someone can modify the Firmware freely. As you may loose money to be killed and at the extrem kill millions of people. I do not think the v3 is a benefit. I'll never accept the concept to an opensource licence that will force me to use a software in a specific way that someone will choose for me as do the v3. It will be freedom kill. Here you try to restrict people freedom because you do not like what they do. It will result as the same as live in jail. Please remember I can create what product I want with opensource component I'm free to do it If I accept the fact ot reverse code to the community or at least to your customer. I think you take the problem in the wrong way. You want to be able to do what you want with your hardware fine so do not buy non upgradable hardware. Help people as I to convince firm to develop - when it's possible - full opensource product as the openmoko, beagle project etc... In this case it will be a win-win in the otherway it's extremist, business and freedom kill In France we have this la liberté de chacun s'arrete ou celle d'autrui commence you can transalte by something like this Your freedom will stop where the freedom of someone else will start So the GPLv3 no Best Regards, J. ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
Re: [U-Boot] U-book and GPLv3? (fwd)
On Thu, 25 Jun 2009, Jean-Christian de Rivaz wrote: k...@koi8.net a ?crit : I downloaded the one I suspect is the more relevant: http://gaming.nv.gov/stats_regs/reg14_tech_stnds.pdf And I cannot found secure boot into it. Are you looking for a precise phrase? I want to look deeper into the subject. I think that if a regulation make a technical point as a requirement, then it must more or less describe the technical point so that it can be implemented is a way it work as expected. As an engineer, I think that a secure boot is only a buzz word: if the system can be physically modified, it can't be secured. If it can't be physically modified, then you don't need a secure boot. It is not just technical measures; it is a complex of them and different operating procedures. Yes, I known that. But here we specifically talk about u-boot. You still failed to show a description of how u-boot can be modified to secure a system and why this must be a hidden proprietary code. I failed to understand how a secure booted machine can be updated by the manufacturer to fix a bug for example, but not by a customer. The manufacturer can _NOT_ update his machine at will. _EACH AND EVERY_ change goes through the same approval process. Still, technically the hardware have only two possibility: 1) it can be reprogrammed. 2) it can't be reprogrammed. If 1), I dont' see how the a boot loader can't be replaced by a less secure one and let boot anything. if 2), there is not point as nobody can possibly make any update, so the firmware don't have to be secured. [...] Ah, that's absolutely orthogonal issue... We do NOT do something stupid from engineering standpoint because it makes sense (and quite often it doesn't) but because the regulations and the Commission's understanding of them requires that. Yes, many of those are stupid and outdated but they do a good job anyways; there is not that much cheating in our casinos. You seem to agree that a secure boot is maybe not more that only a marketing word... No, this does not have the same strict meaning as #6-32x1/2 slotted head steel zinc plated machine screw. It is a set of different features. Here is e.g. a Freescale's whitepaper on one of their SoCs: http://www.freescale.com/files/32bit/doc/white_paper/IMX31SECURITYWP.pdf [...] Why do you think I want to fight regulation ? I actually be more concerned about understanding how a proprietary hidden piece of code into u-boot can possibly make a system satisfy a security regulation. It is not just hardware/software. The latter is only a part of solution. It is NOT the machine that pays that jackpot, it is real humans. There is no way to make the system unbreakable and impossible to cheat on. That's why an additional layer of security is being able to DETECT that system had been cheated on. So why using open source at all if you think that hidden code is a way to make a system more secure ? It highly not consistent ! Who is talking about hidden code? It can be open source. And quite often it is. And most of that code, BTW, is written by the people who are paid to do it. If you want to make us drop U-Boot and write our own firmware no problems, that's just additional job security for us. But don't expect all those people to do anything on U-Boot and forget about their contributions. --- ** * k...@homeKOI8 Net The impossible we do immediately. * * Las Vegas NV, USA Miracles require 24-hour notice. * ** ___ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot