[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: more evil firmwares found

Ryan Underwood wrote:

> On Fri, Apr 23, 2004 at 11:39:44AM -0300, Humberto Massa wrote:
>> The answer to those questions are:
> [..]
> That was exactly my point.  It is completely subjective.  Making a
> blanket statement that all (PNG,WAV,...) are software without source is
> the same as making a blanket statement that all binary blobs are
> software without source.
> By your claims, at least some of the former (PNG,WAV,...) do not require
> extra source material, even though they are software, because they are
> judged to already be in the preferred form of modification.  Doesn't it
> stand to reason that at least some of the latter, even if I assume that
> they are software (which seems to be the popular assumption to make),
> would also not require extra sources, because they happen to also be in
> the preferred form of modification?
Yep.  I have not complained about those which are not obviously microcode. 

> The only possible circumstance in which the binary-blob would not be the
> preferred form of modification is if we had a tool that would generate
> it from a more abstract definition.
Putting burden of proof in the wrong place, again.  At the very least, if it
looks and smells like machine code, and I have no evidence that it isn't,
I'm going to assume it is.  Anything else would be stupid.

>  In order to determine if we had
> such a tool, we would first need to place a conclusive identification
> on the binary blob.
How about the label "microcode (from ATI)"?

Anyway, perhaps you're thinking too abstractly.

For any given blob, the question is "is this the preferred form for
modification?"  If it looks like it's a large quantity of microcode, then
given that almost nobody hacks large quantities of microcode in hex, we
figure it's probably *not*.  If it looks like it's something else, we deal
with that in the way that's appropriate for that.

> Pinning the determination of whether or not something is in a preferred
> form of modification on whether or not we have knowledge of a tool that
> generates such files seems silly.  The knowledge or lack thereof of such
> a tool does not confirm or preclude its existence, if we do not have
> said tool in our hands to verify such claims.  Also, if we went this
> route, a binary-blob which was previously free could be rendered
> non-free by a vendor suddenly creating a tool which generates such
> blobs.  Would that make any sense at all?
No, that's not right at all.  It's a *particular* blob we're talking about,
and it's the factual question of whether it is the preferred form for

In the cases which have been removed, I haven't met anyone who's admitted to
modifying the 'blob' form of microcode, and it's a form which is almost
always modified in a different form.  (If people said "Oh yeah, we modify
the hex," that would be factual evidence that it *was* the preferred form.)  

In contrast, in the case of the various lookup and transformation tables in
the sound drivers, which are *also* hex blobs, their creation is
documented, and I can believe (in some cases) that they are modified by

> Of course, this all only applies to software under the GPL, to determine
> whether it is actually legally redistributable or not.  The lawyers can
> have their field day with that one.  The preferred-form-of-modification
> clause does not exist in DFSG, so I was contesting the idea in general
> that we seem to be considering programs and supporting materials all as
> software, and requiring source code for the whole lot else going to
> non-free with it.  I don't see how DFSG#2 makes sense outside of the
> program itself, which actually executes on the machine.  Indeed, even
> the DFSG is making a distinction between "software" and "program",
> mentioning "software" in the phrase "Debian will remain 100% Free
> Software", and then in DFSG#2, "The program must include source code".
> The program is implied to be a subset of the software in those terms.
> Which only makes sense.

The firmware hunks we're talking about are definitely executable programs,
though.  Nobody has actually claimed that they aren't.  Although some
people have claimed that "we don't know", we're actually pretty sure.  So
Debian requires source for them to go into 'main'.

>> I posted something that was refuted in this point: the interpretation
>> that goes here seems to be: Debian is comprised of nothing but hardware;
(as the author's previous post says, that's "nothing but software", of
>> We promise to make all of it free; it's not all free today, but we are
>> trying. Ah, and non-free is not part of Debian.
> What I meant was that if programs==software, then there are other things
> besides free software in Debian (supporting materials), which makes the
> statement "Debian is 100% Free Software" false, even though the
> statement can be forced true with some "theoretical machine" pedantry.
> If programs(=software, then the given statement is true, if we consider
 Do you mean != perhaps? or <= ?
> non-executable supporting materials not to be software.
 Do you mean "to be software, but not to be programs"?

> Which one makes more sense?

Well, your statement as given confused the heck out of me, but if my
'corrections' are correct, then indeed the latter one (software is a
superset of programs) makes more sense.

There are none so blind as those who will not see.

Reply to: