Comment by Galanwe
5 years ago
The article really mixes up "being free" and "having FSF validation".
While having FSF validation is indeed some kind of proof of due diligence, in the end what really matters is the trust that users place in the project itself in following their guidelines.
I do not have a particularly strong trust for the (modern) FSF, so their validation adds nothing, IMHO, in my trust in Purism.
In fact, having FSF validation doesn't prove anything but rather may be detrimental, because the FSF validation has built-in backdoors, and Purism took full advantage of them - reducing user freedom in the process.
Thread on how the Librem 5 is explicitly designed to hide proprietary blobs from the user in order to gain RYF certification (where having those blobs readily accessible would be strictly an improvement in freedom, as it would mean you are free to verify their contents, audit them, and potentially replace them with a free version if you develop one):
https://twitter.com/marcan42/status/1040626210999431168
Make no mistake, Purism has gone quite far down the freedom marketing religion path laid down by the FSF. They no longer care whether you're free or not, they care that you believe you're free.
If you have blobs, stick them in /lib/firmware. Don't go hiding them in separate flash chips that I can't audit or rewrite just so you can slap the FSF's meaningless "the main CPU didn't touch any blobs (except the bootrom but we don't talk about that) so it doesn't have the digital cooties" rubber stamp on your device.
You are wrong, from https://ryf.fsf.org/about/criteria :
"We want users to be able to upgrade and control the software at as many levels as possible. If and when free software becomes available for use on a certain secondary processor, we will expect certified products to adopt it within a reasonable period of time. This can be done in the next model of the product, if there is a new model within a reasonable period of time. If this is not done, we will eventually withdraw the certification."
Do they actually enforce that, if the device can either have a proprietary blob that is user-updateable, or a proprietary blob that is not user-updateable, it must use the design where the proprietary blob is user-updateable? Because other claims by the FSF (namely, that non-updateable blobs can be treated as part of the hardware) directly contradict that.
This thread is just wrong. You can modify the blobs if you need to: https://forums.puri.sm/t/does-respects-your-freedom-certific....
The Librem article I linked in my thread clearly states:
https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-hurd...
> The SPI flash will be read only so the firmware blobs can’t be modified without the user knowing.
The post you link to is full of wishy-washy fluff, but does not answer the direct question that the user posed in the OP, about the DDR timing code flash being writable.
4 replies →
I'd say the FSF has a better reputation than most organisations in this space, and certainly a more established one than Purism does. Here in this thread there are a lot of people criticising them for being "too dogmatic" or for applying their rules too inflexibly, which IMO is proof that they take a firmly principled stance - which is exactly what's needed to validate something like this. A group that's willing to bend would soon end up being meaningless.
Why do you have no strong trust in modern FSF?
It's hard to answer this without potentially starting a flame war. I can see that some comments start to explode already. Still, let me try to explain my mistrust constructively.
Let me just start by saying that trust is a very personal feeling. We give trust to others based on criteria that are different. I completely understand that my points listed below are not relevant trust indicators for others.
That being said, I have 2 main mistrust issues with FSF:
1) Leadership
I had various occasions to interact with RSM over the years, in various contexts. I do not have a fond memory of those interactions.
- I remember someone which is very difficult to have a real conversation with. Very childish and binary in his view of the world. Prompt to not listen to arguments, talking louder than others, turning arguments into jokes, etc.
- I worked and know plenty of people who worked with him in various academic labs where he's been invited to give talks or work on subjects. The same complaints emerged all the time: he would grossly hit on female PhD students (just enough to make them uncomfortable), always tried to be hosted by someone and would not even shower there, very rarely participate in the big picture of why he was invited (e.g. He would lock himself in a room for 2 days straight to fix some esoteric emacs bug on an archaic platform, instead of just organizing seminars on free software and participate in discussions), he would act in very narcissistic ways (e.g. After proposing to go to a restaurant, he would then propose - and insist grossly - to pay the bill with his autograph on a printed copy of emacs source code). He would constantly rant on closed source computers and cell phones, but will gladly borrow anyone's phone to make international calls. I stop here because I just have too much random echos of his not-so-pleasant behavior.
Overall most of my personal interactions with RSM, as well as friend's recollections picture him as gross, childish, and narcissistic.
Now RSM himself is not the FSF as a whole, but I have a hard time trusting an organization that is so centered around a single individual which embodies traits that I do not appreciate.
2) The organization members
I did not have direct relation with other FSF members, but I have been contributor to projects where the FSF intervened (or tried to) in the governance.
Most of the time, the FSF members were never contributors to the projects. Yet they were the one trying to dictate the tone and direction, and act like they owned the projects based on their moral high ground.
This has led me to associate FSF members as some kind of a self proclaimed elite class of zealots, exempt of technical knowledge and actual contributions, but still willing to be heard.
This goes directly against my view of governance of open source projects, in which I believe the actual contributors should be ones to set the tone and direction of the project, because they are the one building it.
---
Again, all this is mainly personal feelings, so I don't want to look like I'm trying to influence others into distrusting FSF.
I understand that my interactions with RSM were in a certain context and that he maybe could be a very pleasant person in a different situation. And I also understand that my interactions with other FSF members were limited to the projects I contributed to, and there may be thousands of others where they were helping and constructive.
I'm a strong believer in "free software" as RMS defined it, and I give the man a lot of credit for getting the movement started. However, my few interactions with him were not pleasant, although I did have an interesting conversation with him once about promoting the environmental benefits of hardware running free software.
My main problem with the FSF has been more in terms of poor strategy in terms of how it engages with the software and hardware industry, rather than the philosophical vision.
A lot of FSF members I know are active contributors and are fairly reasonable, that said it definetly seems like the milage can vary wildly across the community. I have seen the type of behaviour you describe online but not much in person.
As for RMS, every interaction I have had with him.has been rough at best. I mean he is definetly right about the issues of software but him as a person can be very difficult at the best of times.
1. RSM is not part of modern FSF 2. Governance of free software projects has nothing to do with the competence of the FSF to define criteria for hardware that respects your freedom
It's RMS dear boy!
Has the FSF validation process changed recently?
I have no idea whether the internal process at the FSF changed or not, but the rules are the same for the FSF endorsing a distro and giving its Respects Your Freedom certification to a piece of hardware.
This page has stayed the same: https://ryf.fsf.org/about/criteria
However, I raised a question about how to interpret the RYF criteria with regard to proprietary firmware updates, and I'm hoping the FSF will clarify the RFY criteria in a way that allows proprietary firmware updates for components that don't execute on the main CPU cores. See: https://forums.puri.sm/t/does-respects-your-freedom-certific...
I always forget which are the actual free software guys and which are the businesses that use linux guys... I think FSF are still the good ones right?
Though that thing about the FSFE office in Germany yesterday... Hopefully it's just a dude and the office he runs rather than the organization as a whole.
It is better to keep unrelated issues separate. The alleged FSFE issue you mention has little to do with trusting the FSF to accurately evaluate a free software stack.
If anything, slightly grumpy old school guys (again, alleged) are much better at rejecting corporate influence than the new people whose politics are literally bankrolled by corporations.
> [again, alleged] slightly grumpy old school
I'm not associated with FSF specifically, but as a card-carrying grumpy old-schooler, I object to your vaguely-defamatory characterization of them[0] as "slightly" and "alleged".
Edit: 0: RMS et al, that is, not the business linux people.
That's a false dichotomy. There are plenty of non-grumpy people who are good at rejecting corporate influence. I know of hundreds.
FSFE is a legally distinct entity from the FSF.
If the FSFE has problems, it's likely the FSF has them too, and vice versa. I don't want to get into this, really, but the cultural issues that allow these things to happen aren't one-offs; they're a known failure case of the specific, somewhat toxic brand of hacker culture that's been in Free Software circles since the early days.
(I think hacker culture in general is great, but, to use an analogy, there's a buggy implementation going 'round.)
1 reply →
> Though that thing about the FSFE office in Germany yesterday.
What are you referring to?
Probably https://write.as/malinagalina/i-took-fsfe-to-court.
1 reply →