Some blobs more equal than others?

I think someone on this forum said that old video games, because they are stored on a non-modifiable ROM (on a cartridge or disc), are acceptable to them. I disagree with that.

Personally, my take on it is that not being modifiable is not OK. It's better than proprietary software that can be changed and potentially introduce new malicious features, but still ultimately not good. I think the FSF says it's acceptable more to avoid being called "extremist" by others than out of some reasonable truth.

I recall that in a topic on the OpenPandora boards while I was still there, there was a topic about the Raspberry Pi developers thinking of making the Pi "acceptable" in the view of the FSF by putting the proprietary software required to boot it (a GPU blob or something) in a ROM, or otherwise making it non-modifiable. Someone on the boards suggested that they might have been planning to do some damage to the NAND memory it's stored on so that it couldn't be modified; I don't really understand the technical details. In any case, I think this action would not cause the Pi to cross the line to "acceptable". It's one thing when, due to the cost of modifiable memory, you use ROM instead, for example, and then decide that there's no point in distributing the code because of that. It's another when you deliberately remove the possibility of modifying it.

Regarding software stored on CDs, I think a major distinction here is that the software doesn't stay on the CD; it's installed to the hard drive. Also, the data can be easily taken off of the disc and then modified, and the modified version can be either burned to another disc or executed from the hard drive.

Regarding a computer that has Windows burned to a ROM, that would be indistinguishable from e.g. a BIOS burned to a ROM. Like I said, I don't really agree that this is acceptable, but it is better than Windows being on a modifiable disk.

> This
> question comes from a difference perspective however, software stored
> on a non-rewritable ROM which nobody can modify once wrote to, and why
> are they acceptable but non-free blobs are not?

The blobs that can be changed are software. The parts of chips that
aren't implemented as ROM are clearly hardware and the software freedoms
don't apply to them: making modified chips is beyond a single user's
budget, being allowed to doesn't change much. This argument applies to
ROM too since it cannot be modified without making a new chip (although
it could be cheaper for PROM, not sure if it's an important difference
here: making a motherboard is expensive too and the blank chips might be
difficult to obtain, imagine ARM SoC bootrom, not a separate PROM chip).
So there is no difference in freedom between ROM and circuits for
software users. (ROM can also be implemented in the same way as other
parts of the chip, making it equally hard to replace.)

> So I agree that when a program is on a ROM there is no point to having
> the source code anyway since it can't be changed without changing the
> physical piece of hardware, but this begs the question, where do we
> draw the line for when source code must be free and when it doesn't in
> the terms of a ROM.

Having the source is useful in some cases. There is a related problem:
we cannot know that it is the corresponding source, maybe backdoors were
added by the manufacturer and not published in the source.

> For example, a CD is a ROM. You can't change it, to try to do so would
> simply destroy the CD. So if I distributed a program that ran from a
> CD-ROM it would be okay to not provide the source code because it
> can't be changed anyway?

It's easy and cheap to buy and write a copy on a CD-R.

> What draws the line for the difference
> between a CD with a program and a ROM with a BIOS, or firmware for a
> GPU, or whatever it is.

A CD is a medium used to distribute software, a ROM with BIOS is usually
integrated into a computer. Users buy a software copy in one case, a
hardware device in another.

> Does this also mean that it would be okay for
> Microsoft to provide a copy of Windows on a PC loaded from a ROM
> rather than a hard disk? Of course they wouldn't be able to update it
> without changing the ROM physically, but is this okay? Under the terms
> that seem acceptable to the FSF I would assume yes?

It could be literally true if it's a real ROM (now signed flash is used
for this purpose). This might be a malicious program: it's the same as
if it was hardware, it shouldn't be used for this reason. (It's what
RMS writes about phone baseband firmware, while replacing it won't free
us of carrier surveillance.) I'm not sure what business model could
Microsoft have for Windows without software installation.

> I don't think it
> is though, so what draws the line of running something like Microsoft
> Windows in a ROM vs running a BIOS, firmware or anything else. All are
> programs, the only difference is they are different types of programs.

I think there is no clear line: having completely free software that can
be replaced (on disk or flash) doesn't solve all freedom problems.
Problems with network services controlled by others won't be solved in
this way.

> Looking for an answer to this the best I could find this this blog
> post which of course, does not answer the question, at least not in
> the terms that I understand. It seems that the blog writer was
> wondering too, just like me why blobs in a ROM is okay but not in the
> kernel.

Do you have an URL of the post?

I think you're misunderstanding the fsf. I'm not an expert, but here is my point of view.
The point is:
whenever software is on a rom and it's not modifiable, yes, the fsf doesn't consider it as software and the four freedoms don't apply.
BUT the fsf raises the next question to all things which aren't considered to be software:
does it contain malicious features / restrict me in any other way?
As far as I heard, they care about this topic as well.

Onpon4 mentioned someone who called old video games acceptable. I think that was me.
I think they're like a cd which I insert in a cd player. There is no possibility to restrict me as a user (no internet connection, private data etc), thus it seems acceptable to me.
I bought the console just for this issue: playing the games.
So I can accept not being able to modify the games.

First of all, how do I quote when I make a reply, a bit of a noob question but I don't know how to use the forums platform trisquel forums use, I'm use to phpBB lol.

Anyway, back on topic:

"I think someone on this forum said that old video games, because they are stored on a non-modifiable ROM (on a cartridge or disc), are acceptable to them. I disagree with that."

Completely agree, the point is people can't make a cartridge for the n64 so having the source code isn't of much use to you and me, although nowadays with emulators and the like the source code may be more useful now than it would have been when the nintendo (or whatever other game system) first came out.

"I think the FSF says it's acceptable more to avoid being called "extremist" by others than out of some reasonable truth."

This makes sense, though they should make it more clear to say that it's "more acceptable" for the reason that additional malicious features can't be implemented at a later date rather than saying it just "acceptable" since it makes things not add up too well, if that makes sense.

In regards to the raspberry pi, it was the GPU Blob I remember reading about it somewhere, just to clear things up.

"Regarding software stored on CDs, I think a major distinction here is that the software doesn't stay on the CD; it's installed to the hard drive. Also, the data can be easily taken off of the disc and then modified, and the modified version can be either burned to another disc or executed from the hard drive."

This is true, but I could say the same with any ROM. Even though the ROM that may hold the BIOS for my Dell I may still find the code useful and may wish to modify it for use on my HP for example, so I still don't really see a line other than one is used for distribution the other is used as part of the machine, but both still contain useful software.

"Having the source is useful in some cases. There is a related problem:
we cannot know that it is the corresponding source, maybe backdoors were
added by the manufacturer and not published in the source."

This is true, which is why I think it's ever more important to not distribute anything in such a way, instead let the user modify it.

"I'm not sure what business model could
Microsoft have for Windows without software installation."

I don't think this would happen anytime soon, I was just trying to make an example wondering to show that one ROM'd system is no better than another.

Anyway let me put it a different way. Should we expect to have access to the code that runs on your watch or microwave oven? I don't think it's too important for the most part. Take a digital watch for example. Assuming it doesn't have some sort of cell module that chimes back to a cell tower that spies on me, just a simple watch, what's the worst the developer could do? Tell you the wrong time???

In that case you'd just go get a new watch, or if it were an expensive watch demand a new one, this one is defective. So for a watch, or a microwave is another example, not having the source code, and having it loaded into a rom rather than modifiable memory is fine.

So is there a line there? If so, what would it be? If it's not connected to a network it's fine? That can't be so because I agree with the example of the games that onpon4 gave. Perhaps the line should be it's okay to have it loaded in a rom and not have access to the source only if the developer can't exercise unjust power over you, but that would beg the question what would unjust power be?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This is a very interesting topic.

Just because a program is non-modifiable, doesn't mean that it respects your freedom. Quite the opposite, in fact. The whole point of free software is to have the freedom to do your computing as you see fit. If a program is non-modifiable, this isn't possible.

I don't know what the solution is. Maybe we should be against ROM chips? If all chips in a PC were flashable, and all the code that runs on these chips was available under a free license, it would be much easier for users to verify that there are no backdoors or malicious features.

(Side note: I don't consider whether or not a program has access to the internet to be a factor in whether or not it respects freedom. A program that runs locally and makes no network connections can still be malicious).

Of course, if the FSF took a hard stance against non-modifiable ROM, it would raise the interesting question of whether a ROM program is more or less free than an electronic circuit. After all, programs can be implemented with basic logic gates. There's clearly a line-drawing issue here somewhere.

I don't buy the argument that CD-ROMs are different to BIOS chips wrt freedom. Yes, CD-ROMs often contain installers that copy programs to a hard drive, but they needn't, and don't always. It's entirely possible to run a binary directly from a CD-ROM. Should we accept proprietary software in this form simply because it cannot be modified? Of course not, and neither should we when it is distributed in the form of a ROM chip in a computer. (Also what about swappable chips?)

Wrt old video game cartridges, it's a slightly different issue, but interesting nonetheless. I see the logic in comparing it to an audio CD. Insert and play, no loss of freedom. Or is there? When does something cease to be mere data, and become a program? The simplest definition is when that data is arranged in a format that would cause any commonly available processor to execute parts of its instruction set - which is exactly what a game cartridge does. An audio CD doesn't contain instructions, merely encoded audio data.

I love topics like this - most would say it doesn't matter, but I find these issues intriguing. Thoughts?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iF4EAREIAAYFAlHjGKUACgkQgijxUCZnvltjtQD+Jxb6gxRpLVWt7VMurt8NVaBb
34ovK2WeTxDqwRkl4/UA+wUfUlxJZC1wWSVKXb0cDd6cM7LRvjww0gTg3MOkBlqw
=y0M8
-----END PGP SIGNATURE-----

Lets see if I get this quoting thing right. I guess it's more like email, makes since too I guess since I read on the forum index this is linked with a mailing list? Anyway, First to andrew:

>> Hey! Are you jsbean on phpBB.com? (I used to frequent there as well).

Yes I was jsbean on phpBB.com. I actually got my name changed to jsebean since jsbean was a typo. My real name is Jonah Sabean, jsebean (with an e) was the username my school gave me for the computer network login, this misspelled my last name and I've used it ever since lol. I use jsabean here because i registered jsebean but forgot the password and the email address I used doesn't work at the moment, a long story. Anyway I like reading back on stuff I posted on phpBB.com, gives me things to remember and shows how much I've learned since then lol. I haven't been there for a while now due to the hustle and bustle of life.

Anyway back on track. You mention DVDs and DRM and I think you're still on topic, it's another good example and makes more sense than some of the examples I gave haha.

To lloydsmart,
>> I don't buy the argument that CD-ROMs are different to BIOS chips wrt freedom. Yes, CD-ROMs often contain installers that copy programs to a hard drive, but they needn't, and don't always. It's entirely possible to run a binary directly from a CD-ROM. Should we accept proprietary software in this form simply because it cannot be modified? Of course not, and neither should we when it is distributed in the form of a ROM chip in a computer. (Also what about swappable chips?)

This is the exact reason why I don't see the difference between any ROM, be it CD, on the hardware or swappable. I'll provide an example:

I'm not sure how many here has read the GNU GPL v3 (I have to be honest, I've never read v2 thoroughly, though I've done my best to read and understand v3). In section 6, a paragraph reads:

>> If you convey an object code work under this section in, or with, or
>> specifically for use in, a User Product, and the conveying occurs as
>> part of a transaction in which the right of possession and use of the
>> User Product is transferred to the recipient in perpetuity or for a
>> fixed term (regardless of how the transaction is characterized), the
>> Corresponding Source conveyed under this section must be accompanied
>> by the Installation Information. But this requirement does not apply
>> if neither you nor any third party retains the ability to install
>> modified object code on the User Product (for example, the work has
>> been installed in ROM).

Let's say I make a GNU/Linux distro that I burn on a CD or DVD designed to be used for recovering PCs (such as you screwed up your boot loader, I know I've done that lots of times lol). It's not an installable distribution, it's simply intended to be booted live from the CD and used to recover a system, or any other use you may have to run from a CD rather than install on hard disk. If I understand correctly then, since I'm just distributing the OS on a CD-ROM and it's not modifiable by nature like it would be if it were installed on a disk, I'm not obligated to provide the source code according to this section of the GPL, since it's a ROM and not modifiable by anyone once burned. To try to modify it would just render it useless.

Yet some of my software I put into this may be useful for others to use. Even though it is not possible for you to change the CD-ROM you got from me, you could make your own if you could obtain the source, or use it in any other project, not necessarily one similar to mine (that's the point of free software). For this reason, I think this part in section 6 of the GPL should be totally removed if it really strives to be a free license, because I think this is a non-free provision.