libreplanet-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libreplanet-discuss] Claims about Purism need backing: sources, quo


From: address@hidden
Subject: Re: [libreplanet-discuss] Claims about Purism need backing: sources, quotes, further explanation
Date: Sun, 28 Apr 2019 12:37:57 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0

On 04/27/2019 06:42 PM, J.B. Nicholson wrote:
> address@hidden wrote:
>> You're right, sometimes I get intensely bothered by them and their
>> dishonesty, apparent leverage over the FSF, insults of legitimate
>> companies etc.
>
> I think we all deserve sources and quotes to back up your assertions.
> Exactly what leverage does Purism have over the FSF?

Money, they donate and I assume that is how they managed to convince the
FSF to certify their debian clone PurOS, advertise their not actually
special phones and all but endorse them.

The FSF somehow believes even despite being told by the experts to the
contrary again and again that their products are special and has
repeatedly said stuff like "Makers of fine free hardware" only to later
claim it is a mistake in the classic todd weaver style.

Everyone is misunderstanding me and my goals, I want them to be honest
and apologize for what they have done not go out of business - what is
so unreasonable about wanting honesty? About wanting them to be up
front? not hide the truth in the fine print and technical lingo that no
one understands not even the FSF's people.

They have set the freedom hardware movement back years by convincing
people via slick marketing that new x86 hardware can somehow be freed
when it can't, it simply can't and you don't need to have a PhD to
understand how difficult it would be to reverse engineer intels hardware
in a timely manner and not get sued or shut down via DMCA for illegally
bypassing a hollywood DRM mechanism.

> Where can we find
> these insults of legitimate companies (presumably made by Purism), and
> what exact text do you find to be insulting?


Here are informative links for you.

https://goblinrefuge.com/mediagoblin/u/onpon4/m/what-purism-s-road-to-fsf-ryf-endorsement-chart-should-look-like/
https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/
https://web.archive.org/web/20161010040458/https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/

https://puri.sm/faq/
"Libreboot is a downstream distribution (or fork) of coreboot which
doesn’t allow non-free binaries (“blobs”), and only supports a small
number of devices, the vast majority of which are over 10 years old.
Libreboot also doesn’t “keep track” with coreboot; its most recent
release is from mid-2016, whereas coreboot’s is late 2018."

This implies that old is useless which it isnt, also libreboot devices
are not 10+ years old! "keeping track" of coreboot wouldn't make it
better either, neither also has a "release" since that isn't how open
source software projects work.

https://web.archive.org/web/20161010100959/https://blogs.coreboot.org/blog/2015/08/09/the-truth-about-purism-behind-the-coreboot-scenes/
"Lug around a heavy old IBM thinkpad? Or the sleek new beautiful
productname15"

Later after people complain and it comes to the attention of the media
todd claims it was a mistake, another in a long line of "mistakes".

"Ouch, that is not an approved tweet. I asked to have it removed, since
I am a big fan of what Gluglug did/does. And we provide it as an
alternative from our own website."

There have been others but this is the only one I still have a link to.

They pressured coreboot to have these removed and now mentioning purism
in any negative light on the coreboot mailinglist will have you
moderated and threatened with a permanent ban.


>
>> They sell "libre" laptops that have the hardware init entirely performed
>> via the Intel FSP binary blob, their website is dishonest and not up
>> front and even the name "Libre-M" is dishonest. They claim the ME is
>> disabled although the kernel and hw init code still runs.
>
> I think your point here could use some expansion: is it possible for a
> program running on the OS to get data to and from the ME? If so, how is
> this different from having an ME work like it does on most modern
> Intel-based computers?

The ME DMA device can read any and all memory, connect to devices etc
and is exempt from IOMMU restrictions.

Normally of course they shouldn't be chatty but the point is that they
claim it to be disabled whilst it isn't so any theoretical backdoor is
still there and can activate the management functions of a nic or run
arbitrary code on the OS.

There is a huge difference between ME/PSP and say OpenBMC, one of which
is ethical libre remote management of your own devices and one is
something that is put there for no real reason and can't be turned off.
They say the corporate types wanted ME? What was wrong with a regular
BMC? The answer - BMC's don't support DRM functions for hollywood and
don't let governments do stealthy hacking and backdoors.

>
>> They also imply they did more than just run ME cleaner which someone did
>> the work on.
>
> What's the URL for this and precisely where on that page would we find
> this implication? Please do quote the exact text.

https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/

This page doesn't mention MEcleaner or any real information about how
they did it.

"COMPANYNAME, because it runs coreboot and maintains its own BIOS
firmware update process has been able to release and ship coreboot that
disables the Management Engine from running, directly halting the ME CPU
without the ability of recovery."

This implies that what they did is something special that people can't
do on their own to any firmware, which anyone can.

It also claims that they disable ME, that it doesn't run although it
does. Again later they claim this article to be a "mistake".

They changed the definition of disabled, a kernel and hw init code still
run on their "disabled" ME but somehow that is "disabled" since (and
they have no way to verify) they think that it doesn't do anything and
politely shuts off after it boots the computer.

Forget to include the ME blob on their "disabled ME" laptops and they
WILL shut off after 30 minutes, intel says its for the users own good
but I don't know of any legitimate BMC that does that.

https://puri.sm/faq/
"Libreboot is a downstream distribution (or fork) of coreboot which
doesn’t allow non-free binaries (“blobs”), and only supports a small
number of devices, the vast majority of which are over 10 years old.
Libreboot also doesn’t “keep track” with coreboot; its most recent
release is from mid-2016, whereas coreboot’s is late 2018."

Again with the insults of their real alternatives, implying that
old=useless.

"Our coreboot firmware still has some blobs,

Some? SOME? The entire hardware init is done via fsp binary blobs!

"as all modern Intel-based systems require them, but our our goal is to
ship devices with blob-free coreboot.

Which will never happen with x86 hardware, it just can't be done in any
reasonable amount of time no matter how much money you have. Even if you
could say spend millions on reverse engineering why not spend that money
on making an OpenPOWER laptop? since OpenPOWER already has libre
firmware and is also american made so is much more trustworthy than
chinese made ME'ed propriatary x86 junk.

AFAIK their only legitimately skilled employee (youness, I like and
respect him both before/after that) left for some reason so I doubt they
are doing anything at all at this time.

>
>> [1](I don't want to up their search ranking)
>
> This pseudo-footnote is not good enough. Your desire to not increase
> their search ranking doesn't free you from an obligation to back up your
> point.

I meant that I don't want to use the actual company names not provide
sources I would never say something that isn't real.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]