[tpearson-raptor]

Honest question: why do you consider System76 to be building new roads by using locked hardware and offering partial open source firmware for it? Wouldn't the new roads kudos be more appropriately given to all of the folks that made real open hardware happen (RISC-V, OpenPOWER, etc.) years before this partly-open-source system announcement went out?

In my mind the RISC-V folks especially were real trailblazers in this space -- they took massive risks when no one, and I mean no one, was doing open source CPUs beyond soft cores. IBM focused more on open firmware, then eventually opened their ISA, but x86 vendors have had no such forward vision in their history -- the x86 vendors have followed in this space, not led, for well over a decade, and indeed both sides of the x86 duopoly (Intel and AMD) are both separately on record as having stated their goal is to take control away from the machine owner in whatever manner they need to in order to fulfill their DRM contracts.

Even with this laptop announcement, if I'm honest, more following is being demonstrated -- the coreboot user community had open source firmware ARM laptops (Chromebooks) available quite a long time ago, why weren't those hailed as building new roads when they appeared? Does anyone really think we would have reached a point where an x86 vendor would be trying to advertise even partly open source firmware without the pioneering efforts of the competing, truly open architectures?

[tpearson-raptor]

To the downvoters: I'm guessing you wanted to run Windows 10 "safely" somehow, or sandbox your games. There's almost no other reason to be this stuck on x86; at the end of the day it's just a consumer architecture that some well known privacy disrespecting software requires to run. It's not even that great of an architecture from a technical perspective, it just happens to have the financial weight of the prosumer market behind it right now.

Here's reality:

This laptop won't stop Windows exfiltrating your data. These x86 systems are leaky, they require sizeable amounts of low level binary firmware to even boot, and proper isolation is near impossible. Try sticking a PCIe diagnostic system on an open PCIe slot and sending commands to the WiFi or Ethernet card -- most likely it'll respond [1]. Then consider the firmware in the various controllers attached to the PCIe bus, including your GPU.

It's probably a violation of your game's anticheat system to try to sandbox it. It's definitely a violation of the NVIDIA driver EULA to run it in a virtual machine, unless you pay the enterprise driver license fees and use a server grade adapter. The kind of adapter you won't usually find in a laptop, by the way.

This is a topic that I find very frustrating. We all know you want to do the above. It can't be done without license violations all over the place, or head-in-sand make-believe "security", on modern x86 hardware. No wishing, hoping, etc. will make this change.

[1] Yes, this is known to happen on specific x86 systems that I have personally tried (in that case, it was a malfunctioning GPU writing to the disk controller!). Invalid cross-device access was also tried on a POWER box, where the invalid accesses were blocked and logged as intended.

[rvense]

I gave that comment a downvote because I thought it was disrespectful.

System76 have been providing practical solutions for running free software on available hardware for years now. That does indeed deserve kudos, even from you.

Keeping a kilowatt of computing power running at all times at home and connecting to it with a dumb ChromeOS terminal as you're suggesting is quite honestly not a viable solution for many people. And excluding practicalities (which a real person, of course, cannot) it might even be worse for security depending on your threat model.

[tpearson-raptor]

That may be. However, I was using Linux on bog-standard computers before System76 was even founded -- preinstalling Linux on a computer isn't exactly revolutionary, and it's in a completely different league from the work that has been required to bring up entire new CPUs (!) to compete with the increasingly locked x86 systems.

No idea where you're getting a kilowatt from. My desktop uses maybe 120W or so, with a lot of that going to the AMD GPU.

If we're going to trade barbs over ecological damage, what happens to all those Intel and AMD systems that would have been useable if they had just had updates to the locked/signed firmware, but are instead floating around in landfills because the vendor decided they wanted to enforce their control and not issue security updates?

[rvense]

> That may be. However, I was using Linux on bog-standard computers before System76 was even founded -- preinstalling Linux on a computer isn't exactly revolutionary

System76 is making free software computing more attractive and available. You might think of what they do as easier than what you do, and you might disagree with the way they prioritize security over other factors in their products, but I still think it's pretty bad of you to imply that what they're doing is not valuable to this community.

[tpearson-raptor]

OK, I think I may have been misunderstood...

What they are doing in that space is valuable. However, with just a bit more tweaking, they could offer something a whole lot more valuable in parallel, and leave this whole semi-open x86 issue behind. If they were to offer even a couple of actually open source firmware systems, and indicate somewhere in the marketing that the x86 boxes are only partly open source, that would not only eliminate the entire controversy here but also allow them to take the next logical step in open software. If their core mission has basically been to make open source easy to consume, that's a worthy goal; why not go a bit further and make open source on open hardware with fully open firmware just as easy to consume?

Clearly there's demand, from the comments in this thread alone!

[SmellyGeekBoy]

I'm a fan of what Raptor is trying to achieve but you perhaps need to go easy on the company Kool Aid. Hijacking another manufacturer's comment thread to push your own agenda is one thing, ranting and being disrespectful is quite another.

[tpearson-raptor]

I wouldn't be here if I didn't see a bunch of headlines yesterday that made it sound like these new laptops have proper open firmware.

They don't. That's why I'm here, to provide the missing other half of the story.

[madez]

Let me take this opportunity to ask you a question here after you making clear the problems you see.

Hardware becomes more complex and can include internal software that from a user perspective is just part of the hardware. But in fact, it is software running doing complex things outside of the oversight and control of the user.

Do you have plans to not just have open software but also open hardware? Do you hope to offer a device in the future with not just free software, but with the source files of the integrating hardware like the motherboard as well as of the chips like CPU and auxiliary ICs? Do you see a possibility to start with an open RSIC-V CPU?

[tpearson-raptor]

Actually, yes! We're closely monitoring the development progress of the open toolchains for various FPGAs; with POWER ISA now being open for implementation by anyone anywhere, I could easily see a future where extremely sensitive work is seamlessly moved from a large closed ASIC like the current IBM POWER chips to a completely software compatible, but significantly slower, soft SoC running in an FPGA. Or even an ASIC, if methods are eventually developed to verify the ASICs match the input design files at scale (i.e. non-destructive testing).

This seamless transition is one of the key benefits of an open ISA in my mind; development and testing of algorithms can be handled on the closed but top of the line (i.e. extremely powerful) ASIC, then when sensitive data is being handled that same binary can literally be run without changes on the soft core or other slower, but open, system. You could even compile on the slower ultra-trusted system, and test the binary on the larger ASIC -- lots of interesting possibilities here!

[madez]

That is exciting! Open and well-documented FPGAs are definitely useful and very interesting to have in a device. Have you looked into OpenPiton [0], PULP [1], BOOM [2], or lowRISC [3]? While I'm hopeful that you find these projects personally interesting, I'm also looking forward to eventually see them in devices. Sorry for not listing any open POWER CPU/SoC projects as I'm not aware of any. Please share if you know any.

[0] https://github.com/PrincetonUniversity/openpiton [1] https://github.com/pulp-platform [2] https://github.com/riscv-boom/riscv-boom [3] https://www.lowrisc.org/

[tpearson-raptor]

Microwatt is the first fully open POWER core:

https://github.com/antonblanchard/microwatt

It's also structured very well, quite clean for learning purposes etc. The current goal so far as I know is to perfect this core, and fork for a more complex / powerful variant. Maybe by the time that's done, the open FPGA tooling will have caught up enough to be able to run a usefully fast (~200MHz) POWER soft core, all in FPGA logic...

I'd strongly prefer a ppc64 core over a RISC-V core for one simple reason: we have a wide deployed base of very powerful ppc64 machines, and not having to keep cross compilers and related environments around is a massive streamlining step that we don't even know the full effects of yet (it hasn't been legal until now to have the SoC under development running the same architecture as the high end workstations and servers used to develop [for] it). The demo of using mainline GCC on a POWER box to build a binary for the Microwatt (that would also run on the host with KVM, if desired, for fast trace and debug) was most impressive.

[jtl999]

> It's probably a violation of your game's anticheat system to try to sandbox it

Funny enough I've heard claims recently that Steam/VAC detects KVM virtualization and temporary kicks from VAC games as a result.

[tpearson-raptor]

I wouldn't be surprised -- it's a gaping hole for anticheat software if not addressed. In fact, long term the anticheat is going to have to require a completely locked-down (console-like) experience from boot firmware (ME/PSP attested) through OS and userspace, or it will not be effective.

Which is one reason why I don't rent games on Steam, and why I bought a PS4 instead. If I'm going to have to game on a completely locked down system, I vastly prefer to do it on a system that doesn't touch any of my personal data and for which I can still buy permanent, resalable (and yes, even lendable) games on physical media.

PC gaming hasn't interested me since Steam on Windows with mandatory anticheat became the primary way to play games.

[Iv]

Because not everything is about FSF-purity standards. Running a profitable company while providing as many open packages as possible is commendable. Pushing to open more is. But jeez, would it hurt to show some love to people who genuinely do care at least a bit about open firmware?

And yes, a lot of us do love OSS but also have clients who require windows compatibility. Some of us do deep learning and need good GPU/Cuda support. We all do compromises with OSS ideals, and it is GREAT to have people like System76 fill in that niche.

Otherwise the choice would be only between pure-FSF machine that run only some specific distribs of linux (I do own a novena, you know) or totally proprietary system that come only with windows and 50 GB of crapware. Without Systm 76, I would just be buying another DELL so thanks and kudos to them.

Thanks and kudos to the people who also uncompromisingly prepare an open and resilient ecosystem of open chips, open GPUs, open firmware.

But please do show some love to each other and dont get stuck in an absolutist position where you can't see the difference between people trying to find a market to OSS pieces and promoters of walled gardens.

[tpearson-raptor]

I still don't understand why you would even care about the firmware if you're running Windows. To me, that would be like building a fortified, ultra-secure rear doorway into a run down barn with a gaping hole where the front doors used to be.

If these efforts were even potentially likely to result in open x86 systems someday, I wouldn't be as opposed to them as I am now. But when you have both x86 silicon vendors on record as being contractually and legally unable, let alone unwilling, to allow owner control, all I see is a massive waste of effort with a known incomplete (i.e. partly closed) endgame. Worse, that effort is detracting from other efforts that are providing fully open computing right now, today.

My recommendation has always been to use the commodity x86 world's greatest advantage if you have to use Windows: cost. Get the absolute cheapest possible Windows system you can find that still has enough power to support your clients, plan on replacing it every so often as Windows churns along, and actually invest in a secure, open computer for everything else.

x86 is a closed ISA with closed, locked, signed firmware. All appearances are that it will stay that way permanently, with just enough late-stage open firmware allowed to create sufficient marketing confusion in less technical circles. Why not select and embrace one of the open ISAs for non-Windows computing? Who knows, you might be helping make secure / non-hostile computing happen on a large scale just a little bit faster! :)

[Iv]

For the same reason I cared to run linux even before we had open BIOS. Would you have been shouting at young Torvalds that he was wasting his time trying to write a free OS in a world of proprietary hardware?

We won't get to a fully open ecosystem in a day. It wont be a single project, and the more experimental parts you add to the platform, the higher the cost you pay in instability, complexity of maintenance, and performances.

I am not always running windows. But I have it installed for when I have to test aginst it.

I am not a dissident, a journalist or a spy, so my threat model is not the NSA or PCC prying on my contact list.

My threat model is the scenario "Microsoft and a random hardware vendor team up to make sure <Technology X> can never work on linux" which history has shown to be a credible one.

Actors like System 76 fight against it and I am grateful.

Getting CPUs, motherboards, GPU and drive drivers provably clean and incapable of spying is a magnitude harder, starts being feasible, but so far I am not in a category where I absolutely need that. I am pretty happy that some people start offering that too but it helps no one to pretend that people working on these parallel lines are somehow opposed. That's a self-defeating attitude!

[snagglegaggle]

>Would you have been shouting at young Torvalds that he was wasting his time trying to write a free OS in a world of proprietary hardware?

Yeah. It wouldn't have stopped him, probably just made him want an open platform even more.