> You think lack of thermal protection is a feature?
I read that as: vendor-controlled software sitting in hardware will be buggy and those bugs won't get fixed. Thermal protection implemented in user-controlled software can, over the long term, provide better safety because bugs can be fixed.
Then stick it in a user-flashable chip, but still ship it pre-flashed. The point it that failing to init something at runtime should never be a safety problem.
The point is that if you run a new OS on the hardware (say, OpenBSD...) and it doesn't set things up, that failure to configure the running system should not result in a safety problem. Now one obvious way to do this is to do it in hardware, but the point was made that then you have to hope that the hardcoded safety measures are bug-free. So, the obvious fix is to do it in firmware, and allow updating the firmware, but do ship with it pre-flashed in persistent memory. Thus, doing nothing is safe, if a bug is found you can fix it, and yes a user could flash unsafe firmware but they'd have to go out of their way to do so; the default is to be safe regardless of what the main system OS does.
A user has to go out of their way to flash an OS too, I'm not sure I buy the argument that open architecture is going to surprise people who also know how to flash an OS to a very new and unsupported device. No one is trivially flashing different OSes to pinephone and thus they'd need a good deal of domain knowledge to even achieve this goal.
Effectively that means no one is flashing an OS to the pinephone, getting it to work but somehow is ignorant to the fact that pinephone has a battery and that battery could present danger if handled improperly.
It seems like a safety measure that increases complexity which could potentially decrease safety just as likely as it is to increase safety.
Someone could accidentally flash an invalid image to a phone. Happens all the time. Or maybe they flash the latest Linux kernel dev branch and it crashes. That shouldn't disable battery safety.
We are literally having this conversation on an article about a case where it would be useful; if battery control was on a separate controller that was flashed separately, then you could install OpenBSD and not worry about starting a fire.
Because reflashing the chip that stores the OS can't affect the battery. It's simple physical isolation. What if the entire chip with the OS physically fails? The code with the protection should still run.
I read that as: vendor-controlled software sitting in hardware will be buggy and those bugs won't get fixed. Thermal protection implemented in user-controlled software can, over the long term, provide better safety because bugs can be fixed.