Can You “Take Back” Open Source Code?

It seems a simple enough concept for anyone who’s spent some time hacking on open source code: once you release something as open source, it’s open for good. Sure the developer might decide that future versions of the project close up the source, it’s been known to happen occasionally, but what’s already out there publicly can never be recalled. The Internet doesn’t have a “Delete” button, and once you’ve published your source code and let potentially millions of people download it, there’s no putting the Genie back in the bottle.

But what happens if there are extenuating circumstances? What if the project turns into something you no longer want to be a part of? Perhaps you submitted your code to a project with a specific understanding of how it was to be used, and then the rules changed. Or maybe you’ve been personally banned from a project, and yet the maintainers of said project have no problem letting your sizable code contributions stick around even after you’ve been kicked to the curb?

Due to what some perceive as a forced change in the Linux Code of Conduct, these are the questions being asked by some of the developers of the world’s preeminent open source project. It’s a situation which the open source community has rarely had to deal with, and certainly never on a project of this magnitude.

Is it truly possible to “take back” source code submitted to a project that’s released under a free and open source license such as the GPL? If so, what are the ramifications? What happens if it’s determined that the literally billions of devices running the Linux kernel are doing so in violation of a single developer’s copyright? These questions are of grave importance to the Internet and arguably our way of life. But the answers aren’t as easy to come by as you might think.

Continue reading “Can You “Take Back” Open Source Code?”

Flash your Libre Firmware with a Libre Programmer

Whether or not you personally agree with all the ideals of the Free Software Foundation (FSF), you’ve got to give them credit: they don’t mess around. They started by laying the groundwork for a free and open source operating system, then once that dream was realized, started pushing the idea of replacing proprietary BIOS firmware with an open alternative such as Libreboot. But apparently, even that’s not enough, as there’s still more freedom to be had. We’re playing 4D Libre Chess now, folks.

To flash your libre boot firmware on your libre OS running computer without any proprietary funny business, you’re going to need a libre chip programmer. Luckily, the FSF has just awarded the Zerocat Chipflasher their “Respects Your Freedom” certification, meaning every element of the product is released under a free license for your hacking enjoyment. According to the FSF, this is a major milestone towards their goal of providing users a truly free and open source computer, from the browser all the way down to the BIOS.

Of course, you don’t need to be Richard Stallman to appreciate a fully open chip programmer. With the software, wiring diagrams, and PCB files available on the Chipflasher’s website, the project is an excellent educational reference. Is also means that with a clone the Chipflasher’s Git repository, you’re well on the way to spinning up your own build of the device.

Given the roughly $350 USD price tag on the first generation Zerocat Chipflasher, it seems fairly likely we’ll be seeing some DIY builds of this device before too long. Not that we want to deprive Zerocat commercial success for this very neat piece of gear, but for many it’s a mighty steep price; even if you do get all the Freedoms.

It may use a device of slightly more nebulous morality than the Zerocat Chipflasher, but our own [Bryan Cockfield] documented the saga of getting Libreboot installed on a Thinkpad X200 if you’d like to know more about the high stakes world of BIOS replacement. Whatever it takes to get that Intel Management Engine off your penguin-powered box.

Save WiFi: Act Now To Save WiFi From The FCC

Right now, the FCC is considering a proposal to require device manufacturers to implement security restricting the flashing of firmware. We posted something about this a few days ago, but completely missed out on a call to action. Contrary to conventional wisdom, we live under a system of participatory government, and there is still time to convince the FCC this regulation would stifle innovation, make us less secure, and set back innovation in the United States decades.

The folks at ThinkPenguin, the EFF, FSF, Software Freedom Law Center, Software Freedom Conservancy, OpenWRT, LibreCMC, Qualcomm, and other have put together the SaveWiFi campaign (archive.is capture, real link is at this overloaded server) providing you instructions on how to submit a formal complaint to the FCC regarding this proposed rule.

Under the rule proposed by the FCC, devices with radios may be required to prevent modifications to firmware. All devices operating in the 5GHz WiFi spectrum will be forced to implement security features to ensure the radios cannot be modified. While prohibiting the modification of transmitters has been a mainstay of FCC regulation for 80 years, the law of unintended consequences will inevitably show up in full force: because of the incredible integration of electronic devices, this proposed regulation may apply to everything from WiFi routers to cell phones. The proposed regulation would specifically ban router firmwares such as DD-WRT, and may go so far as to include custom firmware on your Android smartphone.

A lot is on the line. The freedom to modify devices you own is a concern, but the proposed rules prohibiting new device firmware would do much more damage. The economic impact would be dire, the security implications would be extreme, and emergency preparedness would be greatly hindered by the proposed restrictions on router firmware. The FCC is taking complaints and suggestions until September 8th.

Even if you’re not living under the jurisdiction of the FCC, consider this: manufacturers of routers and other WiFi equipment will not be selling two version of hardware, one to the US and another to the rest of the world. What the FCC regulates affects the entire world, and this proposed rule would do us all a disservice. Even if you’re not in the US, tell your second favorite websites to cover this: neither Ars Technica nor Wired have posted anything on the FCC’s proposed rule, and even boingboing is conspicuously silent on the issue. You may submit a comment until September 8th here.