Well, arguing who’s best, Microsoft, Google or Apple is like arguing what serial killer will kill you the most human way, so I pass on that - not happy about MS either. for that matter
Having heard that Google is one of the FOSS, ethical business is one of the funniest things I have ever heard. I do not know, where you got that idea from - but just one example out of my head - we are speaking of the software developer, that tried (and most likely helped) developing the censored search engine of china (dont even speak about the censoring they do for the rest of the world).
Ah, I mean, its more as a fun trivia - but you are defending the company, that removed the motto of “dont be evil”, as it was not in the spirit of modern times
They did not develop censored search for China, the plans having ben scrapped.
Precisely because the employees demand ethics. And get it.
As for FOSS, Google is one of the biggest contributors in a lot of Free Software projects. It also created a lot of FOSS projects on its own. You could say that MST does it too, but no the scale is not the same at all.
Ultimately, the corporate culture at Google stems from the employees, which were selected from their fitness towards the “do no evil” culture. Even if you remove the motto, now the employees are here and believe in that motto.
What part of the Framework promise is going missing? They’re repairable and standardized hardware with easily available parts. The change is “one more product using the same parts bin”. That’s following through on their promise, not breaking it. The slightly different cover/keyboard? I guess you could make a fuss over that, but it’s a different input scheme: no working around that.
Then, they openly said the new one runs coreboot. Yes, that’ll probably throw a monkey wrench in casually installing Windows (I’ve never tried sticking windows on a Coreboot equipped machine), but it’s been trivial to swap ChromeOS for a linux distro of your choice for years. I did it on an early one where you had to open it up and throw a microswitch before making changes, on the modern ones it’s merely “set a boot option, we’ll erase your data and leave you with an unlocked bootloader”.
Even though, as nrp said in the post, it doesn’t directly translate back to the standard versions, a new motherboard with CoreBoot is a big deal as a potential precursor to moving away from UEFI from those that want it. Frankly, the “secureboot is evil and anti-opensource” is frankly ridiculous. It’s trivial to deploy Fedora on a Framework in Secure Boot mode. These days Microsoft is pushing out UEFI secure boot updates to maintain support for grub. Seriously; Windows updates with key changes to keep grub secure boot secure. (Dual booting secure boot is still a PITA and just better skipped). And before you go “oh, Fedora, of course, they have RedHat behind them”. I now have setup secureboot on two Arch machines. On datacenter servers we blow out the secureboot keys on arrival and only load the ones for the OS we’ll be running, whether that be Windows (Hyper-v), VMware, or various linux distros. The goal is “this machine only boots an uncompromised copy of the desired kernel”. And yes, it complicates kernel updates. But that’s sorta the point. The goal is to interfere with a hacker that wants to change kernel parameters, reboot, and then be able to inspect the memory of VMs running on the host. (Rough example).
Personally, I’m on-side with “I’d like to get away from binary blobs in my system”, but if you think Framework promised that, you’ve mixed them up. Maybe with the MNT Reform? https://frame.work/about. All Framework laptops, to my knowledge, have an Intel ME. And most of the ARM brands basically mean “run this kernel modded by the CPU manufacturer”
I was suggesting Google may have come to Framework and said “hey, we’d like to see a Framework Chromebook”. And the result we’re seeing isn’t some weird proprietary sell-out. We’ve got a mod on the original display cover, keeping the cost down and an effort to improve audio quality (a general-consumer friendly feature). And yes, ChromeOS requires a custom motherboard. It always does. But until somebody says “hey, Framework released the first Chromebook with a permanently-locked bootloader” I don’t really see the downside. Would I buy it? No. but really, that’s because it includes an SSD and RAM stick I’d be tossing. Also, I’m not ready to jump into coreboot.
Your stance appears to be “Google is evil, daring to partner with them is an inherent betrayal of something”. I mean, do you have issue with the fact the processors are all Intel? or that Microsoft Windows has been sold as a standard option from day 0? Again, I’d hold that a world where the same Framework laptop can be changed into a “big tech vendor X” toy with a motherboard swap would be a tremendous success.
One interesting note that nrp posted on the HN thread:
Google has fairly strict requirements around power consumption. They have a standard test for 10 hours of active use through common use cases, which we were able to meet. For standby, the requirement is around 14 days. I have to double check where we are on the current software and firmware, but we are close to that number.
We actually did learn some things about the Intel re-timers through this product development that let us come up with ways to improve the behavior on the regular 12th Gen Framework Laptops. We are currently developing a firmware update for that that will improve both active and standby battery life.
This is a substantial improvement over the current Framework battery life, so looking forward to those improvements. (nrp also mentioned in the thead that some of those learning would also apply to 11th Gen).
I have problems with intel and MS, it was just not the topic of this blog - never have I stated, that I was for both of them - you just assumed here.
Anyway, you seem to have much deeper knowledge about the bootloading, than I have (honestly, Im not to deep into the topic, but if you read my comments, you see, that I have stated, that IF google is closing down its hardware/boot, Im against it, and that it goes against Framworks philosophy - I stand by this, and your argument do not seem to dismantle this stance.
On topic of secure boot. As I have said, not to deep into this topic - but I stand on the side, that the moment, you are forced to use it, and the moment, the key distributing for secure osses are centralized or in any way not free, you have made the first step toward closed hardware, so I stand harshly against it. You can now start to argue (and I know, Im using strawman arguments here), that ist JUST a little inconvenient and oh, you still can do it, if you are following this n steps and workarounds etc… But this is not the spirit of hardware ownership movements like right to repair. The Customer has to have the choice if they want to have Secure Boot on, or if they want to be free and unsecure - it is their stuff and their decission and not in this case Google but also not MS, Apples or some other Destributer.
Hardware and base software as OS are infrastructure in my eyes and should be as open and free as possible.
As said, I do not know how closed of Google will be and heck, MS may be way worse - as stated, not going to argue, which ones of the bad ones is worse than the other.
I assumed, and it seems to be the case, that Google used a custom Motherboard - but you said, you could install Linux easily on it, so good for that, I guess.
Intel is a topic for itself, but not a fan, that only Intel is supported, but I guessed, that alternatives (and if I could dream, maybe someday Risc-V) will be supported.
I initial did not intend to go on big and long rants against google and this stuff, just wanted to put a comment out, that I hoped for other steps first like battery improvements and a touchscreen.
Oh, and yes, “Google is evil an daring to parnter with them is an inherent betrayal of the repair and open hardware/software movement” is not exactely what I said, but it kind of is. But not only Google, but also MS and Apple and sadly even Intel and most likely als AMD would be. But I know, that there is currently no option other to work with some of them (which IS the problem), like for example Intel.
Lastly, I do know, that selling Chromebooks next to MS run machines can be considered just more choices, and I initial said, that Im happy for everyone wanting a chromebook - I pointed out, that working together with firms, that have vastly different philosophies (and MS is included) is difficult to sell, with the small analogy about football. I tried to dump the point down, but it seems, that this may have only resulted in some confusions.
You also interfere with everyone who does not hack, but still wants to work with their bought products. Give costumer a choice to leave secure boot and the other stuff off their personal devices and be unsecured and I do not mind having secure boot as an option for everyone who wants it. THIS CHOICE is not given anymore! This is the problem - you defending it, is part of the problem. What is dificult to understand, that people want to have the choice of the security level they want on their own risk with the stuff they buy/have bought?
I’ve seen reports about Chrome OS Flex running well, although Chrome OS Flex apparently is a bit behind, with a 5.10 Linux kernel, so would also be missing all the recent Alder Lake updates for 12th Gen. Flex is also missing some things of regular ChromeOS, notably Android app support.
No, no you don’t. Secure boot is optional and user configurable. Like I said, we manually load the keys for OS kernels that have been pre-approved in some environments. I mean, yes, it adds a complication, but 5 minutes to figure out how to disable secureboot? Minor societal cost for the benefit of making everyone else more resistant to rootkits. Anybody remember the “rootkits in legally purchased music” scandal? I am aware of some random hardware that doesn’t have end-user modifiable secureboot the Lenovo Miix 320? I’m running Arch on it, but had to flip the secureboot setting in UEFI to “off” rather than custom importing my own keys.Weird tablet, I like it because it’s magnets make it hang nicely from under a cabinet.
The choice has NOT been taken away, it’s merely “secure by default” rather than “open by default”. The fact you don’t understand the difference is easy evidence that end users can’t be trusted to secure their hardware if it’s shipped unsecured. But secureboot absolutely doesn’t lock consumers out of their own hardware, despite the perennial rumors. The only PC exception I’m aware of was the original Surface RT (circa 2012), which MS eventually released the “golden” keys for, so you can unlock it and do whatever you want. Things are different in other spaces. Rant about phones, tablets, Apple devices, and yeah, you have a point. But google requiring Coreboot for official Chromebooks? That’s 100% in the anti-secureboot camp. And while I’m a jerk, I’d say “if you can’t figure out a manual secureboot from something like the Archlinux wiki, maybe custom kernels aren’t for you.”
And no, it doesn’t take five minutes to disable secureboot. While ocassionally I’ve gotten tripped up by a weird UEFI, most are less than a minute. Hardest part is guessing the boot key and hitting it fast enough with some of the modern rapid starts.
I have worked with APs, firewalls, etc. that are locked, and will actually brick themselves in agressive tampering scenarios. Basically a mil-spec feature and you pay through the nose for it. Seen routers that cost 3x the normal price for the same model for the “this is impossible to take apart without destroying it” feature.
In short, you’re wrong, it is win-win-win, with the community, including those mad open source geeks that want coreboot on a Framework laptop benefiting from this release, Framework continuing to show commitment to their stated purpose, and Google getting some good eco-friendly press for what’s probably an investment so small as to be a rounding error on their scale.
The scenario you proposed as “better”: i.e. “Google makes their own repairable platform and stays the hell away from Framework” is worse for Framework’s stated mission. Also, I wouldn’t trust Google to stay in the replacement hardware game. The margins are too tight, and there’s no data to collect. Frankly, I’d be shocked if Google ever followed that path. They just want the product (you) in their browser. Selling a RAM stick for the tiny amount of margin you’ll make on it? So not a big-tech thing.
If you want laptops to be repairable, easily upgraded, etc, you really want a ‘standard’ laptop for each form factor. Imagine the only difference between a macbook, a chromebook, and a windows machine being a single part swap. That means the rest of the system is interchangeable, and spare parts are everywhere. And the more of the exact same formfactor are made, the more likely you are to get things like options for alternative displays, or weird custom motherboards that offer risc-V with some experimental open source GPU and wifi card. (Getting away from proprietary IP entirely is a fools errand at the moment)
Well, yes you are right, your argument make you a yerk - a bad argument overall - “If you are to stupid to find out the steps you have to do, to disable something, put in, to “protect” you, means you should not be in this space” is kind of - how should I put it - elitist … but at least, you admit to it, before you made it - which in your mind make it ok?
You say, there is no locked down hardware with secure boot and it is optional and user configurable and just some sentence later, you give examples on where it was not the case and even give examples of the future it will lead to - phones … what is your argument here? Right now, its not as bad, as it could be, and if you do n steps, read a wiki and be, well versed, into software and hardware (most people are not by the way) you can still solve it (for how long, well, who knows, the end results we already see in YOUR MENTIONED phones and tablets …).
Im kind of baffled, how someone is obviously smart enough to work in a difficult field like hard-and software development (where I sort you in - shame on me, if Im wrong), and still doesnt understand basic concepts of buyers being able to chose for themselves, if they want to use stuff. Im not saying, that right now, there is no way to disable secure boot - Im warning about the way this will play out in the long run and stating, that this should be easier to disable or to buy without in the first place. Look, if this “security solutions” where put into place with user choice in mind, there would nothing more, than a button click needed, to disable or enable them - but this is not the case. There are 2 reasons for it - first, the devs of it, are not capable of doing so (which I do not think is the case) or they decided to not to do so. In the second case, why? What is there to win, if its hard to disable stuff, you own and have paid for?
I see no difficulty to give buyers of hardware a “master key” or something, to dismiss or enable every security option for themselves - but no, you have to read blogs and learn tech to do so - oh, and if you cant do it, you should not be allowed to (by your own fucking logic btw.).
What is the point on arguing against giving buyers more freedom and options for their own bought hardware? Why are you against that? If they get hacked - it was their own decission - not your business at all.
Yea, security is nice and secure boot will most likely safe against certain attacks, like you pointed out. So let people use it, if they want to but do NOT force them to - even though, right now, they are still able to, the push is obvious and we already see the results in (again, your mentioned examples) phones and tablets … I do not understand your reasoning - yea, you have no problems disabling it and yea, you are smart enough to run your Arch Linux (obviously the Arch masterrace speaking) on secure boot - but this is NOT the point. The point is, that the buyer should be able and in the best/this case as easily able to configure and chose and work on their hardware.
The win-win-win case you made - no, I do not see. I see some good points, many you pointed out already - but I also see google - one of the eviliest companies outthere, invading a space, that should be their competition. There is nothing to win with deals with the devil (… please do not see this as some religious argument, it just gets the point accross). Now, we have Framework, the fighter for anti-anti-costumer and anti-big business behaviour making deals with said businesses. Their is definitly a brand deminishing outcome in this (at least in my view).
But I get it, and already stated it, over and over and you seem to ignore it, that I get the decision about selling a google chromebook - and Im not saying, the world is on flames for it and framework is dead now - I just liked other decissions more.
My point was, that if google truly wanted to be pro right to repair and opensoftware, they could and would do it themselves. Therefore, as they do not do it, they are in it for other reasons - most likely marketing - or some other business, like for example, they have done by invading open source projects to over time lock down for their own benefit.
I argued, that google is not here to help - and as you have shown a negative outlook of the google aswell, I think, we both agree on this (at least something).
It's really annoying to get this ideological chastisement as a person supporting a non-techie's Linux experience.
Sure… It’s just my mentality, and not the fact that, whenever my wife’s laptop has some weird issue, I’ve gotta open up the terminal and troubleshoot. I’m happy to do that because I think it’s ultimately better for her to be running on Linux. Most of her computing involves chrome anyway. But I challenge you to think about how your family member would deal with problems when you’re not around.
Anyone who is conveniently forgetting about all the time they spend pulling up a terminal to troubleshoot (in my case, why old kernel images are not being deleted from /boot, how to let her run a script that whitelists her on her organization’s wifi, or why Zoom won’t let her join meetings) is not really being honest when they evaluate how “forgettable” the distro is.
Exactly, with a team dedicated to UX.
It runs coreboot. Search elsewhere in the thread. Lots of Chromebooks can run other Linux. Nrp said in the HN thread that it just depends on community development for that code.
This is a potentially financially-beneficial relationship, that results in more choice for end users, which leverages modularity to help make the product better and more repairable in the market segment, and we are already seeing how this partnership will likely result in battery improvements to the other Frameworks from Google’s help. Let’s have more products like this.
As a long time Linux user (Thinkpads dating back to x20) and a relatively newer ChromeOS user I am really excited that there is a repairable option. I understand the limitations that a ChromeOS device has (though many examples are already being recycled past their prime with Linux instead). I’ve never had a linux machine fail that couldn’t be repaired (again, thinkpads) but I’ve had two ChromeOS devices fail and I could not fix them.
Linux “just works” until it doesn’t. Just one example that has happened to me a few times is that on my 9 AM meeting my headphones and microphone work just fine but for some reason when I join the next meeting at 9:30 my microphone has gone away. Sometimes this requires a reboot, sometimes this requires me to physically unplug the device, etc. These kinds of things never happen on ChromeOS (someone else commented that it’s just linux with a dedicated UX team).
I didn’t mean to aim at you, sorry if it came off that way – it was aimed at the general population, which includes me.
I’m saying Linux can be “set and forget”. It is on e.g. server Debian with hardware compatibility, it is with ChromeOS. It is when the kernel supports the hardware. The segmentation and lack of resources are what have been holding back the “set and forget” desktop experience. With enough resources (example: the team at Google to Chrome/iumOS), Linux can be “set and forget”. The word Linux can be replaced by “open-source OS”.
Which is why I say the mentality (which includes any/all operating system users) that Linux (or some open-source OS) can’t be “set and forget” prevents its mainstream adoption. If the majority of OS users were on Linux, it’d probably become quite “set and forget” very quickly. Sorry to harp on “set and forget”, haha – I don’t want to stray away from my original intent.
To your other points, I agree. I just meant that I’d rather not see this partnership continue akin to how Google bought out Motorola/Project Ara which died.
ChromeOS is Linux-based and can be viewed as a Linux distro, with a slight vendor lock-in. Instead of the vendor lock-in being a specific company, it can be the entirety of open-source developers.
I’m pretty sure we’re all on the same team here, as I mentioned earlier I didn’t want to stray away from the original topic of this thread and this can go any which direction, much like Linux, lol.
This is a big oof for me. How we got this before an AMD machine or firmware/BIOS updates/features like coreboot to me is a mis-reading of the room. Especially when they have previously used the reasoning of resource allocation as an explanation for removing support for hardware they already sold to customers. How they will now justify putting this much work into a smaller niche customer base is beyond me. It would have been one thing if they added support for ChromeOS but they aren’t even offering this as a mainboard replacement, only as an almost stand-alone with the exception of some existing components like the expansion cards and screen accessories. How large is the high end chromebook market anyway?
It’s an extremely locked down sandbox for a browser. That it technically runs a heavily modified linux kernel I see more as a convenience for Andriod app compatibility as oppose to support for open source or the Linux community as a whole.
I agree. I think the end goal should be open-source without vendor lock-in and I think ChromeOS leads away from that path.
Though how we get to the end goal may be a matter of semantics/execution, I hope we get there sooner rather than later – without another decade of segmentation.
In fairness, the Chromebook version does use Coreboot and NRP is on record stating that they are attempting to backport that work to DIY and Prebuilts. They hope to finish the work next year. I’m not thrilled about Chromebooks in general but I recognize that FW likely needed help with software. This is exactly the same reason why they chose Intel in the first place…support. Intel helps partners design boards and such. It looks like Google did a lot of heavy lifting to make this happen. NRP also said that battery improvements were found in the course of this collaboration that might also be backported to DIY/Prebuilts. I’ll take this as a necessary evil. I want Coreboot in the next year tho, the clock is now ticking.
Well, I don’t disagree with the majority sentiment here about Google. But I do hope this product pulls in enough cash flow for the company so that in 5+ years time it’s still around so that I can still buy parts/upgrades. Otherwise all this is moot. By then coreboot and AMD option have to be available right? =P
Wow, seems like it might come with a better audio chip + speakers (which hopefully we can buy a drop in replacement for existing models) and potential future BIOS power optimisations from ChromeOS (which quite a few companies do such as Dell/HP) as ChromeOS developers from Google could help with these and easing resources/shorten the learning curve on the Framework Team.
Now maybe someone can figure out how to put the Steam Deck hardware into the Framework