Go Down

Topic: Closed (ouch) or Open Hardware new Uno's ? (Read 14 times) previous topic - next topic

Paul Stoffregen

Just one more followup... everything seems to be fully published.  I don't think anybody has cause to say "closed source".

It looks like 3rd party boards are expected to use a different VID, based on an update recently added to the README.txt file.

Quote
Please note that the Arduino VID and PIDs are only for use with official Arduino hardware and should not be used on other products.


I really don't think that's a huge problem, though it does mean 3rd party boards will need to edit Descriptors.c, and the INF, and users of those boards will need to install a separate INF.

While a unique VID costs $2500, Atmel apparently publishes VID/PID pairs that can be used.  Anyone making their own board on a shoestring budget could easily use that VID/PID.

The INF is not signed by Microsoft.  Everybody using Windows will get the unsigned driver warning.

I really don't think there's much for 3rd party boards to fear, only more care and attention to detail is needed when using the published code.

Paul Stoffregen

Opps, I was wrong about the bootloader not changing.  The old bootloader is still there in 0020, and unchanged.

It looks like Uno uses the new optiboot, which is also open source, and it one of the several new bootloaders in the 0020 download.

Eight

Quote
It looks like Uno uses the new optiboot, which is also open source, and it one of the several new bootloaders in the 0020 download.

Uh oh... :D

I suppose the only significant issue would be if newer Arduino bootloaders are made reliant on the 8u2, thereby making non-8u2 based boards require different bootloaders.

Need a crystal ball maybe for that one. :)

Paul Stoffregen

#73
Sep 27, 2010, 07:59 pm Last Edit: Sep 27, 2010, 08:03 pm by pjrc Reason: 1
Quote
I suppose the only significant issue would be if newer Arduino bootloaders are made reliant on the 8u2, thereby making non-8u2 based boards require different bootloaders.


Having read this code, I would say any such fears are utterly unfounded.  Did you read the code?  I have, and there doesn't seem to be anything like this.

Optiboot was developed long before Uno.  Well, months anyway.  It appears to work with any serial device.  It works with FTDI, or even a real serial port.

Likewise, the 8u2 source is now fully published, and if you read it, there's nothing special it does other than passing data back and forth, and implementing the various required USB stuff.  It implements a very generic USB to serial converter, which is pretty much the same as the published examples in LUFA (developed long before Uno).

The code is fully published now.  It's not even very long, as these are both pretty small programs (the huge LUFA distribution aside).  If you think there's something malicious lurking in there, why not actually look for it and quote the offending lines of code?

I'll be very impressed, and fully retract everything I've said if you manage to find anything malicious I missed, but I'm pretty sure you won't find any such thing.  You don't need a crystal ball, only the code and a text editor.

Eight

#74
Sep 27, 2010, 08:05 pm Last Edit: Sep 27, 2010, 08:06 pm by Eight Reason: 1
Quote
Having read this code, I would say any such fears are utterly unfounded.  Did you read the code?  I have, and there doesn't seem to be anything like this.

No, and that's why I said "if" and "crystal ball". I wouldn't claim to have to the knowledge to fully understand what is in the bootloader.

I've never once suggested that Arduino are up to anything malicious. I don't think Arduino are out to screw anyone or 'close source'. I simply mentioned a potential issue that could maybe arise one day - but quite probably won't by the sounds of it. "Unfounded" is more than fine by me.

And I thank you again for your efforts in looking into that code - you've helped everyone understand a bit better what is going on. Especially me.

Go Up