Mise à jour 5.6.1: TI à l'écoute, l'ASM arTIfiCE en sursis !

[mr womp womp]

Si c'est bien intentionnel de la part de TI comme l'a mentionné Adriweb, c'est une très bonne nouvelle et ça change complètement mon opinion.
La situation est un peu difficile à naviguer puisque TI nous donne des mixed signals mais bon. Si les réglementateurs d'examens/enseignants sont apaisés, pourquoi continuer à se battre avec la communauté?
Il faut se rappeler que le bug en question dans la vidéo a été patché en 2017 (5.2.2 je crois?), donc la réaction de TI était du marketing et non un changement de cap.

[critor]

Why no release of tools to downgrade the OS? Is it so they can surprise us with no downgrade tools ready for a release that patches arTIfiCE so there is no way to downgrade?

https://www.cemetech.net/forum/viewtopi ... 258#291258

It's pretty obvious (and, in my opinion, reasonable) why TI doesn't want downgrade tools to be released. While many of the people in the calculator community would only downgrade to an OS version with less restrictions (a common choice is 5.3.0), we have to realize that, to the average calculator user, it is much more enticing to downgrade for a different reason- namely, to exploit a particular bug in exam mode. Given that TI's primary goal is for their calculators to be allowed and used on exams, it makes total sense why they don't want users downgrading.

I also think we are giving TI way too much credit for literally doing nothing. If we had some indication that this was a deliberate attempt at reasoning with us, then this would be a different story but that's just not the case.

Assuming critor's article accurately conveys his private conversation with TI, it actually looks like that is the case here:

Well according to oral exchanges to date, this is neither an oversight, nor a postponement to the next update.

This is absolutely not an official communication, but we have been allowed to tell you about it.

Although there was never a response and the communication may have given the impression of being one-sided, Texas Instruments has received and heard the multiple feedback from its community, and wishes to give developers a chance. to continue to distribute their creations for TI-83 Premium CE and TI-84 Plus CE , through the use of CabriJr and arTIfiCE !

Obviously this should still be taken with a grain of salt, as it's by no means an official communication from TI, but assuming the person critor spoke with truthfully represents the company, it looks like this is a deliberate decision they've made, at least for now.

https://www.cemetech.net/forum/viewtopi ... 259#291259

[critor]

Le niveau monte, progressivement.

Autre post très intéressant :

Okay so this is gonna be a bit of a lengthy post.

First, remember there are several parties in this from the TI side as well. You have the programmers who actually write the OS, you have their bosses, and you have the exam regulators.

Now, assuming they were forced by the exam regulators to remove ASM, it wouldn't make sense for them to add it back now. Perhaps they were required to "remove it permanently". Anyway, adding the actual Asm( token back right now would definitely be a bad move for TI.

About the programmers that actually work on TI-OS: we often make fun of them for writing terrible code, but honestly, this is to be expected. They aren't the people who wrote the original code base, those have left TI many years ago. TI-OS has also existed in some way for what, over 30 years now? Do you know of any software product that has existed for that long without becoming unmaintainable? Point is, these programmers are not incapable. They only do the things TI pays them for, and TI doesn't see the need for a major rewrite.

Anyway, it is possible, maybe likely, even, that current TI-OS developers are on our side. Our hobby is their entire job. They would also never have gotten into a programming job without liking programming in at least some way. They also definitely have a story of how they learned to code, perhaps on an old 80s computer, maybe by writing homebrew for their favorite game console... It is rather unlikely they would want to take this away from us. At least, the "person" part of them. This says nothing about their "professional" side. If TI forces them to remove something, they'll have to do it. Maybe they don't like us finding exploits either, because it means they will have to fix them.

At least the programmers, the people who actually modified the OS to remove the Asm( token, knew that the PTT exploit from the video wasn't caused by ASM functionality. Maybe their R&D department didn't, or maybe even they knew and they only had to do it to please the regulators. In any case, the people who ordered them to do it probably don't even understand what ASM means.

Also, think about what ArTIfiCE means for them. The exploit is in the CabriJr app. They'd have to implement app downgrade protection, which would require extending their app verification functionality, would definitely break something backwards-compatibility related, and there's currently no harm being done. Or maybe they haven't been able to fix the exploit yet because it's a complicated exploit that requires a lot of work to fix (which seems unlikely, but well, you have to consider every possibility).

(tongue-in-cheek, it is also possible the OS programmers are only pretending to be unable to fix the exploit, but anyway)

Or maybe CabriJr was written by someone else, and TI doesn't have the source code? This would mean they can't fix it. Or at least, they can use it as an excuse for not fixing it.

So considering they were forced to remove Asm(, they can't just add it back, but they've seen our reaction now, and see no harm in keeping the status quo. All of this makes sense. They fixed flash unlock and downgrade-related exploits, because those are harmful to them as a company. They asked us to not look for more exploits. Less work for us, less work for them. They've "endorsed" ArTIfiCE for now, as it looks like the exam regulators are at least vaguely happy, and they probably didn't want to remove ASM themselves at all. Now, whether we follow their unspoken rules is up to us, but this seems like a generally good idea. If we prove "obedient" now, they may loosen up in the future. It sucks that they don't want flash unlock exploits either, but it's understandable from their point of view. Maybe we could find a compromise in no exploits being documented, but to have some (e.g. in Cesium) still being released? If you're capable enough to find an exploit, you should also be capable enough to understand that it can be used for evil and take appropriate precautions.

Let's at least agree to not get mad at them right now. They didn't fix ArTIfiCE, so from their standpoint it looks like they're doing us a favor. Of course we're still mad at them for removing ASM in the first place, but now that ArTIfiCE is at least semi-official, if anything, chances are only lower that they will change anything about it in the foreseeable future. Maybe they realized their mistake this time. Let's not do things that screw them over as a company, and they'll hopefully not do things that screw us over as a community. Of course, if they break their side of the deal, we'll be ready. But let's not give them a reason to dislike us even more for now.

https://www.cemetech.net/forum/viewtopi ... 263#291263

[critor]

Now, assuming they were forced by the exam regulators to remove ASM, it wouldn't make sense for them to add it back now. Perhaps they were required to "remove it permanently". Anyway, adding the actual Asm( token back right now would definitely be a bad move for TI.

If this were the case, someone would have come out and said so, given that they know they've pissed off a lot of secondary customers. Something as simple as "we were lobbied by exam regulators to remove it, but we're not fixing Cabri's bug" would deflate much of the ire they've evoked. Which means it's likely not the case. What's more likely the case that an older, patched, bug was revealed to TI and rather than doing their due diligence to fix it properly, they just nuked Asm( as their way of "fixing it".

Either way, I sustain my point that a lot could be fixed if they'd just talk to the community directly publicly instead of back-alley channels of communication and speculative nonsense. Maybe because we're not their primary customers they think having the community's support behind them is of little consequence, but perhaps they should take a minute to look at the most successful projects, especially software, out there of late. Look at the degree of interaction with "the community" the renders success... how they actually watch the content creators who stream their game/program and use that feedback to improve and as a result the quality of their products vastly increases. We do much of the legwork for TI with finding (and sometimes patching) bugs, the least they could do is fix the things *properly* without screwing the community in the process.

Secondly, if you read critors post, much of it goes on about how TI "underestimated the sensitivity of young HS students to injustices". So, in reality, their supposed "truce" is also a veiled insult. Somehow, because the community has no chill for b.s. fixes for already-fixed bugs that remove features that promote programming on a supposedly "programmable device" on a device marketed for its "programmability", that makes us "sensitive". Take a few minutes to think about what they're really saying here. It's not "we made a mistake removing assembly for a b.s. fix and now we've pissed off a good number of customers, and should probably not fix this bug". Instead its "we pissed off an oversensitive group of young people, so i guess we'll leave it as is, but also here's our list of demands that we (TI) may not even abide by in the long term anyway."

https://www.cemetech.net/forum/viewtopi ... 265#291265

[critor]

*Ahem!* There's internal politics involved here. TI Education Technology has staff who support and are impressed by what this community has done. There are also staff who oppose having any fun. What you're seeing here is a standoff between two internal parties and a third not privy to their discussions. Stuff like Bootswap understandably upsets the anti-fun staff. Although the oldbies in this community have all been willing to play by a no-cheating-tools ethos, we barely get any feedback from TI, which makes it hard to find out in advance if something like Bootswap would be seen unfavorably. After all, Bootswap is not directly a cheating tool.

I've said this before, and I'll say it again differently: the root problem here is communication. As long as TI continues to believe they need to keep a strict NDA system in place, that isn't going to change. And that's a problem, because it means we can't humanize each other. I'm sure the anti-fun staff at TI think of us as deranged hackers looking to help students cheat their way through school who can't be reasoned with; just as much as we often see TI as being a faceless corporation incapable of being reasoned with. And without good communication, frankly, it's true: no party can reason with the other without being able to talk.

As for why TI loves their NDAs so much, well, here's something our younger community members probably don't know. Calculators are actually only a small part of TI's business. Texas Instruments is primarily a semiconductor design and manufacturing company. That means that their core business is actually designing and producing "computer chips"---although many of the chips they produce are entirely analog! Their primary interaction with customers is through industry meetings and publications. Similarly, Education Technologies primarily interacts with customers through T^3 and teachers' magazines. (What, you think paying for the calculator makes you the customer?) Outside of Education Technologies, TI is not a consumer products company. I suspect one thing preventing good communication is that TI's management and corporate culture don't understand how to be a good consumer products company.

But an even bigger problem is that the people---teachers---who create demand for calculators aren't the ones paying for it---students. I'd bet a reasonable sum of money that the decision to ban access to native code was driven primarily from some from bean-counting MBAs who argue that students don't matter to the business. Unfortunately, they're not even wrong. But I don't think they're right, either. After all, the pocketbook patsies of today are tomorrow's customers, and I think that cold attitude could ultimately kill Education Technologies by making it emotionally easy for teachers to consider alternatives. If you only remember calculators as dull tools, why not just switch to Chromebooks?

I don't know what more we can do about our communication problems. We seem to be trying to talk with someone who doesn't want to talk. It's the most frustrating part of this community.

Well, that was a ramble with no unifying theme.

https://www.cemetech.net/forum/viewtopi ... 267#291267

[Afyu]

Si j'ai bien suivi, il faut tout de même passer par un chemin assez sinueux pour pouvoir de nouveau lancer des programmes "ASM" et le support des programmes "ASM" n'est pas officiellement rétabli. Confiance, confiance...

[Hamza.S]

comme pour la version 5.5.2 oui arTIfiCE et cie

[critor]

Si j'ai bien suivi, il faut tout de même passer par un chemin assez sinueux pour pouvoir de nouveau lancer des programmes "ASM" et le support des programmes "ASM" n'est pas officiellement rétabli. Confiance, confiance...

Ah certes ce n'est pas parfait, mais nous aurions pu avoir bien pire.

Je suppose que les avis sont tout simplement partagés chez TI :

• il y a ceux qui poussent pour la sévérité et l'interdiction
• et ceux qui poussent pour l'ouverture et le compromis

Peut-être que suite à la vague d'attaques d'une violence inouïe que TI s'est pris à la rentrée 2020, ceux qui avaient réussi à pousser l'interdiction brutale de l'ASM sans la moindre discussion, ont un peu perdu en influence/crédibilité.

Vu les différentes orientations des mises à jour, on peut supposer une proportion je crains proche des 50/50, en incluant bien sûr tout-le-monde avec le poids de chacun (développeurs, commerciaux, décideurs, etc.)
Et donc Il faut souhaiter que la tendance ne s'inverse pas, ça a l'air de se jouer à pas grand chose.

[anthony cagliano]

ACagliano here (decided) to create an acct to sound off on this thread, given it is the source..

My concern is less about one specific issue than it is an amalgamation of them.
It's not JUST that an implicit agreement between the community and TI was "no exam mode hacks, no touching asm" was broken.
It's not JUST that we don't trust them anymore.
It's not JUST that their recent actions have been at the community's expense for pretend security.

It is all of them together.
If TI was merely alarmed that a PPT bug was exposed and decided to nuke asm, that would be one thing.

- But TI didn't bother to validate the source of that video to see that it was a teacher, not a community member.

- TI didn't bother to validate that the video documented an outdated bug that was fixed two versions prior... a bug THE COMMUNITY reported and patched before TI did.

- TI seems to think that removing the ability to access a bug's triggers (removing asm) is better security than actually removing the bug itself. This learning IS major calls BS on that. That solution may fly with exam boards and teachers who may not know better, but for programmers not so much.

- In the past, the community has done its share of causing some of the rift here... from cracking test mode to other patches. But as far as I know, when TI asked us to refrain from releases of that sort, we complied.

- When we release awesome software that pushes the limits of TI's hardware, not only does it do us well, but it also does TI well. The years Cemetech showed off TI calculators at Makers Faire; the thousands of people worldwide the programming community can reach -- all people exposed to the true capabilities of TI's hardware.

- TI should be leveraging our experience and creations to promote the capabilities of their hardware, not shutting us down for pretend security.

- Many of the devs who release "malicious" tools these days do so simply to regain access to the features TI has taken away from us for pretty much no reason. I can guarantee that if TI offered to bring back ASM and asked that the community no longer release or host PTT hacks, exploits, or other "malicious" code, they would gladly oblige.

I even made a suggestion in SAX on Cemetech earlier: Perhaps an open forum, like a private GitHub where TI could post the TI-OS code and allow certain privileged community members of their choosing to fork optimizations, bug fixes, feature additions, and a hardened security profile. An important concept TI should recognize is that open-source-ish is not necessarily insecure. In fact, some of the most secure cryptographic methodologies that exist today are open source. Rather than have to figure out ways to fix the constant exploits the community is finding, let the community fix it themselves, and let TI more optimally use its dev team to actually create a better product.

[critor]

Thanks.

Sorry if you perceived something bad, I'm just trying to inform, not passing judgment on people opinions.

TI did act in a very bad way. I said it many times, and I'll say it again.

It isn't my decision, but you perfectly have the right not to trust them, and I am not going to blame you for this.


And personally I have nothing against BootSwap, it's a great tool, already installed on all of my compatible calculators.
Very useful to install any OS versions whenever I need them, in order to test and compare them.