For something like this, how do we know that the files are not sent to a server? Am I just trusting the web app? Is there any way to be sure other than having and reading the source?
For someone who knows that these tools exists, yes this is a way.
For an ordinary user, the only 'easy' way a user can verify the claimed behaviour is to literally go offline.
Browsers do not currently have badge to verify that the app is not sending any data. I'm thinking how we were brought to trust the padlock icon browsers display for TLS supporting sites.
I would love to hack on FPGAs but always run into the issue of closed toolchains. The recent open source work is a breath of fresh air, but we need to see an FPGA vender that embraces and sponsors this work.
I think/hope it's an unstable equilibrium -- if either Altera/Intel or Xilinx/AMD give a nod to the open source tools, the others will follow.
Lattice is seemingly at "wink wink, nudge nudge" levels of support -- their lawyers won't allow them to say anything because they're afraid of pissing off Synopsys, but they also know that they're currently the best supported platform, and don't seem interested in deliberately making things difficult.
On paper at least it could be good idea for a company in lattice's position, at very least academics would probably switch.
I would like to see a FAANG try and support some open tools - it doesn't have to be anything legally sketchy like reverse engineering bitstreams - for example, Yosys only has limited SystemVerilog support
