I think the ideology of the FSF is a perfectly fine one. It's the hardware vendors that insist on binary blobs that are the problem here.
Nobody produces truly free consumer hardware and nobody has produced any for years now. Everything is hidden away because of fears of patent lawsuits and other people copying this One Neat Trick when initializing the devices.
Intel would lose very little if it published the source code for the blobs loaded into their processors, because the signature requirements prevent anyone else from developing their own microcode, yet it still encrypts and obfuscates the compiled code. The same is true for most chip and UEFI suppliers.
I hope riscv will soon take off in a way that foregoes all of these blobs, though I highly doubt it since modern hardware is encumbered by patents and secrets. It's a sad reality that free, libre computers do not exist and blaming the FSF for having high standards is the wrong approach.
Not only does the FSF object to the inclusion of nonfree firmware, but it also objects to even so much as making it available. Case study here would be OpenBSD, which is about as free of an operating system as it gets, and which does not ship with nonfree firmware by default. However, because of the existence of the `fw_update` command (which - by the explicit consent of the user/owner of the machine - fetches any nonfree firmware necessary for the hardware on one's system), OpenBSD doesn't qualify for the FSF's endorsement.
The FSF's stance here also impacts the "ports" trees of various BSDs and (GNU/)Linuxen; if they so much as include instructions for compiling and installing nonfree software (regardless of whether they actually include nonfree software), the FSF considers the whole OS nonfree. Same deal with any (GNU/)Linux distro that maintains a nonfree repo - even if that repo is disabled by default.
The rationale for these sorts of stances is that even so much as making nonfree software available for installation is an "endorsement" of that software. In spite of that rationale, the FSF maintains officially-sanctioned precompiled ports of software like GIMP for nonfree operating systems like Windows and macOS - because apparently it's okay to endorse those nonfree operating systems, because reasons.
About the microcode: the argument is basically "It is good nonfree software, just give up and accept it." Sorry? This is FSF. And no, it is not always good: https://www.theregister.com/2018/08/21/intel_cpu_patch_licen..., and when people don't accept it, https://www.theregister.com/2018/08/23/intel_microcode_licen.... If a majority of intel's customers said: sorry, we'll find other solutions rather than accepting your nonfree license, intel would freely license it.
> In other words, you can’t microcode update a CPU to add or substantially change capabilities.
There is CCC security presentation floating around where someone reversed engineered microcode before it was signed, and designed a backdoor into it, a remote code execution triggered by going to a specific webpage. That is a substantial capability that exists in todays microcode.
> ...In other words, you can’t microcode update a CPU to add or substantially change capabilities...
> ... vulnerabilities such as Meltdown and Spectre, which were partially mitigated through a microcode update ...
Of these two snippets, only one can be true. Either opaque microcode updates can substantially change how a system performs, or they can't. These mitigations are major changes to how the processor works.
This post looks to me like a fairly typical "doesn't quite get what they mean by freedom" take, of which there are many (which is cool, freedom isn't everyone's cup of tea). The FSF has been quite consistent that if there is a choice to be made, the user should have a practical way of making that choice. If the manufacturer can change how a CPU works with a microcode update, the user should be able to as well.
The FSF has a clear role here. Their job is to say "this software is free, this software is not". People constantly call on them to compromise on that role in the name of security/convenience/helpfulness/strategic adoption concerns/the impractical nature of their stance. The FSF should and does ignore those people. They are a (slightly quirky, yes) moral lighthouse more than an adoption friendly technical project. This microcode is not free software and someone should be pointing that out and complaining about it. If the FSF isn't taking a stand against non-free microcode, who will?
FSF's hardline attitude has always rubbed me the wrong way. I respect and support their goals but at the end of the day software should respect the needs and desires of their users
I saw this on the nonguix repo for all non free software for guix
> Please do NOT promote this repository on any official Guix communication channels, such as their mailing lists or IRC channel, even in response to support requests! This is to show respect for the Guix project’s strict policy against recommending nonfree software, and to avoid any unnecessary hostility.
To do my job and boot my laptop nonguix is required but not even allowed to talk about it with the OS it intends to support, is not something I can agree with
I think the above is the type of side-effects seen with a hardline policy of the FSF. Obviously I'm not the target of this type of policy, but I still feel more good can be done in the long run with a little compromise to the realities of using a computer today
If you'll forgive my naivete here I've been thinking a lot about the FSF philosophy and wanted to ask HN: how big of a project would it be to create a fully libre (whatever you want to call you it) laptop? Like how feasible is it to use "free" components put together into a package and what kind of budget would be required?
I think China has a few companies working on domestic processors. Let's say they are convinced by Stallman's charisma to make chips that are not cutting edge but decent, and libre.
Whatever your thoughts are on China but I would suggest to the FSF to slowly move in that direction. Where all the component schematics are open and viewable. At least to go for auditability since no one trusts the Chinese.
Like I said, forgive the naivete, but it feels like a noble yet lofty goal.
And then proceed to go into every industry with right to repair issues. Deere tractor competitors, home appliances, and so on. In the name of component longevity and repairability. All of this to repudiate forced obsolescence and to promote end user freedoms.
It's a stretch but I enjoy dreaming about it. Hoping a better world is possible.
Very few people or organizations willingly give up control. The whole reason of using copyright law to "enforce" freedom by preventing free software from becoming unfree was because of how much the current legal framework around imaginary property is stacked against a libre approach. So, it's a tough game to play, but FSF didn't achieve what it has thus far by being soft or compromising. Substantial change with hostile parties doesn't happen by constantly yielding.
Attending an RMS talk at a university ~8 years ago, some (increasingly irritated) lecturers questioned him on the use of proprietary graphics drivers in image processing for use in medical equipment and research. While RMS argued his absolute stance that proprietary drivers are never permissible, the lecturers argued that the drivers were literally saving lives and people would die without them.
"They should die for the cause."
Harm isn't very present on the FSF priority list.
Properly isolated accessory non-free hardware is a good thing, and for a user whose threat model requires libre hardware, the security model of the PinePhone or Librem 5 where the LTE modem is isolated with a kill switch to interact via USB (rather than connected via PCIe, which would have direct memory access) is the right choice.
Is a Thinkpad T400 with a Core2Duo and SSD the right choice in 2022? What about a Pinebook Pro? Friends and acquaintances I know are using these computers as their primary devices today.
In terms of security and stability I think FSF view is correct
Although I think they could have a second tier, more relaxed for Debian, NixOS and others, that exclude nonfree software/firmware but allows you to enable it. But in general I think it is commendable that they have been able preserve their values and not dilute and disappear
When I buy my hardware I make sure it is compatible, stable and won't have many issues with Libre Linux, even thing like swapping the wireless card to a compatible one
And this has been the rule also for all Linux users. You want to make sure you have a smooth experience, you will have to check for hardware recommendations. Want fingerprint working? Better be sure before you buy
Regarding security most Libre people are not serving cloud services in their computers, and install only open source. So the microcode security mitigations like, spectre and meltdown, are mostly unnecessary. Also browsers and kernels have been patched for it anyway
When I configure a server I will probably majorally never upgrade it, because it will always cause problems, sometimes small, other times big headaches. I would sooner configure a new one and migrate things slowly
If one microcode update is enough to fix your system is also enough to break it: Intel to disable TSX by default on more CPUs with new microcode https://news.ycombinator.com/item?id=27664856
This recent security paranoia that you should be updating everything every day or else the hackers will get you! seems unnecessary and potentially harmful
Anyone know if the mnt reform laptop is blob-less?
https://mntre.com/media/reform_md/2020-05-08-the-much-more-p...
A 2009 thinkpad is rather capable of being a daily driver for most people. Saying otherwise, you're only contributing to the growing problem of ewaste.
Even the T60 offers a decent performance if your usecase is browsing the web, mail and other simple tasks.
The FSF might be wrong in some aspects but there's no real alternative to Libreboot. The Framework laptop is not free software friendly. Even if it was corebooted, it would require many proprietary blobs and it's highly unlikely, if not impossible, that they will be ever able to remove the Intel ME.
There are other options that are nearer to be completely free (as in freedom) hardware, eg the Pinebook Pro. I'm unsure if there are any proprietary blobs required to boot it tho, but the lack of Intel ME makes it a much better candidate for a new generation of 'libre' hardware.
The author seems to limit their analysis to laptops. As far as I know, desktop/server class hardware does have reasonable options like those from Raptor Engineering (such as Talos: https://www.raptorengineering.com/TALOS/talos_comparison.php), though I could be wrong. Could this more of an issue relating to how laptops/phones are built/marketed/sold compared with desktops/servers (and given those effects, building a free-software-based laptop/phone is practically impossible given the lack of possible components)?
This discussion all seems to boil down to the semantics of what's "firmware", what's "software" and what's "hardware". Considering how blurred the line really is between the three, the feud seems pedantic at best.
FSF should stick to software only, learn to see shades of grey and label hardware accordingly or reject anything that isn't open until silicon (silicon excluded). Current choice is half-baked.
I had a discussion similar to this with RMS a while back and he seemed to think that the x86 and ARM architectures were completely hopeless for this because of the management engines etc. At that time there were credible attempts to build completely blob-free POWER9 systems, so Ifigured that was the thing to get once they got a bit more affordable. I don't think the Talos stuff ended up blob free, but it is way less blobby than x86 stuff. Maybe there is hope of blobless RISC-V systems some day.
people have opinions. more news at 11.
sorry, but i think the FSF is totally justified. the ME engine and stuff like that showed that the industry does not have the best interest of customers (business and endusers alike) at heart and will fuck them over for more money.
and then the whining here is great again and it's like "Stallman was right" and at the next turn "but ma feetures" complaints come around, because it costs more money or time which also would be the ethical thing to do often enough
Is RYF certification a significant market force among users who want more open devices? I don't really follow it closely enough to know, but I checked in on the Librem 5 project periodically and this is the first I heard about RYF certification for the project, or the implication that it would be a significant driver of customer behavior. Is my outsiders impression of this niche incorrect?
I’m confused. Who’s the target audience of this post? Anyone strictly adhering to FSF recommendations is most likely not a for profit business, and therefore probably doesn’t give a care about spectre or meltdown, for example. I for one add mitigations=off to all my personal systems boot flags.
Some open firmware resources:
I've got the feeling the author has read my comment: https://news.ycombinator.com/item?id=30036588
What is said about librem5 is irrelevant: it is not certified.
What is said about gaming the certification is irrelevant: no currently certified devices does it.
There are modern certified devices: Talos motherboards.
There are no modern laptops certified? Blame the vendors. OK, this may not make them change their mind, but while we are not fully independent, I see no other way.
There's a ton of expertise being bandied about here.
It's sad any of it is being directed towards sophistic, quasi-religious debate.
The central problem here, is that RYF, just like the FSF itself, is outdated and hasn’t been relevant for a decade or more.
It’s a dinosaur from another era with its hypocritical RAM vs ROM policies, or “secondary processor” loopholes.
It assumes that there’s one Central processor in charge, something that hasn’t been true for a very long time.
Which parts of an SOC is central? The CPU? Great. Modern CPUs are multicore chips, so which one are central and which one are secondary?
No. The hardware industry's relationship with the user owning their own devices is harmful.
undefined
I'm well out of my realm of expertise here, but I had a gut reaction to:
> Libreboot, being FSF-recommended, also has this policy of disallowing firmware blobs in the source tree, despite it being a source of nothing but problems.
Later the author points out how there isn't any contemporary libre hardware that would satisfy users (vaguely but reasonably described), and so "free" solutions utilize loopholes in the legal language that defines the FSF's "libre."
What I'm reading is that capable libre hardware does not exist, or at least has not existed for many years.
Why accuse the FSF of hypocrisy?
Later,
> At this point, total blob-free computing is a fool’s errand, so there are a lot of AMD Ryzen-based machines that will give you decent performance and GPU acceleration without the need for proprietary drivers.
Indeed, I don't use truly libre hardware either. I buy whatever The Man makes available. Libre hardware is still a worthy goal. There is no harm here on account of the FSF.