Re: [GNU-linux-libre] Free firmware - A redefinition of the term and a new metric for it's measurement.

[David Craven <david@craven.ch>]

Hi Denis,

Thank you for your extensive feedback.

> With that we can still use WiFi by ignoring the intel wifi card and
> using an USB wifi card instead.

I considered using this option but realized that I had a buggy thunderbolt
controller in my laptop, that I can only update from a windows computer
and therefore know for sure it can be modified remotely poses a much
larger security issue, that I would not actually gain anything from replacing
my wifi card. And besides these obvious and visible firmwares I have no
clue what other non-free firmware is running on my laptop.

I concluded that if I didn't know, that likely most linux-libre users didn't
know either and where likely much less aware of what that could actually
mean.

While obviously you understand hardware and the hardware you are
using, most people do not. And I think we need to make sure that
people that don't - I consider myself being one of those people - can do
the *best* with what we have and have the information available to us
to make informed decisions.

I bought my dell xps developer edition before I had any involvement
with a GNU project, and I bought it because dell was actually providing
at least some kind of linux support. I currently can't afford to buy a new
laptop even if the one you are using is much more free. Besides I have
the dream of building a replacement mainboard with a RISCV SoC for
it. But that is still beyond my capabilities :) FYI: This dream mainboard
would also feature a software defined radio [0] instead of a wifi card -
another interesting free hardware project, although the sources have
not been released yet.


Another thing I found very frustrating was a conversation that I had
on IRC. It went like this:

Can guixsd run on a RPiv2?

Yes, sure. You'll need to use vanilla linux and add some firmware, I'll
show you how to do it.

No thank you. I don't want to use binary blobs. I'll just use another
distro until guixsd works without binary blobs.

I expect that everyone recognizes the irony in that.

> While this is really great and that each new free firmware is a great
> achievement

I agree.

> When taking security seriously, the fact that a non-free firmware is
> running in peripherals that can have access to the main system's RAM
> has to be taken into account.
>
> However I don't have a clear idea on whether it has to be dealt with
> within free software policies or not, and how much it is in the scope
> of free software.
>
> I don't think we, as the free software community, can ignore it as it
> means that some non-free code can take control of your computer...

Yes with buggy thunderbolt controllers this is becoming a real problem.

> For instance in Replicant, we decided not to focus on devices that can
> permit non-free firmwares to take control of the main processor, and
> instead to prioritize work on devices where the hardware doesn't have
> any physical ways to allow a non-free firmware to access the main
> processor's RAM.

Replicant looks very interesting, especially since I owned quite a few of
those nexus devices that are supported. Sadly not anymore :/

I wasn't aware that there was so much documentation available about
mobile devices. How do you know all that stuff? :)

Thank you for your input,
David

[0] https://xtrx.io/