From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tobias Platen <trisquel@platen-software.de>
Subject: Re: Meltdown / Spectre
Date: Wed, 10 Jan 2018 11:46:46 +0100
Message-ID: <54a2c765-e064-15ab-345c-da8b0f755ab4@platen-software.de>
References: <874lnzcedp.fsf@gmail.com> <20180106174358.GA28436@jasmine.lan>
	<87lghapeu5.fsf@gmail.com> <87incc6z9o.fsf@gmail.com>
	<87fu7g436e.fsf@fastmail.com>
	<807794bd-5262-8b36-1f9f-dd3a316928ff@tobias.gr>
	<87d12i7pud.fsf@gmail.com>
	<315934ac-8ea6-5728-87a3-26cc59033220@tobias.gr>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51814)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <trisquel@platen-software.de>) id 1eZDty-0002JD-2G
	for guix-devel@gnu.org; Wed, 10 Jan 2018 05:46:35 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <trisquel@platen-software.de>) id 1eZDtu-0000s2-Qz
	for guix-devel@gnu.org; Wed, 10 Jan 2018 05:46:34 -0500
Received: from v2201304502512175.yourvserver.net ([37.221.197.247]:56413
	helo=v220100350252766.yourvserver.net)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <trisquel@platen-software.de>) id 1eZDtu-0000qR-Jc
	for guix-devel@gnu.org; Wed, 10 Jan 2018 05:46:30 -0500
Received: from [192.168.0.22] (p54A26421.dip0.t-ipconnect.de [84.162.100.33])
	by v220100350252766.yourvserver.net (Postfix) with ESMTPSA id
	3F2E6140A44
	for <guix-devel@gnu.org>; Wed, 10 Jan 2018 11:46:26 +0100 (CET)
In-Reply-To: <315934ac-8ea6-5728-87a3-26cc59033220@tobias.gr>
Content-Language: en-US
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org



On 09.01.2018 22:18, Tobias Geerinckx-Rice wrote:
> Katherine,
>=20
> Not really an answer to your question, I'm afraid. Just some thoughts I
> had after hitting =E2=80=98Send=E2=80=99 on my previous non-answer.
>=20
> Katherine Cox-Buday wrote on 09/01/18 at 21:13:
>> Tobias Geerinckx-Rice <me@tobias.gr> writes:
>>> [...] how do we square not recommending proprietary globs like this
>>> in official channels with giving users all knowledge required to
>>> decide for themselves?
>>
>> Yes, this exactly.
>>
>> It's a unique (hm, is it?) situation pitting the ideals of copyleft
>=20
> I don't think it's unique per se, but it is of another degree entirely
> than, for example, asking users to buy a =E2=82=AC15 RYF-certified wire=
less card
> instead of pushing proprietary firmware to the one they already have.[0=
]
>=20
> The rationale there being that freedom is worth the price, and
> (implicitly but importantly) that this price is affordable for anyone
> who values their freedom and owns a computer to begin with.
>=20
> I think that's reasonable.
>=20
>> against the welfare of users. If an opaque microcode is required to
>> successfully mitigate these bugs, what is the moral stance to take> I
>> don't have an answer and that's why I'm asking here :)
>=20
> Logically, it's perfectly sound to extrapolate the above policy to CPUs
> and entire systems. I'm half surprised someone hasn't done so yet: buy =
a
> Free(er) system, and you're arguably much better off than with even a
> patched non-Free one. And you're voting with your wallet. We all win!
The Talos II is a free-er system. And its processor (the POWER9) does=20
not seem to be affected by Meltdown/Sprectre [1].

[1] https://mobile.twitter.com/RaptorCompSys?p=3Ds
>=20
> Morally, at least in the short-to-medium term, I'm not convinced.
> The smell of privilege becomes hard to ignore with the costs and other
> assumptions involved.
>=20
> Like you, I'm very curious to know what others think.
>=20
>                                   * * *
>=20
> Note: despite my musing above, I don't *actually* expect GNU Guix to
> start shipping or even recommending proprietary software, including
> microcode. It opens cans of worms and then the worms get everywhere.

>=20
> Kind regards,
>=20
> T G-R
>=20
> [0]: I'll not address the question of whether a device with proprietary
> firmware that you can or must update is more or less free than a device
> with proprietary firmware that you can't.
>=20
The Free Software Foundation treats programs stored in ROM as hardware,=20
this is documented in [2] and [3].
[2] https://www.gnu.org/philosophy/applying-free-sw-criteria.html
[3] https://www.fsf.org/campaigns/free-bios.html

Tobias Platem