You deleted your last post on a similar topic, which had some excellent discussion and comments, and now all of that good content for lemmy is gone.
Deleting posts is not great for the community.
this post was submitted on 20 Aug 2024
45 points (80.8% liked)
Open Source
30974 readers
672 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
As bad as reddit is, it does suck that a lot of people who left decided to wipe all their comments/posts too. Huge amount of useful data just gone.
Yes but millions were also providing that data for free until Reddit decided it was all theirs to control and monetize. Don't blame the users.
Saying it sucks = blaming the users? Okay.
Reddit is trying to sell that data. I would like to sabotage that. Also, some of my activity on Reddit especially early on was quite toxic so I’d rather it be lost anyway.
When somebody deletes a post it also goes away from the other instances where it federated? (I hope I'm clear loll.
Yes
Way to distract from otherwise good argument about firmware. Really dumb take. In case you think I'm being flippant, let me present an alternative blob:
GNU are striving for the ideal goal of fully open source hardware and software. Their statement correctly highlights the compromises of the reality of using proprietary hardware which requires proprietary firmware; compounded by the reality of oligopolies maintaining their market positions via proprietary software. Our take is that providing an otherwise open source OS within this reality is significantly better for people than letting full corporate control reign until open mobile hardware becomes practical and common, if it ever does.
I'm not a fan of GrapheneOS, but the point they bring up here is valid. There is already proprietary firmware on your computer. There's no reason why you shouldn't be updating it to protect yourself from serious exploits. The FSF takes an ideological stance rather than a practical one, unfortunately.
I agree with you: the FSF can seem unwavering in their stance, even in the face of practicality. I'm really sorry for this incredibly nit-picky detail, but I think practicality is ideological too. For better or for worse, we can't escape ideas or be free from them, so we have to choose which we value. For example, while I tend to choose software freedom over practicality, I also have, at times, chosen practicality over freedom.
That's true. I didn't think about that. Thank you. :)
Except they also advocate using compute devices that only use blobless firmware
Yeah, the FSF stance on firmware is really weird.
Basically, if the firmware is not intended to be updated it's fine. But distributing updates, like security fixes, for firmware as blobs is somehow bad.
However, there is one exception for secondary embedded processors. The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product. This can include, for instance, microcode inside a processor, firmware built into an I/O device, or the gate pattern of an FPGA. The software in such secondary processors does not count as product software.
https://ryf.fsf.org/about/criteria
Here's an article from the previous time (?) this topic came up.
Not really weired. For example, a keyboard has a firmware. 99% of keyboards have no way of it being updated or changed. It is part of its electronics. So not a big deal. But, if a keyboard has a way to update the firmware or install another one, then it should be FOSS.
I know. And that's reasonable of course. I'm sure most of us would agree that proprietary blobs are bad. I'm optimistic that firmware will become more open in the future though.
I think we need uncompromising people in this world. Doesn't mean we have to listen or follow everything they say though. Those are my thoughts on GNU.
I think your question is answered by the thread you linked. Is there something in particular you don't understand?
GNU/the FSF says that GrapheneOS does not qualify as free software (which is true, it's not completely FLOSS as per the FSF's definition—the linked GNU article classifies plenty of popular Linux distros we consider to be FOSS as non-free, btw, they're not singling out Graphene), and GrapheneOS is saying they don't want to fit the FSF's definition of free software because it would mean a lack of security (which is also true; they need proprietary firmware updates from Google). The FSF has a strict definition of free software which a lot of software does not meet, and usually an entire operating system would only meet the FSF's definition out of a deliberate, conscious, ideological decision to exclude all non-free software. In their article they even list Debian as a distro which no longer meets their standards, despite Debian being known for their strict policy around only including FOSS in their repos.
This is an instance of two different entities (GNU and GrapheneOS) having fundamentally different goals (one values a strict definition of free software at all costs, one values security at all costs). You are more than welcome to do things GNU's way if you don't like GrapheneOS's way, or vice versa.
Best description.
Graphene is against GNU ideals getting in the way of security, because as it turns out, they do. FSF's definition of "ok" and "not ok" firmware blobs is bogus anyway.
Edit: for all the people who don't get this: THE FSF IS FUCKING OKAY WITH PROPRIETARY FIRMWARE BLOBS, but only if they are in a separate (usually user-inaccessible) storage chip and if you don't update it; they only deem that morally ok, yet it'd be the same as loading the blobs from the disk (which makes devices MUCH SAFER to update, you don't risk a brick). They get in the way of security by abusing the trust y'all give them, cuz thank god nobody who does embedded dev takes their opinions seriously anyway. Also, you're not giving up "A bit of security", you're giving up fucking microcode updates, the ones that patch well-known vulnerabilities that allow webpages to gain root access. FFS.
FSF does not get in the way of security. FSF believes source code should be publicly available in order to even assume the software is secure or private. In a perfect world that would be nice. But in the real world, proprietary blobs are required to make the hardware functional. As long as OEMs are removed about open sourcing the firmwares, both GrapheneOS and GNU are right in their own way.
Oh, the FSF doesn't get in the way directly (they have neither the funding nor the personnel), they just misinform you to do so, so they're guilty in my book. Go read the edit in my prior comment.
Graphene is against GNU ideals getting in the way of security,
Funny, Graphene's obsession with security is getting in the way of my ideals.
Fuck Google and their proprietary security updates. I want no Google in my life and if that means a bit less security, I'm okay with that. In fact, I'd argue that running Google code that does who-knows-what for your security is itself not a very safe thing to do.
First, as nobody forces you to use graphene, they're not getting in the way of your ideals, I'm saying some of the FSF's ideals may compromise the security of their followers. When it comes to Google's blobs, It's not like they can release the source even if they wanted to, samsung wouldn't even let them cuz google leases their IP and trade secrets for the tensor chips. I don't like IP either, but I keep my feet on the ground, the blobs aren't there for firmware-level who-knows-what, due to the hardware and software model themselves, most of what they'd do would be super detectable. Go read the edit of my prior comment, educate yourself on embedded devices, the pixel hardware model and graphene's security model, then we might have a productive conversation and not uneducated conspiracy speculation.
So you really trust Google to release code that doesn't do something it shouldn't behind your back do you? How cute...
I am an embedded developer so please don't patronize me. And I know enough about security to know that Google's security model on the Pixel phones is the best yet. That's not the issue. The issues are:
-
Google's code is untrustworthy unless reviewed, and proprietary binary blobs can't be reviewed. If Google codes anything, they have an ulterior motive and it's rarely in your best interest. If that's not a security shortcoming, I don't know what is. Or said another way, there's something deeply ironic in claiming to have the most secured deGoogled OS and the lynchpin of that security is Google itself.
-
Yes, using a phone other than a Pixel phone with a deGoogled OS other than GrapheneOS as I do (I use a FP4 with CalyxOS) is less secure than GrapheneOS on a Pixel phone - assuming you trust Google's drivers aren't doing other things unrelated to their driver function.
But as I said, my most important goal in anything technical I use is to not use Google. That's my ideal. Some people have ideals and aren't willing to compromise.
With that in mind, and considering that I'm a low-value target, I deem the security provided by CalyxOS on my FP4 more than adequate for my use case. Or said another way, GrapheneOS' - short-sighted, in my opinion - obsession with security gets in the way of my main goal, which is to avoid Google.
You already bought the phone with Google code in it, that ship has sailed when you purchased the device
This is begging the question, there's nothing confusing or incorrect about what GrapheneOS posted. GNU/FSF is a cult that has always been making their own arbitrary rules for what qualifies and what does not qualify as free software (I am not saying the OSI is any better in that regard, Raymond is a clown).
I highly suggest reading this mailing list thread where RMS fails to understand copyright law and thinks you can relicense permissive code to GPL, and refuses to call OpenBSD free because the ports system can be used to build a few pieces of non-free software, even though no parts of the ports tree itself are non-free (wait until he hears you can download Windows ISOs off of a web browser).
100% agreed with you.
We do, however, need zealots in the ecosystem, they serve a purpose, we just can't let perfect be the enemy of good when it comes to usability, security, and privacy.
Seems the real issue is that GrapheneOS makes it possible to get google play installed via their sandboxing, that people take offence to calling it FOSS software...
Sure, fair enough, makes sense, they just need to fork the project and maintain the fork and don't include the sandboxing. It's a open code base (because its FOSS, heh) they can do whatever they want to it.
We do, however, need zealots in the ecosystem
This is a very important point. I left the rest of the sentence not because it's not important but because most people understand that part.
Since I consider non-free software to be unethical and antisocial, I think it would be wrong for me to recommend it to others.
OpenBSD does not contain non-free software (though I am not sure whether it contains any non-free firmware blobs). However, its ports system does suggest non-free programs, or at least so I was told when I looked for some BSD variant that I could recommend. I therefore exercise my freedom of speech by not including OpenBSD in the list of systems that I recommend to the public.
my god. Yeah, he's technically correct, but he's so self righteous about it. I think of PopOS, probably the best OS I've ever used. However when you open the shop, he would just pass out because they shock recommend discord and others.
But that's what people want. If you open the shop and don't see the discord app, people would be frustrated. It's there because people use it. Hell I use it. But according to him even the act of just suggesting something closed source, even if people want it, is .... "unethical"?
Like dude, I love OSS a lot, more than the average, but just suggesting a download, (probably because it's by the most popular), I think is a far cry from "unethical".
Raymond is a fucking incel. His site is a collection of cringe and “yes, this entry here, officer”.
I'm not sure exactly. But I personally don't like GNU because I think they have been embedded in a form of wishful thinking for far too long. Expecting that developers and manufacturers willingly relinquish their rights to their copyright for the benefit of others, regardless if they want to or not. And expecting that end users only seek out those kinds of systems as well. In total, providing everyone with free reign with minimal regard to consequences. And pushing away those that simply want to try and make the things only a little better.
For an organization primarily devoted to ensuring that software remains open, accessible, and modifiable, they sure do seem to like to bend over backwards. Looking directly at GrapheneOS, my personal thought would be the fact the goals of GNU tend to conflict with the goals of security (the FSF has actively spoken against the concept of Tivoization, or systems that use free software but are locked down by hardware restrictions)
They're also horribly out of touch with the general public. And in some cases, simply too radical to be taken seriously. To name a few examples:
-
They have very little understanding of the actual public or anyone else outside of the tech field. Their Gift Guide is an absolute joke, suggesting adapters and old ThinkPads as gifts. With their most appetizing gift (a Vikings D8 Desktop computer) is literally mentioned as being out of stock. Suggesting you instead give, once again, a ThinkPad with Free software. Their only reasons for not using an actively manufactured and relatively modern (as in 3 generations ago) computer that are because of "restrictions to users freedoms" and "spyware" without very much definition aside from a few links (they've got much more to say about the computer than they what they believe in).
-
Their "preferred terminology", lists a bunch of jargon they don't like and their alternatives, making a lot of automatic presumptions of guilt. My personal favorite is "Internet of Stings". As if projects like Home Assistant aren't trying to improve the scene (though they're presumably ignored because they're also willing to connect with proprietary services)
TL;DR the GNU foundation is made up of a bunch of nerds who care more about messing with their computers than actually trying to do important things with them.
Messing with the computer is pretty important though
Because strcat is fucking nuts
However I'm still using GOS as theres no other better options
Because there is nothing that exists today that is completely, from head-to-tail, open source. Being allowed and able to install closed source software does not make an open ecosystem suddenly closed.
Plenty of Linux systems today rely on binary blobs to make hardware work. Plenty of software can run on an open source ecosystem while itself being closed source.
Richard Stallman is a toe-booger eating weirdo looking for attention.
What was it I saw recently... There was a FOSS podcast player that is completely open and available, but it was demonized because you could (optionally) add the apples/itunes feed. Like reading an RSS feed from apple made it not "FOSS"
That's where I eyeroll hard. Ffs, having the option to use something proprietary does not closed source make. It was one part of one area of the app, that was like, a dropdown selection.
Lemmy world go home
view more: next ›