On May 29, 2022, at 6:40 PM, Theodore Ts'o wrote:
>On Sun, May 29, 2022 at 05:33:21PM -0400, Bobby wrote: > FWIW, as a 10+ years
>user (first time caller :p) I strongly support > sticking with the status quo.
>There are plenty of systems that don't > require firmware to work, and often
>when people say it doesn't "work" > they really mean that its functionality is
>more limited. Unfortunately, that's not true. Without the firmware, in many
>cases on modern laptops (for example, the Samsung Galaxy Book 360) the WiFi
>and Ethernet devices will simply *not* *work*. If the user has only downloaded
>the Netinst installer onto a USB stick (since most modern laptops also don't
>have DVD drives), they will not be able to install their system. This is a
>rather negative user experience. > Further, there are security concerns with
>blobs. Yes, we can get > microcode updates, but were those updates themselves
>actually audited? > As far as I know, they are just as opaque as the code
>they're > replacing. They could be making security worse, and we won't know >
>until someone finds the exploits. The rare event where a microcode > update is
>released and it increases security is far outweighed by the > vast majority of
>the situations where installing opaque code is > detrimental to security. On
>many modern peripherals, the microcode updates are digitally signed by the
>manufacturer. So if you didn't trust, say, the CPU updated microcode for your
>Intel processor, why are you trusting the original CPU microcode, which would
>have also come from Intel? > If people are unhappy with the status quo, my
>proposal would be to > encourage more people to work on free alternatives.
>There is an ocean > of possibilities here, from open hardware to reverse
>engineering. My > feeling is that a lot more could be done to better support
>hardware > that doesn't involve non-free code at all. There are many free >
>projects that have never made it to Debian. Unfortunately, if you want a
>modern laptop, which supports the latest WiFi standards, and which is thin and
>light, you're not going to find one which is using purely free alternatives.
>100% free laptop alternatives do exist, but typically you will end up are
>using ten year old hardware, or the devices are significantly heavier and more
>cumbersome. And unfortunately, open hardware is signficantly more difficult
>and requires far more capital outlay than "open software". Simply encouraging
>more people to work on free alternatives is not going to be enough unless
>someone is willing bankroll these efforts to the tunes of millions of dollars.
>If people want to use really awful, old hardware, all in the name of "free
>software", they should certainly have the freedom to do so, and it should be
>easy for them to make sure that the purity of their system is not compromised.
>However, if someone has already purchased the hardware, it's rather horrible
>user experience when they discover that Debian won't install a working system
>on it, and to find the that the the non-free firmware in a locked filing
>cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of
>the leopard'. Remember, the Debian Social Contract says that our priorities
>are our users *and* free software. Making it nearly impossible for a novice
>user to install Debian on their brand new laptop where Windows 10 and Ubuntu
>just *works* might not be the best way of balancing the competing needs here
>of the users and free software. Best regards, - Ted
I personally need the non-free firmware and would like the non-free installer
to be easy to locate.