On May 29, 2022, at 6:40 PM, Theodore Ts'o <tytso@mit.edu> wrote:
>On Sun, May 29, 2022 at 05:33:21PM -0400, Bobby wrote: > FWIW, as a 10+ years user (first time caller :p) I strongly support > sticking with the status quo. There are plenty of systems that don't > require firmware to work, and often when people say it doesn't "work" > they really mean that its functionality is more limited. Unfortunately, that's not true. Without the firmware, in many cases on modern laptops (for example, the Samsung Galaxy Book 360) the WiFi and Ethernet devices will simply *not* *work*. If the user has only downloaded the Netinst installer onto a USB stick (since most modern laptops also don't have DVD drives), they will not be able to install their system. This is a rather negative user experience. > Further, there are security concerns with blobs. Yes, we can get > microcode updates, but were those updates themselves actually audited? > As far as I know, they are just as opaque as the code they're > replacing. They could be making security worse, and we won't know > until someone finds the exploits. The rare event where a microcode > update is released and it increases security is far outweighed by the > vast majority of the situations where installing opaque code is > detrimental to security. On many modern peripherals, the microcode updates are digitally signed by the manufacturer. So if you didn't trust, say, the CPU updated microcode for your Intel processor, why are you trusting the original CPU microcode, which would have also come from Intel? > If people are unhappy with the status quo, my proposal would be to > encourage more people to work on free alternatives. There is an ocean > of possibilities here, from open hardware to reverse engineering. My > feeling is that a lot more could be done to better support hardware > that doesn't involve non-free code at all. There are many free > projects that have never made it to Debian. Unfortunately, if you want a modern laptop, which supports the latest WiFi standards, and which is thin and light, you're not going to find one which is using purely free alternatives. 100% free laptop alternatives do exist, but typically you will end up are using ten year old hardware, or the devices are significantly heavier and more cumbersome. And unfortunately, open hardware is signficantly more difficult and requires far more capital outlay than "open software". Simply encouraging more people to work on free alternatives is not going to be enough unless someone is willing bankroll these efforts to the tunes of millions of dollars. If people want to use really awful, old hardware, all in the name of "free software", they should certainly have the freedom to do so, and it should be easy for them to make sure that the purity of their system is not compromised. However, if someone has already purchased the hardware, it's rather horrible user experience when they discover that Debian won't install a working system on it, and to find the that the the non-free firmware in a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the leopard'. Remember, the Debian Social Contract says that our priorities are our users *and* free software. Making it nearly impossible for a novice user to install Debian on their brand new laptop where Windows 10 and Ubuntu just *works* might not be the best way of balancing the competing needs here of the users and free software. Best regards, - Ted
I personally need the non-free firmware and would like the non-free installer to be easy to locate.