[Mageia-dev] free software purity question

blind Pete 0123peter at gmail.com
Thu Jul 19 16:55:31 CEST 2012 

Johnny A. Solbu wrote:

> On Thursday 19 July 2012 15:08, Christiaan Welvaart wrote:
>> Why are you talking about *drivers* when the remark you quote is about
>> *firmware* ? Some open source drivers don't work (well) without them
>> loading non-free firmware into the device.

There are two overlapping issues here.  

If you do not trust the competence of the closed source coders then 
closed source firmware plus closed source driver is worse than just 
closed source firmware.  More code, so more chance of hitting a bug.  

If you do not trust the integrity of the closed source coders then 
you are completely screwed if you use either.  Legend has it that 
during the lead up to the first Gulf war the Iraqi military was 
compromised when the US managed to get a "special" printer plugged 
into the Iraqi network.  

> Because it is the same issiue. I treat firmwares the same as I treat any
> other software. if a device can't work without installing a package
> contaning non-free firmware, I'm not using it. 

Stop right there.  That is the issue that I am interested in.  

I am using an old ATI video card.  There is no closed source driver.  
There *is* a firmware update.  If I do NOT load the updated firmware 
how does it work?  Am I not running any firmware at all?  Or am I 
just running an older buggier and equally untrustworthy version of 
the same code that was burned into the ROM at the factory?  

When I boot my computer the motherboard BIOS hands control over 
to the video card's BIOS.  (Or is that all of the expansion slots 
in turn?)  It runs uninspected code from ATI before it even looks 
at my hard disks.  Is that any less bad than running uninspected 
current code from ATI?  There is a small chance that the firmware 
update is specifically targeted at cracking my computer, but I 
doubt it.  There is also a small chance that the only fix in the 
update is to make the spybot work, but I doubt it.  If you handle 
state secrets you might want to consider using a pencil and paper.   

> In order to use it I might
> need to install a non-free software package (rpm, deb, tarball). How is
> that any different than a driver? Both have to be installed by the user.
> (yes, yes, the default might be to have them preinstalled in some distros,
> that is not the issiue.)
> 

-- 
blind Pete
Sig goes here...

More information about the Mageia-dev mailing list