Nice work put the finger in the wound... sadly there is very little hardware available that works without these blobs, but even showing in what proprietary prison hell we are living is a good thing.

Not really. Lets not forget that majority of hardware still need firmware to fire up and if the kernel does not provide the firmware the card/device still has to get it from somewhere. So this does not really show the proprietary prison we live in because it ignores embedded firmware.

This action of blob removal could be in fact pulling the knife out the injury to let you bleed to death as well. Operating system like Linux in almost all cases where its loading firmware blobs the firmware blob is newer than the firmware that would be in the device. Yes so the blob would fix security flaws. Network card with old firmware does not sound like a particular hot idea from security point of view.

The old doubled sided sword problem with no real good fix. There have been very few computers made without any closed source firmware.

I think user doable bios updates are totally fine with gpl, you should have the choice and in most cases even bios updates are unnecessary.

Security is overhyped especially for private users, having a blob like we have in smartphone modems is intentionally builtin spyware and rootkits, if I have the choice between this intentional evil from companies that cooperate often with evil government organizations and here and there some security hole that some criminal might use here and there I choose the latter.

Also it's just BS the reason this things exist has nothing to do with security but surveillance and control, if security would be the goal I could use some sms-tan app on a up to date rooted Android phone, and could not use such apps on a Android phone that got no security update for 5 years but is not rooted. It's clear what is more secure.

Security is the narrative lie they use to get their real goals from having monopolies to surveillance and rootkits implemented. Heck companies themself don't believe in the security shit, here in the EU 1-pass with some easy to send sms pins or other weak technologies got used and the bit of money steeling got easily paid by the banks and insurances, but because the EU wants total surveillance they made this laws that you have to identify more and everywhere and they slowly get rid of paper money.

You can't justify giving up freedom for security, most here are probably Americans I thought you learned that in the school?

This is more complex picture.

CPU microcode is in your bios firmware. Linux distributions update this part at runtime. This removed lot of known CPU issues so increase stability.

Performing a BIOS flash update is mostly unrequited for security or stability because most of the bits that stay running after the OS is running have had methods of replacing them.

Now you totally deblob your system you remove the CPU microcode updates because they are closed source blobs you don't know what they are and now you have your applications playing up with issues that other people are not suffering from.

Ok you go I will just flash the bios on my motherboard. That flash chip has limited write cycles and ever time you write it you have a risk of bricking the complete motherboard.

User doable bios/uefi firmware updates are not as good as solution as one would think.

Problem here its not a either or choice. A some security hole a criminal can use so can a evil government organization

Yes there are many documented cases of evil governments locating security flaws attempting to keep the secret for their own usage and then leaking them latter on.

Lets compare security garbage with security garbage to justify swapping broken with broken.

Notice pinephonepro is closer to a proper security phone. It has feature you don't find in your general Android phones the means to turn off blocks hardware that contain firmware that the user cannot control.

I don't disagree false security narratives exist.

This is a false statement. You cannot have freedom if you don't have personal security. Part of personal security is the means to control you devices to prevent what information leaks. Yes monopolies will pay the security card from their point of view that will destroy personal secrurity.

With items like phones people have given up personal security. Think about it a person can turn off the all the radio parts of phone built for security and access the the data contained in the phone.

Think about this android tablets exist. Why don't you have hardware switches in android phones to downgrade them to tablets if the radio devices in them are no longer secure or safe to use.

The reality people don't go into shops looking to by a phone that gives them proper control. Think about it you buy a pinephonepro you don't need to root it to run your own software on it.

This is the thing proper personal data security you start thinking hang on all phones in shops people buy are bad.

What you describe is not a requirement of freedom but a part of freedom itself, but with blobs you never have this security (we can go into the discussion which parts we see as software and hardware or similar to hardware enough that it's ok) but with blobs you have absolutely no security or freedom inside that, because the vendor 100% controls it and likely will use it against your interests.

I also don't disagree that librem is nice if I could justify the prices by lot's of smartphone use it would make sense, but I can't even justify the price of a pinephone especially how horrible the experience is with it currently. I settled for 2 used sony xa2 one with sailfishos and the other one with iodeos.

Probably a case that blocks all network traffic would be a nice alternative to this buttons but yes I just use the phone way way to little and are to broke to justify even a pinephone currently and of course no extremely expensive librem.

But back to topic, freedom creates security, because besides some bios-level malware or some shit, the OS could work around security holes in a fixed buggy bios or firmware like we see with the intel cpu problems.
So no no patchable firmware doesn't make computer insecure if it's hard / impossible to chance then you can workaround mitigate on the linux / os / software level just fine is it a inconvenience for companies to do it that way, sure, but nobody said freedom is for free.

Also look at early versions of Xbox, they could not patch the games afterwards so they released complete products not the beta games they now release with a 10gb day1 patch behind it with more coming. So it makes the vendors take a bit time before they distribute it.

​
You only said likely. At times not updating blobs makes your security risk worse in lots of cases.. Perfect freedom

​​
First you have to understand the problem to know what you are given up.

​​​
No its not alternative unless you are never going to take the case off. There is a reason why pinephones and librem have the means to power off cellular modems​ and are using independent to core CPU cellular modem chips..
1) its not guess work that those devices are commonly flawed instead is documented fact.
2) Lot of phones have cellular modems directly connected to microphones and speakers of the phone. So hack the cellular modem in devices like this the phone can appear off but be a listening device.(why if you don't have the switches might want a removable battery)
3) There are SOC chips where the cellular modem CPU can access complete system memory. This is a reproduce of the fireware controller defect of old.
4) worse are some integrated into soc chip ones that can from the cellular modem CPU access storage.

So there is lot more details about your phone you are buying you should want to know if it being got for privacy.

Notice that it got harder to get phones with removable batteries as well.


Its been a long time since we had to deal with intel cpu problems without blob load option. Microcode is a blob load option. Microcode is the CPU itself firmware.

Yes OS when we did not have blob load for CPU where forced to disable like complete floating point support for the FDIV example because preexisting applications were not going to get patches and this was only possible if the software had a fall back for emulating floating point if the FPU was missing.

The reality here OS can only work around some of the firmware issues. Software not being updated is no where near a new problem.

Remember blobs loaded by the Linux kernel are runtime firmware replacement this include the microcode. Runtime firmware replacement when device is powered off and restarted the runtime loaded firmware is forgotten. The advantage of this is lets say you load a firmware blob that causes device not to function as long as it did not break the device power off and change to OS with correct blob and everything is normal. Lot of people forget that CPU microcode is the first OS loadable blob., Now even with a device with fully open source firmware you many still want os loadable blobs

Workaround to hardware issues in OS and software level is a lot more expensive than people think and lot more likely to have missed fixing something that should have been fixed.

That was less than a year. As soon as xbox live appeared games started appearing needing updates after release from the internet.

Please note this shows two to tango. 2002 when xbox live came out people proved they would buy games that had been reviewed as buggy and wait for internet updates.

But PC gamers had proven this years before remember all the DOOM original game time frame in the 1990s how there were different patches released on different gamer magazine covers. People have been buying broken games for a very long time.

Yes people these days forgot going to the shop buying a computer mag to get a disc with Windows and other software updates on it pre internet being common.

Xbox just brought to console what had been happening in PC gaming for over a decade and a half before.

Also at the time of release of the first Xbox there are discs of Beta games that were sold to consumers with offer of free full version down the track and that was before xbox live. . Release of beta game with free update to final release version started on console the first play-station as way get money in early to help with game development of course these were physical discs.

Releasing part done products to consumers for money is nothing new. Problem here is how acceptable it come to release a half done product labeled as if it a completely ready to play product by a non Beta tester. Some of this is consumer some companies have a track record of doing this badness over and over again yet people still buy their games.

You got it wrong that they could not patch the game afterwards. First PlayStation it was more costly to patch game afterwards as it required sending out new disc but for some games this did not stop them doing this as selling the beta solved budget problem. Patch over internet has very low cost so more vendors are willing todo it and consumers are not pushing effective back against it.

Lets be real if you never played any game by any maker who shipped game that was not correctly ready to play you would still have enough games that your lifetime would not be long enough to play even 10% of them. So it not a lack of choice problem. Just people keep on choosing to buy the games that are betas even if they complain about them and as long as people keep on doing this vendors will keep on meeting this demand because the budget problem motivation has not gone away for the vendors.

Could you try to keep a bit shorter you answered 5 paragraphs over my 1 sentence of xbox games that was just a example of a principle I could have made up a example the point of the example is not the example itself but the point you want to make

But you said the solution yourself, just give the source to all this "blobs" and you can do as much blobs as you want (except tivoisation), just if you are for some minor scam reasons or because a mafia like structure like a state blackmails you then you should obey the limited restrictions in free systems blobs are acceptable.

And obviously it's not just the states forcing this companies doing that otherwise amd would also only have a driver blob like nvidia, so companies do that by choice.

So if you have technical reasons why you need this dynamic loadable firmwares you just can do that with the price of making it free software. So that answers all technical reasons for the need of such blobs, it's totally fine if we have the source.

Its more complicated. Like with wifi and cellular modem cards you have different government regulation getting involved. Yes from the time you make a wifi/cellular modem card and it gets to consumers the regulations over that card can change. Those regulations can forbid user-modification and at worst forbid users from having source code access.

The reality is particular classes of the devices can be off the table at different times due to way the laws are at the time if you go the demand source route most of these are devices that have radio transmitter.

This is not a technical reason for dynamic loadable firmwares but legally forced in some cases.

Lot of radio devices will not fire up without having firmware loaded from the OS. The trap here that not all devices are like this. Some devices if the OS does not upload firmware the device falls back on what ever version of firmware was included in the device at time manufacture. What happens if that firmware is no longer legal. Worst case if you are in USA $10000 USD a day you use it if you are caught. This explains why a lot of radio devices don't fire up without OS loading firmware and hopefully you have kept your OS reasonably up to-date in at least the blobs department. Yes this really makes me wish that FCC and other would crack down on phone makers being allowed to release devices without any plans for firmware updates or letting users do it.
​
Yes that legally forced also can force the need to be able to update the firmware the card needs a lot. This does link to a technical reason. RAM might lose is memory totally when powered off but it way more durable than flash. So having OS load firmware into device ram instead of having user update flash rom on card reduced hardware bricking rates.

Of course there is the microcode example where without microcode update you can have either degraded stability or security.

Source to all blobs is not always legally possible. Running old known flawed firmware runs risk of some very big horrible fines for radio devices and the extra stability and security issues.

DeBlobs network drivers did they happen to be deblobing wifi cards that need the OS loaded blob so they broadcast at legal power-levels so user does not get fined.

Some items we have closed source blobs because that legal requirement. Some items not loading blob is path to legal trouble. Not loading blobs can be path to degraded stability or security compared to loading blob.

blackiwid this area is not simple. Just because you can do something does not mean it legal or safe. My point of view here if you don't want to load closed source blobs don't buy hardware that wants you to load closed source blobs.

Issue hardware that still works when we don't load OS loaded firmware blob and the vendor recommends you do OS firmware blob has many possible traps.
1) device could be operating illegally with the default firmware that could have very big fines.
2) Stability could be down graded to what it would have been.
3) security could be down graded to what it would have been.

Fun point two cards could use exactly the same driver and same OS loaded firmware blob due to the cards being made in different months 1 card could have any mix of the 3 problems and the other card could be 100 percent fine with the cards included default firmware. Yes this Deblob stuff has not added firmware version blacklists and this is kind of critical. Yes blacklist for case of X wifi card contains Y default firmware that card should not be fired up because Y version firmware is illegal now due to some rule change so keeping user safe. Yes user could be annoyed their card is not working. Of course the default Linux kernel does not need this because the default Linux kernel sees that card sees it has firmware blob for card and send current legal version into card so completely removing need to keep blacklists of cards with illegal firmware..

Yes adding blacklist system equals keeping a lot more data on card and firmwares revisions. Doing deblobing correctly is not simple process.

Linux-libre has a very dangerous false idea that if the firmware is on the cards its safe to use. The reality its not. Radio laws in most countries sux by the way. Vendor who makes the device is not legally liable in most countries as long as they have provided update firmware by some means instead the user is if they have decide not to use the update. Yes failure to load the OS firmware blob for your wifi card or install and update vendor drivers under windows legally leaves you as user of device responsible for the fines for any radio infraction the wifi card causes in most countries due to using out of date firmware.

blackiwid I know this is long but the problem is this is not simple. I do class personal security to include not doing actions bad enough to get fined that you have no assets left illegal usage of radio items can do that quite quickly. Deblobing the kernel by the Linux-libre group has not taken the legal risks to users of their kernel into account if they had they would have added a blacklist system and be aware they need to be working closely with vendors and regulators to fill in that blacklist data.

You use excuses rare exceptions to justify the 100%, just because for 1% of the blobs there might be good reasons, let's say wifi, you could build a switch or not load the driver to deactivate that in your pc done, everything else should be open in a normal pc.

With modems on a cell phone deactivate it by default, or heck even sell phones without cellular garbage at all but a sip contract...

If the laws are evil and require evil behavior, lobby to get rid of this fascist laws, create laws that they never need a mobile number but accept sip phone numbers and no sms requirements but force them to other other methods.

Nothing is just some physical logical necessarily some evil people decided somewhere something wrong to make people take their freedom away.

As you say in the law this 10.000 dollar shit is in, but it's only a theoretical maximum last effort thing, there must be malice included or somebody must gone out of their way to abuse that before a judge likely sentence that amount.

We have tons of laws that go to far, should I shoot police man because the laws gave them fascist abilities to take you away without a charge for many days before they have to give you a lawyer... like 9/11 laws.

You can't point to evil laws and say, it's not evil to do that because the evil law forces you to do it.

Yes as company you have to navigate that, but not by defending this practices but give ways to mitigate them (like toggles) and publicly shame this fascist politicians and other actors and opposing it.

As german people that just followed the orders in ww2 times they still got sentences for following the law the law is no excuse for evil behavior.