Originally posted by onicsis
View Post
GNU Linux-libre 4.12 Kernel Released, More Driver Deblobbing
Collapse
X
-
Originally posted by eduperez View PostYes, blobs can contain backdoors, but devices without blobs can also contain backdoors. Most (if not all) devices need a firmware to run; some devices get that firmware from the OS in the form of a blob, and some devices get that firmware from an EEPROM loaded at the factory. For example, you will not see any device driver uploading a blob to your keyboard, yet your keyboard does have a firmware, and that firmware could hide a keylogger, that you will never find out about. Your (blob-less) network card could be spying on your communications. Your hard disk contains contains a processor, too.
It's VERY hard to run completely blobless (modern) system nowdays.
It's not only the software on your hard drive, it's also the software (or so called firmware) on every microchip.
This is why I can't understand why is closed firmware loading from hard drive a "bad thing", while loading it from on board EEPROM or flash is "ok thing" for some. And what about when you need to update the firmware on said EEPROM/flash? Is that something you (blobless-libre-people that is) cannot accept?
Yeah, sure I wish I had some RISC-V machine with all the peripherals that only contain discrete logic and no programmable chips, but it either costs a lot or is impossible.
This is starting to sound like a rant now. I'll stop before it goes bad.
Comment
-
-
Originally posted by Zucca View PostExactly!
It's VERY hard to run completely blobless (modern) system nowdays.
It's not only the software on your hard drive, it's also the software (or so called firmware) on every microchip.
This is why I can't understand why is closed firmware loading from hard drive a "bad thing", while loading it from on board EEPROM or flash is "ok thing" for some. And what about when you need to update the firmware on said EEPROM/flash? Is that something you (blobless-libre-people that is) cannot accept?
Yeah, sure I wish I had some RISC-V machine with all the peripherals that only contain discrete logic and no programmable chips, but it either costs a lot or is impossible.
This is starting to sound like a rant now. I'll stop before it goes bad.
However, my complaint is on the (false, in my humble opinion) image of safety that they are trying to spread.
Comment
-
-
Originally posted by eduperez View Postremoving some of it is a step in the right direction. When asked why an embedded firmware is acceptable for them, they responded that by removing the blob from their distribution they are not contributing to the use of blobs; and that makes sense to me.
But closed firmware isn't something that's evil and should be avoided at all costs. Some firmwares contain IP of many companies so "it's not that simple".
Originally posted by eduperez View PostHowever, my complaint is on the (false, in my humble opinion) image of safety that they are trying to spread.
Comment
-
-
Originally posted by Zucca View PostExactly!
It's VERY hard to run completely blobless (modern) system nowdays.
It's not only the software on your hard drive, it's also the software (or so called firmware) on every microchip.
Comment
-
-
The firmware controlling the HDD is actually of minor concern. You do not need to trust it, but just treat the HDD as black box that you write bytes to and read bytes from. As long as you neither expect to read the same bytes that you wrote, nor expect the HDD to keep your bytes secret, then you can in practice ignore the firmware.
Also the ethical concerns (user subjugation through proprietary software) are less severe as HDD firmware typically sees no updates. For SSDs however, updates to controller firmware are released more frequently.
Security concerns with malware in SATA or USB HDD firmware are minor too. With Thunderbolt/M.2/U.2 this is more grave.Last edited by chithanh; 19 July 2017, 09:07 AM.
Comment
-
-
I'm still not getting just WHY shit belonging to "General Linux & Open-Source" keeps appearing in "BSD, MacOSX & Others" sub-forum.. It's 4th of 5th straight-Linux topic in this sub-forum here over the past 1,5 months.
Comment
-
Comment