@lunar_dust_463@mstdn.social
They want you to use an OS which doesn't provide firmware updates and therefore doesn't protect you from serious known vulnerabilities. The firmware is still present when using an OS not updating it. Pretending as if the hardware and firmware isn't closed source by not...
They say that GNU is spreading misinformation and "stop getting info from charlatans"?
Reddit is trying to sell that data. I would like to sabotage that. Also, some of my activity on Reddit especially early on was quite toxic so I’d rather it be lost anyway.
I'm afraid to ask this because I'm not a dev, but I have a fair amount of linux experience. Why is it that the ability to install Google Play Services on GrapheneOS makes it not FOSS/open source, while the ability to install Google Chrome (or any proprietary software, I guess) on Linux doesn't make is non-FOSS/open source?
I'm not articulating that question very well, and I'm assuming I'm missing some key component, but they seem comparable to me, as a regular user. Is it something like the level of access that GPServices has to the kernel?
Thank you for asking a question that you were afraid to.
You could just have easily moved on, but instead you give others the opportunity to share their knowledge and subsequently you give other people opportunities to learn.
Maybe one day we can have an internet not so full of snarky replies, and instead one where everyone is given opportunities to learn, and ask, without fear of being belittled.
In order to give those with knowledge the opportunities to share, we need to ask questions that are indicative of our current understanding (or lack thereof).
It may sound silly, but asking questions really is a vulnerable act. Genuine questions are often met with unjustified and unhelpful hostility on the internet.
tl;dr: Thanks for asking! Now I'm wondering the same thing.
On Linux most distros do not actually ship chrome but chromium which is the open source version of chrome.
It also comes down to how different groups define FOSS. GNU considers even helper programs (like a package manager or firmware installer) to be "bad" for the user because they "encourage" its use so they dont want them included in GNU approved distros like trisqul or guix . this leads to those "freedom respecting" distros not having things like basic WiFi drivers or support for any 3rd party drivers.
To a less extreme degree but similar is a distro like debian, where there is a "non_free" repository available but users can choose not to enable it.
And so GNU sees having the playstore as a bad thing because its gateway to installing other non free software. Its also safe to assume most gnu evangelists probably don't care much for chromium either.
I don't have a precise answer as I'm not from that team, but as a developer I think I have a decent idea as to why, and it's mostly political.
First, I don't think it's necessarily the ability to install Play Services that makes them think it's not FOSS, but that they distribute non-free firmware blobs which are necessary to make practically any modern phone function properly, that's just the unfortunate reality because "we live in a society" that enables it. By that logic, I think they believe the vast majority of running Linux kernels on the planet are not FOSS. GNU would rather have things that are not practical and don't exist today... their stance is not currently realistic in our capitalist society IMO. They hope for things to change, but hope doesn't make change.
I also think some people look down on the Play Services thing merely because they went out of their way to explicitly support it in the OS, and basically nothing else. They disagree ideologically with F-Droid and they don't offer any other app stores by default to my knowledge.
However, there is one exception for secondary embedded processors. The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product. This can include, for instance, microcode inside a processor, firmware built into an I/O device, or the gate pattern of an FPGA. The software in such secondary processors does not count as product software.
This means that proprietary firmware flashed at the factory and impossible to replace gets a pass, while hardware with firmware updates through blobs is rejected. Important security fixes (CPU microcode) or stability improvements will be missing if you can't update the firmware.
Way to distract from otherwise good argument about firmware. Really dumb take. In case you think I'm being flippant, let me present an alternative blob:
GNU are striving for the ideal goal of fully open source hardware and software. Their statement correctly highlights the compromises of the reality of using proprietary hardware which requires proprietary firmware; compounded by the reality of oligopolies maintaining their market positions via proprietary software. Our take is that providing an otherwise open source OS within this reality is significantly better for people than letting full corporate control reign until open mobile hardware becomes practical and common, if it ever does.
I'm not a fan of GrapheneOS, but the point they bring up here is valid. There is already proprietary firmware on your computer. There's no reason why you shouldn't be updating it to protect yourself from serious exploits. The FSF takes an ideological stance rather than a practical one, unfortunately.
I agree with you: the FSF can seem unwavering in their stance, even in the face of practicality. I'm really sorry for this incredibly nit-picky detail, but I think practicality is ideological too. For better or for worse, we can't escape ideas or be free from them, so we have to choose which we value. For example, while I tend to choose software freedom over practicality, I also have, at times, chosen practicality over freedom.
Basically, if the firmware is not intended to be updated it's fine. But distributing updates, like security fixes, for firmware as blobs is somehow bad.
However, there is one exception for secondary embedded processors. The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product. This can include, for instance, microcode inside a processor, firmware built into an I/O device, or the gate pattern of an FPGA. The software in such secondary processors does not count as product software.
I know. And that's reasonable of course. I'm sure most of us would agree that proprietary blobs are bad. I'm optimistic that firmware will become more open in the future though.
I think we need uncompromising people in this world. Doesn't mean we have to listen or follow everything they say though. Those are my thoughts on GNU.
I think your question is answered by the thread you linked. Is there something in particular you don't understand?
GNU/the FSF says that GrapheneOS does not qualify as free software (which is true, it's not completely FLOSS as per the FSF's definition—the linked GNU article classifies plenty of popular Linux distros we consider to be FOSS as non-free, btw, they're not singling out Graphene), and GrapheneOS is saying they don't want to fit the FSF's definition of free software because it would mean a lack of security (which is also true; they need proprietary firmware updates from Google). The FSF has a strict definition of free software which a lot of software does not meet, and usually an entire operating system would only meet the FSF's definition out of a deliberate, conscious, ideological decision to exclude all non-free software. In their article they even list Debian as a distro which no longer meets their standards, despite Debian being known for their strict policy around only including FOSS in their repos.
This is an instance of two different entities (GNU and GrapheneOS) having fundamentally different goals (one values a strict definition of free software at all costs, one values security at all costs). You are more than welcome to do things GNU's way if you don't like GrapheneOS's way, or vice versa.
Graphene is against GNU ideals getting in the way of security, because as it turns out, they do. FSF's definition of "ok" and "not ok" firmware blobs is bogus anyway.
Edit: for all the people who don't get this: THE FSF IS FUCKING OKAY WITH PROPRIETARY FIRMWARE BLOBS, but only if they are in a separate (usually user-inaccessible) storage chip and if you don't update it; they only deem that morally ok, yet it'd be the same as loading the blobs from the disk (which makes devices MUCH SAFER to update, you don't risk a brick). They get in the way of security by abusing the trust y'all give them, cuz thank god nobody who does embedded dev takes their opinions seriously anyway. Also, you're not giving up "A bit of security", you're giving up fucking microcode updates, the ones that allow a webpage to gain root access.
FSF does not get in the way of security. FSF believes source code should be publicly available in order to even assume the software is secure or private. In a perfect world that would be nice. But in the real world, proprietary blobs are required to make the hardware functional. As long as OEMs are removed about open sourcing the firmwares, both GrapheneOS and GNU are right in their own way.
Oh, the FSF doesn't get in the way directly (they have neither the funding nor the personnel), they just misinform you to do so, so they're guilty in my book. Go read the edit in my prior comment.
Graphene is against GNU ideals getting in the way of security,
Funny, Graphene's obsession with security is getting in the way of my ideals.
Fuck Google and their proprietary security updates. I want no Google in my life and if that means a bit less security, I'm okay with that. In fact, I'd argue that running Google code that does who-knows-what for your security is itself not a very safe thing to do.
First, as nobody forces you to use graphene, they're not getting in the way of your ideals, I'm saying some of the FSF's ideals may compromise the security of their followers. When it comes to Google's blobs, It's not like they can release the source even if they wanted to, samsung wouldn't even let them cuz google leases their IP and trade secrets for the tensor chips. I don't like IP either, but I keep my feet on the ground, the blobs aren't there for firmware-level who-knows-what, due to the hardware and software model themselves, most of what they'd do would be super detectable. Go read the edit of my prior comment, educate yourself on embedded devices, the pixel hardware model and graphene's security model, then we might have a productive conversation and not uneducated conspiracy speculation.
This is begging the question, there's nothing confusing or incorrect about what GrapheneOS posted. GNU/FSF is a cult that has always been making their own arbitrary rules for what qualifies and what does not qualify as free software (I am not saying the OSI is any better in that regard, Raymond is a clown).
I highly suggest reading this mailing list thread where RMS fails to understand copyright law and thinks you can relicense permissive code to GPL, and refuses to call OpenBSD free because the ports system can be used to build a few pieces of non-free software, even though no parts of the ports tree itself are non-free (wait until he hears you can download Windows ISOs off of a web browser).
Since I consider non-free software to be unethical and antisocial, I think it would be wrong for me to recommend it to others.
OpenBSD does not contain non-free software (though I am not sure whether it contains any non-free firmware blobs). However, its ports system does suggest non-free programs, or at least so I was told when I looked for some BSD variant that I could recommend. I therefore exercise my freedom of speech by not including OpenBSD in the list of systems that I recommend to the public.
my god. Yeah, he's technically correct, but he's so self righteous about it. I think of PopOS, probably the best OS I've ever used. However when you open the shop, he would just pass out because they shock recommend discord and others.
But that's what people want. If you open the shop and don't see the discord app, people would be frustrated. It's there because people use it. Hell I use it. But according to him even the act of just suggesting something closed source, even if people want it, is .... "unethical"?
Like dude, I love OSS a lot, more than the average, but just suggesting a download, (probably because it's by the most popular), I think is a far cry from "unethical".
We do, however, need zealots in the ecosystem, they serve a purpose, we just can't let perfect be the enemy of good when it comes to usability, security, and privacy.
Seems the real issue is that GrapheneOS makes it possible to get google play installed via their sandboxing, that people take offence to calling it FOSS software...
Sure, fair enough, makes sense, they just need to fork the project and maintain the fork and don't include the sandboxing. It's a open code base (because its FOSS, heh) they can do whatever they want to it.
I'm not sure exactly. But I personally don't like GNU because I think they have been embedded in a form of wishful thinking for far too long. Expecting that developers and manufacturers willingly relinquish their rights to their copyright for the benefit of others, regardless if they want to or not. And expecting that end users only seek out those kinds of systems as well. In total, providing everyone with free reign with minimal regard to consequences. And pushing away those that simply want to try and make the things only a little better.
For an organization primarily devoted to ensuring that software remains open, accessible, and modifiable, they sure do seem to like to bend over backwards. Looking directly at GrapheneOS, my personal thought would be the fact the goals of GNU tend to conflict with the goals of security (the FSF has actively spoken against the concept of Tivoization, or systems that use free software but are locked down by hardware restrictions)
They're also horribly out of touch with the general public. And in some cases, simply too radical to be taken seriously. To name a few examples:
They have very little understanding of the actual public or anyone else outside of the tech field. Their Gift Guide is an absolute joke, suggesting adapters and old ThinkPads as gifts. With their most appetizing gift (a Vikings D8 Desktop computer) is literally mentioned as being out of stock. Suggesting you instead give, once again, a ThinkPad with Free software. Their only reasons for not using an actively manufactured and relatively modern (as in 3 generations ago) computer that are because of "restrictions to users freedoms" and "spyware" without very much definition aside from a few links (they've got much more to say about the computer than they what they believe in).
Their "preferred terminology", lists a bunch of jargon they don't like and their alternatives, making a lot of automatic presumptions of guilt. My personal favorite is "Internet of Stings". As if projects like Home Assistant aren't trying to improve the scene (though they're presumably ignored because they're also willing to connect with proprietary services)
TL;DR the GNU foundation is made up of a bunch of nerds who care more about messing with their computers than actually trying to do important things with them.
Because there is nothing that exists today that is completely, from head-to-tail, open source. Being allowed and able to install closed source software does not make an open ecosystem suddenly closed.
Plenty of Linux systems today rely on binary blobs to make hardware work. Plenty of software can run on an open source ecosystem while itself being closed source.
What was it I saw recently... There was a FOSS podcast player that is completely open and available, but it was demonized because you could (optionally) add the apples/itunes feed. Like reading an RSS feed from apple made it not "FOSS"
That's where I eyeroll hard. Ffs, having the option to use something proprietary does not closed source make. It was one part of one area of the app, that was like, a dropdown selection.