Yes, I don’t think it’s illogical to say to people who are using closed source / IP protected hardware that they shouldn’t use closed source firmware, unless an open source alternative exist.
Stallman is entitled to his opinion, just as everyone who agrees with him, I just don’t agree with Stallman on binary firmware.
How can you decide whether a proprietary piece of software is harmful or not? You don’t know what it does, and it’s really hard to find out, by design. The last thing is the most important. You do not control what it does. Worse, it’s usually constantly updated, without you knowing what changes exactly. How about just “one piece of non-free software” in dom0, which downloads evil_script.sh via sys-net and runs it? I think it’s very much similar to a drop of poison in an otherwise normal dish. You can’t really have security without freedom.
Also, it seems you are thinking only in terms of security here. Free software is a tangential thing to security, it’s about freedom first. (People need both, of course, but sometimes we are put in a position to choose.) What do you think dangers of non-free software are?
Consider control over what your device is doing. Apple may keep your device secure (against common threats) but when you want to do something they don’t like, you are in trouble. You stop owning your device in a general sense.
If you only have one single piece of proprietary software, then you don’t control this piece and are at the mercy of its developers. You can’t fix it when it breaks or gets insecure (only its developers can, so it’s an artificial monopoly with all the consequences). You can only trust it, but you can’t verify. Different pieces of proprietary software can interact with each other against your will (like Intel ME interacting with their WiFi card). I recommend you to read more about the FSF reasoning why free software is important.
You can call me a “zealot” if you like, but I fail to see any logical inconsistencies in the above reasoning, and it proves true time and time again in the modern world.
How is free vs non-free classification non-neutral or non-objective? It’s based on what you are and are not allowed to do with software. It’s like a basic definition of what freedom or rights are. The classification is not about people or companies.
Nobody prevents you from disagreeing with the FSF judgment. They are entitled to their opinion just like you are.
Unlike software, the organic seal may be indeed impractical in the real world due to the complexities of the manufacturing. In case of software, the “impracticality” is artificially forced on you by the manufacturers. Nothing technical prevents them from releasing the code, only, presumably, their will for power over you. The FSF is fighting with this by educating public about the dangers of non-free software.
I don’t see how they don’t recognize the practical requirements. Does it mean that they should endorse it? Or stop warning about the dangers? By the way, Stallman was using a proprietary BIOS when no other option existed.
No, there isn’t.
Their fight is similar to the fight for the freedom of speech in a world of censorship. (Compare: world of non-free software, where you are fighting for the freedom of the users.)
The censors don’t allow you to express your disagreement and you are silenced. (Compare: all media constantly advertise proprietary devices showing their advantages and ignoring the dangers.)
People tell you that they are fine with the “small” proprietary pieces, because they do no harm to them. (Compare: “I have nothing to say, so I don’t know why I need a freedom of speech”.)
Wouldn’t it be incorrect to say in such case that your “insistence … rendered you largerly irrelevant”, because you do not simply follow the “practical path” of following the accepted norms? After all, many of the greatest advances in human progress began by having the courage to question unexamined assumptions that most people took for granted at the time.
First, you did not answer my question. I was asking about naming things. You are instead saying that “impractical” advises are illogical. They aren’t, you just would have to decrease your quality of life to follow them. Sometimes freedom is worth it.
Second, it’s not even impractical, the open-source alternative does exist. I’m writing this post from it: My Librem 15 has Atheros WiFi card with free firmware. No proprietary firmware is needed to run my laptop. Only tiny part of Intel ME is left in my BIOS after the neutralization, which I can live with (but don’t like).
I didn’t see your first question.
And what about the microcode you seem to leave that part out, or are you just not using microcode updates?
I have 2 libreboot laptops, x200 and t500, I know a little about the decrease in quality of life once you are willing to remove the microcode.
This is exactly what had me confused. Qubes is supposed to be focused on security, but the cavalier use of “security” troubles me.
I’d love to see the ambiguity addressed in large red text on the main Qubes website - it’s too important to be relegated to mere FAQs or footnotes. This text would clearly mention something like this: “It is an unfortunate fact that security must currently rely on closed-source binary blobs in some cases, and there is currently no way around this because of hardware manufacturers.”
Why not make this as clear as possible to all downloaders of Qubes? Like right there, below the download button. This OS is all about security, after all. This is not all about marketing or trying to get as many users as possible - because this is a project funded by donors, not here to impress anybody or sell anything to anyone who doesn’t want what is clearly offered.
I have been using Qubes for 1-2 years, and I only found out about this issue 1-2 weeks ago because I happened to look into the Debian template’s “/etc/apt/sources.list” and being surprised as hell. (Why on earth was the Qubes Debian template different from the default Debian system offering?) The rest followed from there, and now I’m finding myself having to dig through FAQs, ask on forums, etc.
This is a sad state of affairs IMO, I’m sorry to say. (This discussion thread shouldn’t even have to exist.)
The problem with the microcode is really unfortunate, because originally one could consider this part as “hardware, not software”. According to the FSF, everything which is updatable is software (and it should be free to save you from the dangers of non-free software), whereas things which need no updates are hardware. Of course, it’s a somewhat arbitrary line to put, but you have to put it somewhere, otherwise you cannot consider anything free under any conditions, unless you have your own manufacturing process.
With such criterion, Librebooted laptops can be considered as running fully free software, because the microcode is just a part of the “hardware”. Now, it turns out that the updates are required for security.
In this situation, if the FSF would allow (or, more precisely, endorse) the microcode updates, they would be breaking their own strict rules for the free software. They would then have to remove the certification from all linked laptops and declare that no device can run free software today. Alternatively, they can continue to consider the microcode as “hardware”, which has newly found security limitations.
Look, they are the Free Software Foundation, not Security Foundation. Their main goal is to promote freedoms of software and educate the public about it. Of course, their only reasonable choice is the second one. I nevertheless think that they should be more explicit about the problems with such choice, instead of removing all warning from the kernel. Without telling it, they put the security of their followers at risk of course. Libreboot developer also disagrees with the current FSF position about it.
So in this case, one has to choose between security and freedom, as I mentioned above. I’m using Qubes OS, so I do value security to a large degree. I decided to install the non-free microcode. On Librem 15, it’s a part of the Coreboot updates, which already were non-free. Let us hope that the microcode can be freed at some point in the future.
I see in your link that FSF does require what they call a “free distro” to not recommend non-free. It still seems to me like they should more consistently call a “free distro” an FSF-endorsed distro instead, to avoid confusion with the different definition of free they use for individual software.
This makes sense when “free distro” is understood as FSF-endorsed. They wouldn’t endorse a product that goes against their principles.
Anyway, I don’t think FSF’s specific “free distro” definition is relevant to this discussion. A more relevant definition is that a distro is free if all its components are.
This caught me by surprise too (long time ago). So going back to the original topic of this thread:
I think the qubes debian template should contain no non-free components, because:
[1]see FSF’s evaluation of debian - Explaining Why We Don't Endorse Other Systems - GNU Project - Free Software Foundation
[2]Index of /images/unofficial/non-free/images-including-firmware
I care very much about free software which you can easily verify by reading my posts of the last 5+ years, but I am not deluded enough to think for a second that a 100% pure approach as discussed here works for anyone but the most nerdy fellows currently. If you have time and attention to spend on discussions around the importance of non-free binary firmware blobs … you can be expected to read forums and FAQs.
Our main focus here is security. FOSS, privacy etc are related but secondary. I want them all, but sometimes we have to trade one for the other.
Fine.
Which approach do you mean? Did anyone suggest to remove all proprietary software from Qubes OS? (Well, I wish there was such option, but not default.)
How about the problem of breaking the Debian defaults and not following the “Qubes’ attitude toward changing guest distros”? Should everyone expect it? What is the goal of having proprietary software in Debian templates? What is the tradeoff?
If there is no reason to keep non-free software, then it should not be kept for security reasons, should it be?
What I mean is that we should error on the side of security and usability.
Debian along with Fedora and Whonix are the standard distributions offered at install time. The installer allows you to choose Debian as the default distribution, which results in it being used for sys-net and sys-usb. For that to have any prayer of working on most machines, the most common firmware (e.g. firmware-iwlwifi) needs to be present. It happens to be non-free. I am sure there are more examples but this is the one most obvious to me.
I read “if possible”. What is more important to the usability and adoption of Qubes OS: the FOSS advocates’ expectation that there is no non-free software in Debian or everyone else’s expectation that WiFi works after install?
I have no idea what you mean. If I simply answer the question you posed then yes, non-free software should be kept for security reasons (if there is no equally safe free alternative). If your primary concern is security I can’t see any other answer.
If your primary concern is 100% purity in terms of FOSS (or privacy to name another hot topic) then there are better options for you then using Qubes OS. If your primary concern is security it depends on your thread model but in most cases Qubes OS is probably your best option.
In the end there are no perfect answers. As you know I prefer T430 with heads because my TCB / root of trust being FOSS is of higher security related concern to me and my thread model then having Intel’s CPU firmware updates addressing speculative execution attacks. But I still run Debian with firmware-iwlwifi in sys-net because I don’t care enough about purity and just want my WiFi to work. I don’t even care that much whether the firmware is secure/trusted because the whole point of sys-net is that it’s untrusted.
I can understand putting cognitive load on new users when asking them to make security related decisions absolutely necessary (what goes into vault, work etc). I don’t want to slow them down with purist thoughts about free software. That’s not the goal here.
A more simple and less moody answer from my perspective would be the following order of priorities:
I care about all of them, just not equally. Otherwise I’d be using OS X (usability) or Tails (privacy/deniability) or some FSF-recommended distro for freedom.
You’re forgetting the context of this statement. The context was evaluating the following analogy:
non-free software : computer system :: poison : human body
or
Non-free software is to a computer system as poison is to a human body.
In particular, the question is whether this is an apt analogy when discussing software distribution classification schemes. My position is that it is not, for the following main reasons:
Therefore, the question of how one can determine whether a piece of non-free software is harmful or not, the merits of free software, and the deficiencies of proprietary software are all off-topic in the context of this statement. I was simply discussing the scenario in which the piece of non-free software is not itself harmful (e.g., installing a non-malicious copy of Microsoft Word onto an otherwise-free system) and whether the analogy is apt.
I never said that the distinction “free vs. non-free” is problematic. What’s problematic is the stricture that containing even a single line of non-free code means that a compilation of software cannot quality as “free software.” That fails to take into account reality. It prioritizes ideological purity over practicality and progress. It admits of no nuance, because even an open-source project that makes considerable sacrifices to fight for the cause of free software gets lumped in with the “non-free” likes of Microsoft and Apple simply for protecting its users from being instantly pwned the moment they connect to the net.
These are false dichotomies. They could simply expand their classification scheme to account for different levels of freedom and encourage incremental progress toward complete freedom instead of rejecting everything that contains even a drop of impure blood. How about at least recognizing that open-source Linux distros are much, much more free than Windows and partially endorsing them for all the good they’re doing for the cause of freedom? Instead, they say, “We don’t endorse other systems” because “they do not have a policy of only including free software.”
Are you… are you serious? It’s literally one of the most controversial topics in food. And that Wikipedia article doesn’t even say it’s uncontroversial. In fact, it mostly discusses the limitations of the available evidence and difficulties of conducting studies, which happens to be part of the reason why it’s so controversial. Not sure if you follow this topic at all, but it’s been an enormous controversy for as long as I can remember:
Is eating organic produce healthier? Americans are divided | Pew Research Center
CNN.com In-Depth Specials - The Organic Debate: Healthier or not?
Health benefits of organic food, farming | News | Harvard T.H. Chan School of Public Health
The Endless Controversy Over Organic Food Production Methods - The Atlantic
Study sparks organic foods debate - BBC News
4 Science-Backed Health Benefits of Eating Organic | TIME
https://www.readersdigest.ca/food/healthy-food/organic-foods-debate/
The endless controversy over organics - Food Politics by Marion Nestle
I could go on for pages and pages, but I know you can use a search engine as well as I can.
Out of curiosity, do you also think abortion, gun control, vaccination, capitalism, climate change, evolution, minimum wage, or universal healthcare are uncontroversial?
On the contrary, it’s quite common for the media to cover the dangers of big tech and their proprietary devices. A couple of recent examples that come to mind out of the constant daily stream of them:
It depends on the situation. If we were living under an oppressive totalitarian regime and all unapproved speech were punished by immediate execution, then yeah, I’d say someone who insists that we all exercise our First Amendment rights is largely irrelevant. He’s going to get us all killed. What we would need in that scenario is a long-term plan for taking back our rights by escaping or overthrowing the totalitarian regime that begins from a sober evaluation of our current circumstances and comes up with a realistic series of manageable steps we can take with the resources available to get organized and make incremental progress toward our ultimate goal, not someone who insists on 100% free speech or bust.
This comes across like you were looking for some opportunity to throw my words back at me in a sarcastic tone but couldn’t really find one, so you kinda just tacked it on at the end even though it doesn’t really make sense because there’s no clear unexamined assumption being questioned here. Reads like a failed attempt at copypasta trolling, tbh.
You have to remember that many visitors will have no background in free software, open-source, or anything like that. They will have no clue what you’re talking about, and you will immediately lose them before they even get a chance to understand what Qubes even is.
You can’t just assume that the most important things to know should be in large red text on the front page.* If we actually followed that principle consistently, the front page would just be a giant wall of red text that read like the scrawlings of a madman. That ignores all principles of web design, marketing, human psychology, UX, and common sense. (Also, people disagree about which things are most important.)
Does a great book contain all the most important information in the first chapter? Do the most effective ads always just tell you the most important things to know about the product?
[* I assume you meant “front page” when you wrote “main website,” because the FAQs are already on the main website, and footnotes are, by definition, on the same page as their text, so they’d also be on the main website. But even if you just meant “some very prominent place on the website,” I’d probably still say the same thing.]
So this is when the non-free repositories should be enabled, not in the default case. This is how I read “if possible”.
I just do not see any other reason to lower the security of the Debian templates by enabling the non-free repositories.
Please avoid personal attacks. This is not even about FOSS advocates or even FOSS at all. I just don’t see any reason to change the Debian templates from the default ones in the default installation case. It’s also about security, see below.
Did you miss my lengthy essay above explaining why non-free software is less secure than free software? I expected that you, as someone “caring very much about free software”, already knew this. Lack of the source code means trusting the developers of the blob, without community verification. This is, technically speaking, strictly less secure, all else being equal. People probably rely on Debian templates for offline storage of sensitive data, yet, these templates get auto-updates of closed software not controlled by the user or the community. Any serious reason why it must be like this? According to your well-worded list, I see no reason to do it. AFAIK it would not negatively affect anything in points 1-3.
You forgot that it should be also needed for something at all.
Adding unnecessary proprietary software into the Qubes templates is security-related.
Non-free software is harmful to the computer security. Well, not directly harmful of course. It just lowers the security by removing the “verify” from “trust but verify”, or at least making “verify” significantly harder. (I understand that sometimes non-free software is necessary to run your hardware. This is not the case that I am discussing.)
This is problematic, because (1) you have to know when your system is compromised, which is impossible, and (2) the BIOS can be infected, so reinstalling the OS won’t help. Of course, you can also reflash your BIOS with a flasher, but it drastically decreases the number of people who can do it and increases the effort of reinstalling. How often do you reinstall something to keep your system secure?
Therefore, the question of how to determine whether a software is harmful (or, more precisely, how to determine whether the software has unreasonably higher likelihood of being harmful) is not off-topic here.
This is a hypothetical situation, which does not occur in the real word. Every piece of software is potentially harmful. The only difference is the degree of how probable this is and whether you should consider replacing it, if this probability is higher than for the alternative software.
So you disagree with the Wikipedia definition, which you yourself insisted to be reasonable?
This is just a definition. Changing reasonable and clear definitions is not how you should “take into account reality”.
Just accept that your software is not “ideologically pure”. Problem solved?
I see your point. Consider saying “Qubes OS is licensed with GPLv2, except binary firmware” or something similar. This would be honest unlike trying to change the settled definitions in the community.
I agree and AFAIK they are working on it. See also: Support the Freedom Ladder campaign: Lessons we learned so far and what's next — Free Software Foundation — Working together for free software.
I put your reply in spoiler to keep this discussion more clear; I hope you don’t mind. I started another topic about it, will reply there.
Where do these articles say that the problem is proprietary software? They don’t even say anything about freedoms and rights. It’s just popular bashing of the big tech.
I agree with you. I hope FSF is going to follow such path, see my link above.
There is no sarcasm. I honestly believe in this quote and that lack of strong push for free software harms the humanity.
So why do you insist that it’s so important to say “Qubes OS is free software”?
FAQ doesn’t mention that Debian is non-free. Moreover, it misleads the readers by saying
Not currently, for the same reasons that Debian is not certified.
And the reason that Debian is not FSF-endorsed is not non-free software incorporated into the .iso file. By the way I was mislead by this, too.
This is our disagreement. Free and open software is just as insecure as is closed software is. The whole audit argument is shallow, because in reality most people don’t and most projects aren’t. It relies on the idea that because the code is open, someone will find the malicious code and bad guys won’t even dare to include it. Reality shows that’s complete non-sense.
The vast majority of vulnerabilities are introduced accidentally. What’s a hackers first step? Get the firmware, disassemble and analyze it. If there is no Disassembler then one creates a simulated execution environment to observe the code. You know when a researcher can simply skip that part? When it’s free and open source! (No, that doesn’t make FOSS less secure but it certainly doesn’t make it more so either … it’s just a question of effort).
There are very good reasons to promote and prefer FOSS. For me personally the most important one is that software I rely on can’t really be abandoned. In the worst case I can take the source and fix/extend myself. If the project goes into a direction I don’t like I can fork if I care enough etc. Or as happened once or twice with my use of Qubes OS, if I something works differently then I expect and no one can tell me why I can look at the code and find out myself.
This was insightful, thanks.
What are your thoughts on the Intel ME? Do you think it’s largely overblown hysteria - since anyone could “disassemble and analyze it” or “create a simulated execution environment to observe the code”? (The idea being, if there was anything malicious in there, someone could find it anyway, so why would Intel put it in there?)
I really hope so because it’s really tempting to get one’s hands on some faster CPUs.
For a few years I’ve thought of any computer without Intel ME disabled/neutralized to be compromised, even if it runs Qubes OS, because the Intel ME could be spying on everything anyway. Hence my question.
We agree, then.
That’s like saying, “It’s not off-topic, because it’s what I want to talk about.” Sure, I guess, but you’re the one who replied to me to begin with.
We’re just talking about different things.
The Wikipedia definition I quoted doesn’t say anything about a 100% purity requirement.
(Btw, it’s not that Wikipedia has any special authority or is a “good source” or anything like that. It’s simply a reflection of the edits of a large number of internet users over time, which can be a handy way to get a sense of how certain terms are commonly used and understood.)
It’s not just a definition. It’s a seal of approval. Even the FSF itself regards it as such. I think you already know that, and acting as though you don’t seems somewhat disingenuous.
We’ve never claimed that Qubes is ideologically pure by the FSF’s lights, so there is nothing new to “accept.”
The problem is not solved, because the problem is ideologues trying to come in here and tell us that we can’t call Qubes “free software” in a non-technical intro blurb even if we also go out of our way to painstakingly clarify to their satisfaction the precise ways in which it is and isn’t free in a footnote or extended FAQ entry, because the latter “aren’t visible enough.”
I have no problem with saying that.
Quote verbatim the allegedly dishonest thing I wrote and explain exactly how it’s dishonest. I’m waiting.
In the meantime:
You didn’t say “proprietary software”; you said “proprietary devices”:
Because the founders and developers of Qubes have made enormous sacrifices to make Qubes as free as possible without giving up security. ITL has donated countless funds to keep it afloat for over a decade. The developers, with their skills and experience, could have been making many multiples of their salaries by working on proprietary software. They’ve made immense personal financial sacrifices to give the world a secure open-source operating system that regular people can use without paying a dime. Telling them that they’re not allowed to call their creation “free” because it contains, by practical necessity, a few proprietary blobs (through no fault of theirs) denigrates their efforts and sacrifices. If everything short of perfection is all lumped into the same pile, then they might as well give up and go work for Google, Apple, or Microsoft, where their skills will be duly rewarded at market rates.
The reality is that, right now, a 100% free OS can’t be reasonably secure. Qubes is as close as we can get for now. It’s not the Qubes devs’ fault that security currently requires a certain number of proprietary blobs. They didn’t create that situation or ask for it. They don’t have the power to change it. They’re just trying to navigate around it as best they can while still maximizing freedom to the extent feasible. If Qubes isn’t free enough, then what are people who care about both security and freedom supposed to even use? The devs have worked tirelessly for the cause of secure free software, yet ideological purists are telling them, “Nope. Not 100%, so not good enough. Sorry.” Why should the rest of the world even care what they think, then?
The documentation is a volunteer community effort. We rely on the whole community to contribute, fix errors, and make improvements, and it’s all transparent and open-source. It looks like that line was added by @michael in 2015:
While I’m not well-versed in the specifics of the situation with the FSF and Debian, I’m confident that Michael did not intend to mislead you or anyone else. He was simply doing his best to help improve the FAQ with what he believed to be helpful information. If there is a factual error here, it was certainly not intentional. Our goal has always been for everything on the website to be factually accurate, and we’ve always welcomed good corrections.
