Johnny A. Solbu wrote: > On Thursday 19 July 2012 15:08, Christiaan Welvaart wrote: >> Why are you talking about *drivers* when the remark you quote is about >> *firmware* ? Some open source drivers don't work (well) without them >> loading non-free firmware into the device.
There are two overlapping issues here. If you do not trust the competence of the closed source coders then closed source firmware plus closed source driver is worse than just closed source firmware. More code, so more chance of hitting a bug. If you do not trust the integrity of the closed source coders then you are completely screwed if you use either. Legend has it that during the lead up to the first Gulf war the Iraqi military was compromised when the US managed to get a "special" printer plugged into the Iraqi network. > Because it is the same issiue. I treat firmwares the same as I treat any > other software. if a device can't work without installing a package > contaning non-free firmware, I'm not using it. Stop right there. That is the issue that I am interested in. I am using an old ATI video card. There is no closed source driver. There *is* a firmware update. If I do NOT load the updated firmware how does it work? Am I not running any firmware at all? Or am I just running an older buggier and equally untrustworthy version of the same code that was burned into the ROM at the factory? When I boot my computer the motherboard BIOS hands control over to the video card's BIOS. (Or is that all of the expansion slots in turn?) It runs uninspected code from ATI before it even looks at my hard disks. Is that any less bad than running uninspected current code from ATI? There is a small chance that the firmware update is specifically targeted at cracking my computer, but I doubt it. There is also a small chance that the only fix in the update is to make the spybot work, but I doubt it. If you handle state secrets you might want to consider using a pencil and paper. > In order to use it I might > need to install a non-free software package (rpm, deb, tarball). How is > that any different than a driver? Both have to be installed by the user. > (yes, yes, the default might be to have them preinstalled in some distros, > that is not the issiue.) > -- blind Pete Sig goes here...
