Nobody is looking at Intel's microcode mask ROM. It's in ROM. You can't even look at it.
Microcode is a bad example because the updates are encrypted too, but for the vast majority of the blobs that the FSF hates so much, at least you can look at them and audit them with a disassembler. Meanwhile, the devices with giant firmware ROMs that they openly endorse are not auditable, as you can't see the blob. This policy is making it easier for manufacturers to ship backdoors that will never be detected.
so after so many posts this is the only one that expresses your point clearly. notice how it does not contain any FUD
to the said point, this is definitely a VALID security concern. FSF needs to make these concerns clear. you seem to be very invested in this matter. have you raised these concerns with them?
EDIT: having thought about it some more. doesnt isolating blobs to ROMs restrict the problems to ROMs? i mean non-RYF certified hardware already has this problem. the strategy might them be to focus efforts on opening up ROMs. note that this is simply a question. i am not an expert in this field but i am trying to form an informed opinion
People have raised these concerns. I have personally raised this concern directly to RMS at one of his conferences.
It gets ignored.
I believe it is for the same reason religions ignore issues.
The FSF totally acts as a religion. The church of his Gnusance St. Ignutiutus. And just like religions it pretends to hold an ethical position while making compromises for practical reasons.
Compare religions claiming:
- Killing is bad, unless it's about opponents in war.
- Slavery is bad, unless it's outsiders who are slaves.
- Blobs are bad, unless they are stored on chip flash.
The FSF gets criticized precisely for this hypocrisy. And just like religions ignore criticism about their inconsistencies so does the FSF.
>The FSF totally acts as a religion. The church of his Gnusance St. Ignutiutus. And just like religions it pretends to hold an ethical position while making compromises for practical reasons.
so is FSF dogmatic or is it practical? surely they cant be both
It's definitely both -- it's just that the dogma is broad, and they appear to very carefully and intelligently choose battles. The dogma is "long term software freedom." This includes occasionally accepting that there are battles not worth fighting (or better yet, fighting strategically.)
A really simple example is GPL violations. Pure dogma would require that they try to fight a whole lot of them, since they occur all the time and they're clearly in the legal right.
But they don't, and that's the MUCH SMARTER way to go.
Why this Guix thing strikes me as smart is that it's about "reinforcing modularity." They can't free up EVERYTHING, but they can make the software work different so that it's harder to pretend that everything is all the same.
To go big picture, I think all of this is rooted in the fact that "capitalism as practiced" has addled our brains into thinking that there can only be two kinds of organizations, companies that go for profit at all cost, and pure-of-heart non-profits that must be on some monk-like religious stuff.
What it can't conceive of is an organization with big picture goals that aren't "making a profit" that require strategy and even "real life experimentation." That's what's happening here; y'all are just confused because the FSF feels like "religion" because it's not going for profits, but somewhat acting like a for-profit, in that it's picking and choosing battles.
Microcode is a bad example because the updates are encrypted too, but for the vast majority of the blobs that the FSF hates so much, at least you can look at them and audit them with a disassembler. Meanwhile, the devices with giant firmware ROMs that they openly endorse are not auditable, as you can't see the blob. This policy is making it easier for manufacturers to ship backdoors that will never be detected.