They say that GNU is spreading misinformation and “stop getting info from charlatans”?

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    123
    arrow-down
    1
    ·
    4 months ago

    You deleted your last post on a similar topic, which had some excellent discussion and comments, and now all of that good content for lemmy is gone.

    Deleting posts is not great for the community.

  • Joenocide Biden@lemmy.ml
    link
    fedilink
    arrow-up
    52
    arrow-down
    7
    ·
    4 months ago

    Pointless over-reaction from GrapheneOS. GNU is harshly honest about the open-source stuff - blobs are obviously, proprietary, and so are Google-based softwares and services.

    • jwiggler@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      1
      ·
      4 months ago

      I’m afraid to ask this because I’m not a dev, but I have a fair amount of linux experience. Why is it that the ability to install Google Play Services on GrapheneOS makes it not FOSS/open source, while the ability to install Google Chrome (or any proprietary software, I guess) on Linux doesn’t make is non-FOSS/open source?

      I’m not articulating that question very well, and I’m assuming I’m missing some key component, but they seem comparable to me, as a regular user. Is it something like the level of access that GPServices has to the kernel?

      • mearce@programming.dev
        link
        fedilink
        arrow-up
        16
        arrow-down
        1
        ·
        edit-2
        4 months ago

        Thank you for asking a question that you were afraid to.

        You could just have easily moved on, but instead you give others the opportunity to share their knowledge and subsequently you give other people opportunities to learn.

        Maybe one day we can have an internet not so full of snarky replies, and instead one where everyone is given opportunities to learn, and ask, without fear of being belittled.

        In order to give those with knowledge the opportunities to share, we need to ask questions that are indicative of our current understanding (or lack thereof).

        It may sound silly, but asking questions really is a vulnerable act. Genuine questions are often met with unjustified and unhelpful hostility on the internet.

        tl;dr: Thanks for asking! Now I’m wondering the same thing.

        edit: a word

      • HappyTimeHarry@lemm.ee
        link
        fedilink
        English
        arrow-up
        15
        ·
        4 months ago

        On Linux most distros do not actually ship chrome but chromium which is the open source version of chrome.

        It also comes down to how different groups define FOSS. GNU considers even helper programs (like a package manager or firmware installer) to be “bad” for the user because they “encourage” its use so they dont want them included in GNU approved distros like trisqul or guix . this leads to those “freedom respecting” distros not having things like basic WiFi drivers or support for any 3rd party drivers.

        To a less extreme degree but similar is a distro like debian, where there is a “non_free” repository available but users can choose not to enable it.

        And so GNU sees having the playstore as a bad thing because its gateway to installing other non free software. Its also safe to assume most gnu evangelists probably don’t care much for chromium either.

      • refalo@programming.dev
        link
        fedilink
        arrow-up
        6
        ·
        edit-2
        4 months ago

        I don’t have a precise answer as I’m not from that team, but as a developer I think I have a decent idea as to why, and it’s mostly political.

        First, I don’t think it’s necessarily the ability to install Play Services that makes them think it’s not FOSS, but that they distribute non-free firmware blobs which are necessary to make practically any modern phone function properly, that’s just the unfortunate reality because “we live in a society” that enables it. By that logic, I think they believe the vast majority of running Linux kernels on the planet are not FOSS. GNU would rather have things that are not practical and don’t exist today… their stance is not currently realistic in our capitalist society IMO. They hope for things to change, but hope doesn’t make change.

        I also think some people look down on the Play Services thing merely because they went out of their way to explicitly support it in the OS, and basically nothing else. They disagree ideologically with F-Droid and they don’t offer any other app stores by default to my knowledge.

        • jwiggler@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          4 months ago

          it’s mostly political

          Oh I gotcha. Interesting. I don’t follow FSF or GNU or anything, do you know if they tend to be antagonistic toward nonfree devs who still try to be as free as possible? Honestly, I read the Stallman quote about FreeBSD in this thread, and a statement from GNU that acknowledges the impracticality of their philosophy, and I kinda agree with their ethical takes. Except, I also think people should be able to install nonfree software, because otherwise you have a pretty bad dilemma with the word “free.”

          Ultimately, if they are actively antagonistic toward those who don’t share that philosophy, I think that’s not great. Sure, free software according to the GNU project may be the only ethical one, but we live in a culture that promotes the exact opposite idea, so why would I be surprised and upset when an otherwise ethically acting person doesn’t conform to my own ethical framework, and they go on and create nofree software. I’m still going to get a beer with that person because at the end of the day we probably have common values and how else am I going to sell them the idea free software

          • ozymandias117@lemmy.world
            link
            fedilink
            English
            arrow-up
            6
            ·
            edit-2
            4 months ago

            Both GNU and GrapheneOS have staunch requirements and will accept no compromises.

            This is a situation where their requirements don’t align, so they’ll never reach an agreement.

            GrapheneOS, for example, is also strictly against making the Fairphone line of phones a little more secure because it doesn’t meet all of their security requirements

            In this case GNU won’t certify GrapheneOS as fully open because it includes binaries that aren’t open

            The FSF is more along your line of improving the situation where they can

            • jet@hackertalks.com
              link
              fedilink
              English
              arrow-up
              2
              ·
              4 months ago

              Graphene is totally open source, nothing is stopping fairphone from maintaining a port for their phones

              GOS did reach out to them in the past, but they couldn’t reach a mutual understanding for support regarding hardware level patches for the fairphone 3 I believe. There’s a git issue about it

              I see no reason the fairphone 5 couldn’t have GOS support, sure it’s missing some of the security requirements, but fair phone could build the branch and make it public

    • exu@feditown.com
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      4 months ago

      Unfortunately, the FSF isn’t against firmware blobs, only against those updatable by a user.

      From their Respects Your Freedom requirements page.

      However, there is one exception for secondary embedded processors. The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product. This can include, for instance, microcode inside a processor, firmware built into an I/O device, or the gate pattern of an FPGA. The software in such secondary processors does not count as product software.

      This means that proprietary firmware flashed at the factory and impossible to replace gets a pass, while hardware with firmware updates through blobs is rejected. Important security fixes (CPU microcode) or stability improvements will be missing if you can’t update the firmware.

        • exu@feditown.com
          link
          fedilink
          English
          arrow-up
          6
          ·
          4 months ago

          Sure and that’s the ideal, but as it currently stands the FSF would rank hardware like this:

          1. Fully open source
          2. Proprietary flashed in factory and impossible to replace
          3. Proprietary and can be updated/replaced

          This makes no sense for security, stability or ideological reasons.

  • Avid Amoeba@lemmy.ca
    link
    fedilink
    arrow-up
    34
    arrow-down
    2
    ·
    edit-2
    4 months ago

    Way to distract from otherwise good argument about firmware. Really dumb take. In case you think I’m being flippant, let me present an alternative blob:

    GNU are striving for the ideal goal of fully open source hardware and software. Their statement correctly highlights the compromises of the reality of using proprietary hardware which requires proprietary firmware; compounded by the reality of oligopolies maintaining their market positions via proprietary software. Our take is that providing an otherwise open source OS within this reality is significantly better for people than letting full corporate control reign until open mobile hardware becomes practical and common, if it ever does.

  • ramenu@lemmy.ml
    link
    fedilink
    English
    arrow-up
    31
    arrow-down
    1
    ·
    4 months ago

    I’m not a fan of GrapheneOS, but the point they bring up here is valid. There is already proprietary firmware on your computer. There’s no reason why you shouldn’t be updating it to protect yourself from serious exploits. The FSF takes an ideological stance rather than a practical one, unfortunately.

    • snek_boi@lemmy.ml
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      1
      ·
      4 months ago

      I agree with you: the FSF can seem unwavering in their stance, even in the face of practicality. I’m really sorry for this incredibly nit-picky detail, but I think practicality is ideological too. For better or for worse, we can’t escape ideas or be free from them, so we have to choose which we value. For example, while I tend to choose software freedom over practicality, I also have, at times, chosen practicality over freedom.

    • krolden@lemmy.ml
      link
      fedilink
      arrow-up
      7
      ·
      4 months ago

      Except they also advocate using compute devices that only use blobless firmware

      • exu@feditown.com
        link
        fedilink
        English
        arrow-up
        8
        ·
        4 months ago

        Yeah, the FSF stance on firmware is really weird.

        Basically, if the firmware is not intended to be updated it’s fine. But distributing updates, like security fixes, for firmware as blobs is somehow bad.

        However, there is one exception for secondary embedded processors. The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product. This can include, for instance, microcode inside a processor, firmware built into an I/O device, or the gate pattern of an FPGA. The software in such secondary processors does not count as product software.

        https://ryf.fsf.org/about/criteria

        Here’s an article from the previous time (?) this topic came up.

        https://ariadne.space/2022/01/22/the-fsfs-relationship-with-firmware-is-harmful-to-free-software-users/

      • ramenu@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        4 months ago

        I know. And that’s reasonable of course. I’m sure most of us would agree that proprietary blobs are bad. I’m optimistic that firmware will become more open in the future though.

  • D_Air1@lemmy.ml
    link
    fedilink
    arrow-up
    28
    ·
    4 months ago

    I think we need uncompromising people in this world. Doesn’t mean we have to listen or follow everything they say though. Those are my thoughts on GNU.

  • communism@lemmy.ml
    link
    fedilink
    arrow-up
    22
    ·
    4 months ago

    I think your question is answered by the thread you linked. Is there something in particular you don’t understand?

    GNU/the FSF says that GrapheneOS does not qualify as free software (which is true, it’s not completely FLOSS as per the FSF’s definition—the linked GNU article classifies plenty of popular Linux distros we consider to be FOSS as non-free, btw, they’re not singling out Graphene), and GrapheneOS is saying they don’t want to fit the FSF’s definition of free software because it would mean a lack of security (which is also true; they need proprietary firmware updates from Google). The FSF has a strict definition of free software which a lot of software does not meet, and usually an entire operating system would only meet the FSF’s definition out of a deliberate, conscious, ideological decision to exclude all non-free software. In their article they even list Debian as a distro which no longer meets their standards, despite Debian being known for their strict policy around only including FOSS in their repos.

    This is an instance of two different entities (GNU and GrapheneOS) having fundamentally different goals (one values a strict definition of free software at all costs, one values security at all costs). You are more than welcome to do things GNU’s way if you don’t like GrapheneOS’s way, or vice versa.

  • alonely0@programming.dev
    link
    fedilink
    arrow-up
    10
    ·
    edit-2
    4 months ago

    Graphene is against GNU ideals getting in the way of security, because as it turns out, they do. FSF’s definition of “ok” and “not ok” firmware blobs is bogus anyway.

    Edit: for all the people who don’t get this: THE FSF IS FUCKING OKAY WITH PROPRIETARY FIRMWARE BLOBS, but only if they are in a separate (usually user-inaccessible) storage chip and if you don’t update it; they only deem that morally ok, yet it’d be the same as loading the blobs from the disk (which makes devices MUCH SAFER to update, you don’t risk a brick). They get in the way of security by abusing the trust y’all give them, cuz thank god nobody who does embedded dev takes their opinions seriously anyway. Also, you’re not giving up “A bit of security”, you’re giving up fucking microcode updates, the ones that patch well-known vulnerabilities that allow webpages to gain root access. FFS.

    • PullPantsUnsworn@lemmy.ml
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      4 months ago

      FSF does not get in the way of security. FSF believes source code should be publicly available in order to even assume the software is secure or private. In a perfect world that would be nice. But in the real world, proprietary blobs are required to make the hardware functional. As long as OEMs are removed about open sourcing the firmwares, both GrapheneOS and GNU are right in their own way.

      • alonely0@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        4 months ago

        Oh, the FSF doesn’t get in the way directly (they have neither the funding nor the personnel), they just misinform you to do so, so they’re guilty in my book. Go read the edit in my prior comment.

    • ExtremeDullard@lemmy.sdf.org
      link
      fedilink
      arrow-up
      4
      arrow-down
      4
      ·
      4 months ago

      Graphene is against GNU ideals getting in the way of security,

      Funny, Graphene’s obsession with security is getting in the way of my ideals.

      Fuck Google and their proprietary security updates. I want no Google in my life and if that means a bit less security, I’m okay with that. In fact, I’d argue that running Google code that does who-knows-what for your security is itself not a very safe thing to do.

      • alonely0@programming.dev
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        4 months ago

        First, as nobody forces you to use graphene, they’re not getting in the way of your ideals, I’m saying some of the FSF’s ideals may compromise the security of their followers. When it comes to Google’s blobs, It’s not like they can release the source even if they wanted to, samsung wouldn’t even let them cuz google leases their IP and trade secrets for the tensor chips. I don’t like IP either, but I keep my feet on the ground, the blobs aren’t there for firmware-level who-knows-what, due to the hardware and software model themselves, most of what they’d do would be super detectable. Go read the edit of my prior comment, educate yourself on embedded devices, the pixel hardware model and graphene’s security model, then we might have a productive conversation and not uneducated conspiracy speculation.

        • ExtremeDullard@lemmy.sdf.org
          link
          fedilink
          arrow-up
          3
          arrow-down
          2
          ·
          edit-2
          4 months ago

          So you really trust Google to release code that doesn’t do something it shouldn’t behind your back do you? How cute…

          I am an embedded developer so please don’t patronize me. And I know enough about security to know that Google’s security model on the Pixel phones is the best yet. That’s not the issue. The issues are:

          • Google’s code is untrustworthy unless reviewed, and proprietary binary blobs can’t be reviewed. If Google codes anything, they have an ulterior motive and it’s rarely in your best interest. If that’s not a security shortcoming, I don’t know what is. Or said another way, there’s something deeply ironic in claiming to have the most secured deGoogled OS and the lynchpin of that security is Google itself.

          • Yes, using a phone other than a Pixel phone with a deGoogled OS other than GrapheneOS as I do (I use a FP4 with CalyxOS) is less secure than GrapheneOS on a Pixel phone - assuming you trust Google’s drivers aren’t doing other things unrelated to their driver function.

            But as I said, my most important goal in anything technical I use is to not use Google. That’s my ideal. Some people have ideals and aren’t willing to compromise.

            With that in mind, and considering that I’m a low-value target, I deem the security provided by CalyxOS on my FP4 more than adequate for my use case. Or said another way, GrapheneOS’ - short-sighted, in my opinion - obsession with security gets in the way of my main goal, which is to avoid Google.

          • iopq@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            4 months ago

            You already bought the phone with Google code in it, that ship has sailed when you purchased the device

  • ssm@lemmy.sdf.org
    link
    fedilink
    arrow-up
    16
    arrow-down
    7
    ·
    edit-2
    4 months ago

    This is begging the question, there’s nothing confusing or incorrect about what GrapheneOS posted. GNU/FSF is a cult that has always been making their own arbitrary rules for what qualifies and what does not qualify as free software (I am not saying the OSI is any better in that regard, Raymond is a clown).

    I highly suggest reading this mailing list thread where RMS fails to understand copyright law and thinks you can relicense permissive code to GPL, and refuses to call OpenBSD free because the ports system can be used to build a few pieces of non-free software, even though no parts of the ports tree itself are non-free (wait until he hears you can download Windows ISOs off of a web browser).

    • Scrubbles@poptalk.scrubbles.tech
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      2
      ·
      edit-2
      4 months ago

      Since I consider non-free software to be unethical and antisocial, I think it would be wrong for me to recommend it to others.

      OpenBSD does not contain non-free software (though I am not sure whether it contains any non-free firmware blobs). However, its ports system does suggest non-free programs, or at least so I was told when I looked for some BSD variant that I could recommend. I therefore exercise my freedom of speech by not including OpenBSD in the list of systems that I recommend to the public.

      my god. Yeah, he’s technically correct, but he’s so self righteous about it. I think of PopOS, probably the best OS I’ve ever used. However when you open the shop, he would just pass out because they shock recommend discord and others.

      But that’s what people want. If you open the shop and don’t see the discord app, people would be frustrated. It’s there because people use it. Hell I use it. But according to him even the act of just suggesting something closed source, even if people want it, is … “unethical”?

      Like dude, I love OSS a lot, more than the average, but just suggesting a download, (probably because it’s by the most popular), I think is a far cry from “unethical”.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      15
      ·
      edit-2
      4 months ago

      100% agreed with you.

      We do, however, need zealots in the ecosystem, they serve a purpose, we just can’t let perfect be the enemy of good when it comes to usability, security, and privacy.

      Seems the real issue is that GrapheneOS makes it possible to get google play installed via their sandboxing, that people take offence to calling it FOSS software…

      Sure, fair enough, makes sense, they just need to fork the project and maintain the fork and don’t include the sandboxing. It’s a open code base (because its FOSS, heh) they can do whatever they want to it.

      • Avid Amoeba@lemmy.ca
        link
        fedilink
        arrow-up
        7
        ·
        4 months ago

        We do, however, need zealots in the ecosystem

        This is a very important point. I left the rest of the sentence not because it’s not important but because most people understand that part.

    • vzq@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      Raymond is a fucking incel. His site is a collection of cringe and “yes, this entry here, officer”.

  • soulfirethewolf@lemdro.id
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    6
    ·
    4 months ago

    I’m not sure exactly. But I personally don’t like GNU because I think they have been embedded in a form of wishful thinking for far too long. Expecting that developers and manufacturers willingly relinquish their rights to their copyright for the benefit of others, regardless if they want to or not. And expecting that end users only seek out those kinds of systems as well. In total, providing everyone with free reign with minimal regard to consequences. And pushing away those that simply want to try and make the things only a little better.

    For an organization primarily devoted to ensuring that software remains open, accessible, and modifiable, they sure do seem to like to bend over backwards. Looking directly at GrapheneOS, my personal thought would be the fact the goals of GNU tend to conflict with the goals of security (the FSF has actively spoken against the concept of Tivoization, or systems that use free software but are locked down by hardware restrictions)

    They’re also horribly out of touch with the general public. And in some cases, simply too radical to be taken seriously. To name a few examples:

    • They have very little understanding of the actual public or anyone else outside of the tech field. Their Gift Guide is an absolute joke, suggesting adapters and old ThinkPads as gifts. With their most appetizing gift (a Vikings D8 Desktop computer) is literally mentioned as being out of stock. Suggesting you instead give, once again, a ThinkPad with Free software. Their only reasons for not using an actively manufactured and relatively modern (as in 3 generations ago) computer that are because of “restrictions to users freedoms” and “spyware” without very much definition aside from a few links (they’ve got much more to say about the computer than they what they believe in).

    • Their “preferred terminology”, lists a bunch of jargon they don’t like and their alternatives, making a lot of automatic presumptions of guilt. My personal favorite is “Internet of Stings”. As if projects like Home Assistant aren’t trying to improve the scene (though they’re presumably ignored because they’re also willing to connect with proprietary services)

    TL;DR the GNU foundation is made up of a bunch of nerds who care more about messing with their computers than actually trying to do important things with them.

  • krolden@lemmy.ml
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    4 months ago

    Because strcat is fucking nuts

    However I’m still using GOS as theres no other better options

  • kitnaht@lemmy.world
    link
    fedilink
    arrow-up
    15
    arrow-down
    13
    ·
    edit-2
    4 months ago

    Because there is nothing that exists today that is completely, from head-to-tail, open source. Being allowed and able to install closed source software does not make an open ecosystem suddenly closed.

    Plenty of Linux systems today rely on binary blobs to make hardware work. Plenty of software can run on an open source ecosystem while itself being closed source.

    Richard Stallman is a toe-booger eating weirdo looking for attention.

    • Scrubbles@poptalk.scrubbles.tech
      link
      fedilink
      English
      arrow-up
      16
      ·
      4 months ago

      What was it I saw recently… There was a FOSS podcast player that is completely open and available, but it was demonized because you could (optionally) add the apples/itunes feed. Like reading an RSS feed from apple made it not “FOSS”

      That’s where I eyeroll hard. Ffs, having the option to use something proprietary does not closed source make. It was one part of one area of the app, that was like, a dropdown selection.