They say that GNU is spreading misinformation and “stop getting info from charlatans”?
deleted by creator
I’m afraid to ask this because I’m not a dev, but I have a fair amount of linux experience. Why is it that the ability to install Google Play Services on GrapheneOS makes it not FOSS/open source, while the ability to install Google Chrome (or any proprietary software, I guess) on Linux doesn’t make is non-FOSS/open source?
I’m not articulating that question very well, and I’m assuming I’m missing some key component, but they seem comparable to me, as a regular user. Is it something like the level of access that GPServices has to the kernel?
Thank you for asking a question that you were afraid to.
You could just have easily moved on, but instead you give others the opportunity to share their knowledge and subsequently you give other people opportunities to learn.
Maybe one day we can have an internet not so full of snarky replies, and instead one where everyone is given opportunities to learn, and ask, without fear of being belittled.
In order to give those with knowledge the opportunities to share, we need to ask questions that are indicative of our current understanding (or lack thereof).
It may sound silly, but asking questions really is a vulnerable act. Genuine questions are often met with unjustified and unhelpful hostility on the internet.
tl;dr: Thanks for asking! Now I’m wondering the same thing.
edit: a word
On Linux most distros do not actually ship chrome but chromium which is the open source version of chrome.
It also comes down to how different groups define FOSS. GNU considers even helper programs (like a package manager or firmware installer) to be “bad” for the user because they “encourage” its use so they dont want them included in GNU approved distros like trisqul or guix . this leads to those “freedom respecting” distros not having things like basic WiFi drivers or support for any 3rd party drivers.
To a less extreme degree but similar is a distro like debian, where there is a “non_free” repository available but users can choose not to enable it.
And so GNU sees having the playstore as a bad thing because its gateway to installing other non free software. Its also safe to assume most gnu evangelists probably don’t care much for chromium either.
I don’t have a precise answer as I’m not from that team, but as a developer I think I have a decent idea as to why, and it’s mostly political.
First, I don’t think it’s necessarily the ability to install Play Services that makes them think it’s not FOSS, but that they distribute non-free firmware blobs which are necessary to make practically any modern phone function properly, that’s just the unfortunate reality because “we live in a society” that enables it. By that logic, I think they believe the vast majority of running Linux kernels on the planet are not FOSS. GNU would rather have things that are not practical and don’t exist today… their stance is not currently realistic in our capitalist society IMO. They hope for things to change, but hope doesn’t make change.
I also think some people look down on the Play Services thing merely because they went out of their way to explicitly support it in the OS, and basically nothing else. They disagree ideologically with F-Droid and they don’t offer any other app stores by default to my knowledge.
it’s mostly political
Oh I gotcha. Interesting. I don’t follow FSF or GNU or anything, do you know if they tend to be antagonistic toward nonfree devs who still try to be as free as possible? Honestly, I read the Stallman quote about FreeBSD in this thread, and a statement from GNU that acknowledges the impracticality of their philosophy, and I kinda agree with their ethical takes. Except, I also think people should be able to install nonfree software, because otherwise you have a pretty bad dilemma with the word “free.”
Ultimately, if they are actively antagonistic toward those who don’t share that philosophy, I think that’s not great. Sure, free software according to the GNU project may be the only ethical one, but we live in a culture that promotes the exact opposite idea, so why would I be surprised and upset when an otherwise ethically acting person doesn’t conform to my own ethical framework, and they go on and create nofree software. I’m still going to get a beer with that person because at the end of the day we probably have common values and how else am I going to sell them the idea free software
Both GNU and GrapheneOS have staunch requirements and will accept no compromises.
This is a situation where their requirements don’t align, so they’ll never reach an agreement.
GrapheneOS, for example, is also strictly against making the Fairphone line of phones a little more secure because it doesn’t meet all of their security requirements
In this case GNU won’t certify GrapheneOS as fully open because it includes binaries that aren’t open
The FSF is more along your line of improving the situation where they can
Unfortunately, the FSF isn’t against firmware blobs, only against those updatable by a user.
From their Respects Your Freedom requirements page.
However, there is one exception for secondary embedded processors. The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product. This can include, for instance, microcode inside a processor, firmware built into an I/O device, or the gate pattern of an FPGA. The software in such secondary processors does not count as product software.
This means that proprietary firmware flashed at the factory and impossible to replace gets a pass, while hardware with firmware updates through blobs is rejected. Important security fixes (CPU microcode) or stability improvements will be missing if you can’t update the firmware.
And thats why they advocate open hardware
Sure and that’s the ideal, but as it currently stands the FSF would rank hardware like this:
- Fully open source
- Proprietary flashed in factory and impossible to replace
- Proprietary and can be updated/replaced
This makes no sense for security, stability or ideological reasons.
Way to distract from otherwise good argument about firmware. Really dumb take. In case you think I’m being flippant, let me present an alternative blob:
GNU are striving for the ideal goal of fully open source hardware and software. Their statement correctly highlights the compromises of the reality of using proprietary hardware which requires proprietary firmware; compounded by the reality of oligopolies maintaining their market positions via proprietary software. Our take is that providing an otherwise open source OS within this reality is significantly better for people than letting full corporate control reign until open mobile hardware becomes practical and common, if it ever does.
I’m not a fan of GrapheneOS, but the point they bring up here is valid. There is already proprietary firmware on your computer. There’s no reason why you shouldn’t be updating it to protect yourself from serious exploits. The FSF takes an ideological stance rather than a practical one, unfortunately.
I agree with you: the FSF can seem unwavering in their stance, even in the face of practicality. I’m really sorry for this incredibly nit-picky detail, but I think practicality is ideological too. For better or for worse, we can’t escape ideas or be free from them, so we have to choose which we value. For example, while I tend to choose software freedom over practicality, I also have, at times, chosen practicality over freedom.
That’s true. I didn’t think about that. Thank you. :)
Except they also advocate using compute devices that only use blobless firmware
Yeah, the FSF stance on firmware is really weird.
Basically, if the firmware is not intended to be updated it’s fine. But distributing updates, like security fixes, for firmware as blobs is somehow bad.
However, there is one exception for secondary embedded processors. The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product. This can include, for instance, microcode inside a processor, firmware built into an I/O device, or the gate pattern of an FPGA. The software in such secondary processors does not count as product software.
https://ryf.fsf.org/about/criteria
Here’s an article from the previous time (?) this topic came up.
Not really weired. For example, a keyboard has a firmware. 99% of keyboards have no way of it being updated or changed. It is part of its electronics. So not a big deal. But, if a keyboard has a way to update the firmware or install another one, then it should be FOSS.
I know. And that’s reasonable of course. I’m sure most of us would agree that proprietary blobs are bad. I’m optimistic that firmware will become more open in the future though.
I think we need uncompromising people in this world. Doesn’t mean we have to listen or follow everything they say though. Those are my thoughts on GNU.
I think your question is answered by the thread you linked. Is there something in particular you don’t understand?
GNU/the FSF says that GrapheneOS does not qualify as free software (which is true, it’s not completely FLOSS as per the FSF’s definition—the linked GNU article classifies plenty of popular Linux distros we consider to be FOSS as non-free, btw, they’re not singling out Graphene), and GrapheneOS is saying they don’t want to fit the FSF’s definition of free software because it would mean a lack of security (which is also true; they need proprietary firmware updates from Google). The FSF has a strict definition of free software which a lot of software does not meet, and usually an entire operating system would only meet the FSF’s definition out of a deliberate, conscious, ideological decision to exclude all non-free software. In their article they even list Debian as a distro which no longer meets their standards, despite Debian being known for their strict policy around only including FOSS in their repos.
This is an instance of two different entities (GNU and GrapheneOS) having fundamentally different goals (one values a strict definition of free software at all costs, one values security at all costs). You are more than welcome to do things GNU’s way if you don’t like GrapheneOS’s way, or vice versa.
Best description.
This is begging the question, there’s nothing confusing or incorrect about what GrapheneOS posted. GNU/FSF is a cult that has always been making their own arbitrary rules for what qualifies and what does not qualify as free software (I am not saying the OSI is any better in that regard, Raymond is a clown).
I highly suggest reading this mailing list thread where RMS fails to understand copyright law and thinks you can relicense permissive code to GPL, and refuses to call OpenBSD free because the ports system can be used to build a few pieces of non-free software, even though no parts of the ports tree itself are non-free (wait until he hears you can download Windows ISOs off of a web browser).
Since I consider non-free software to be unethical and antisocial, I think it would be wrong for me to recommend it to others.
OpenBSD does not contain non-free software (though I am not sure whether it contains any non-free firmware blobs). However, its ports system does suggest non-free programs, or at least so I was told when I looked for some BSD variant that I could recommend. I therefore exercise my freedom of speech by not including OpenBSD in the list of systems that I recommend to the public.
my god. Yeah, he’s technically correct, but he’s so self righteous about it. I think of PopOS, probably the best OS I’ve ever used. However when you open the shop, he would just pass out because they shock recommend discord and others.
But that’s what people want. If you open the shop and don’t see the discord app, people would be frustrated. It’s there because people use it. Hell I use it. But according to him even the act of just suggesting something closed source, even if people want it, is … “unethical”?
Like dude, I love OSS a lot, more than the average, but just suggesting a download, (probably because it’s by the most popular), I think is a far cry from “unethical”.
deleted by creator
I’m not sure exactly. But I personally don’t like GNU because I think they have been embedded in a form of wishful thinking for far too long. Expecting that developers and manufacturers willingly relinquish their rights to their copyright for the benefit of others, regardless if they want to or not. And expecting that end users only seek out those kinds of systems as well. In total, providing everyone with free reign with minimal regard to consequences. And pushing away those that simply want to try and make the things only a little better.
For an organization primarily devoted to ensuring that software remains open, accessible, and modifiable, they sure do seem to like to bend over backwards. Looking directly at GrapheneOS, my personal thought would be the fact the goals of GNU tend to conflict with the goals of security (the FSF has actively spoken against the concept of Tivoization, or systems that use free software but are locked down by hardware restrictions)
They’re also horribly out of touch with the general public. And in some cases, simply too radical to be taken seriously. To name a few examples:
-
They have very little understanding of the actual public or anyone else outside of the tech field. Their Gift Guide is an absolute joke, suggesting adapters and old ThinkPads as gifts. With their most appetizing gift (a Vikings D8 Desktop computer) is literally mentioned as being out of stock. Suggesting you instead give, once again, a ThinkPad with Free software. Their only reasons for not using an actively manufactured and relatively modern (as in 3 generations ago) computer that are because of “restrictions to users freedoms” and “spyware” without very much definition aside from a few links (they’ve got much more to say about the computer than they what they believe in).
-
Their “preferred terminology”, lists a bunch of jargon they don’t like and their alternatives, making a lot of automatic presumptions of guilt. My personal favorite is “Internet of Stings”. As if projects like Home Assistant aren’t trying to improve the scene (though they’re presumably ignored because they’re also willing to connect with proprietary services)
TL;DR the GNU foundation is made up of a bunch of nerds who care more about messing with their computers than actually trying to do important things with them.
Messing with the computer is pretty important though
-
Graphene is against GNU ideals getting in the way of security, because as it turns out, they do. FSF’s definition of “ok” and “not ok” firmware blobs is bogus anyway.
Edit: for all the people who don’t get this: THE FSF IS FUCKING OKAY WITH PROPRIETARY FIRMWARE BLOBS, but only if they are in a separate (usually user-inaccessible) storage chip and if you don’t update it; they only deem that morally ok, yet it’d be the same as loading the blobs from the disk (which makes devices MUCH SAFER to update, you don’t risk a brick). They get in the way of security by abusing the trust y’all give them, cuz thank god nobody who does embedded dev takes their opinions seriously anyway. Also, you’re not giving up “A bit of security”, you’re giving up fucking microcode updates, the ones that patch well-known vulnerabilities that allow webpages to gain root access. FFS.
Graphene is against GNU ideals getting in the way of security,
Funny, Graphene’s obsession with security is getting in the way of my ideals.
Fuck Google and their proprietary security updates. I want no Google in my life and if that means a bit less security, I’m okay with that. In fact, I’d argue that running Google code that does who-knows-what for your security is itself not a very safe thing to do.
First, as nobody forces you to use graphene, they’re not getting in the way of your ideals, I’m saying some of the FSF’s ideals may compromise the security of their followers. When it comes to Google’s blobs, It’s not like they can release the source even if they wanted to, samsung wouldn’t even let them cuz google leases their IP and trade secrets for the tensor chips. I don’t like IP either, but I keep my feet on the ground, the blobs aren’t there for firmware-level who-knows-what, due to the hardware and software model themselves, most of what they’d do would be super detectable. Go read the edit of my prior comment, educate yourself on embedded devices, the pixel hardware model and graphene’s security model, then we might have a productive conversation and not uneducated conspiracy speculation.
So you really trust Google to release code that doesn’t do something it shouldn’t behind your back do you? How cute…
I am an embedded developer so please don’t patronize me. And I know enough about security to know that Google’s security model on the Pixel phones is the best yet. That’s not the issue. The issues are:
-
Google’s code is untrustworthy unless reviewed, and proprietary binary blobs can’t be reviewed. If Google codes anything, they have an ulterior motive and it’s rarely in your best interest. If that’s not a security shortcoming, I don’t know what is. Or said another way, there’s something deeply ironic in claiming to have the most secured deGoogled OS and the lynchpin of that security is Google itself.
-
Yes, using a phone other than a Pixel phone with a deGoogled OS other than GrapheneOS as I do (I use a FP4 with CalyxOS) is less secure than GrapheneOS on a Pixel phone - assuming you trust Google’s drivers aren’t doing other things unrelated to their driver function.
But as I said, my most important goal in anything technical I use is to not use Google. That’s my ideal. Some people have ideals and aren’t willing to compromise.
With that in mind, and considering that I’m a low-value target, I deem the security provided by CalyxOS on my FP4 more than adequate for my use case. Or said another way, GrapheneOS’ - short-sighted, in my opinion - obsession with security gets in the way of my main goal, which is to avoid Google.
You already bought the phone with Google code in it, that ship has sailed when you purchased the device
-
FSF does not get in the way of security. FSF believes source code should be publicly available in order to even assume the software is secure or private. In a perfect world that would be nice. But in the real world, proprietary blobs are required to make the hardware functional. As long as OEMs are removed about open sourcing the firmwares, both GrapheneOS and GNU are right in their own way.
Oh, the FSF doesn’t get in the way directly (they have neither the funding nor the personnel), they just misinform you to do so, so they’re guilty in my book. Go read the edit in my prior comment.
Because strcat is fucking nuts
However I’m still using GOS as theres no other better options