McIntyre: Firmware - what are we going to do about it?

https://news.ycombinator.com/item?id=31079253

I have seen laptops without Ethernet (Apple hardware), but is it the majority? I don't remember seeing laptops that wouldn't get graphics or audio output without non-free firmware; I don't doubt that exists, but again, is it the case of all "modern laptops" as McIntyre implies?

For those who think firmware should be free, the question is that of finding the most efficient strategy towards that goal. To what extent does shipping non-free firmware help, compared to other strategies such as publishing lists of "known-good" laptops?

I think support for hardware on Linux has come a LONG way in the past two decades. It would be nice to see manufacturers release a .deb in addition to whatever drivers are needed (and come with) the default windows installations. I say .deb because Ubuntu and Debian are HUGE in the Linux space.

Oxide talked about it a while back, in reference to hard drive firmware: https://www.youtube.com/watch?v=qisoAIx8EE8

Most hard drives these days have firmware that isn't developed using version control, and continuous integration (even with software-hardware co-simulation being a thing for over 30 years now) isn't even something most companies are aware of.

And this is typical of virtually all firmware development. It's software that's written by hardware engineers with no real background or experience in programming or software development, and is a huge burden to maintain. They've gotten away with it for a long time now, but that's because the firmware has typically been relatively small and simple. Essentially on the scale of a CS course programming project. It's rapidly growing however, with more and more functionality offloaded to it, and bugs and security issues abound.

Even if we can't push for companies to release their code (or better yet, documentation) and let us do it, we should at least try to enlighten them as to how modern software is written. Version control, git, CI, and so on. Then at the very least the firmware we're forced to run might be a little less crap, and maybe down the road they might come around to community involvement for offloading/sharing some of the work too.

https://wiki.debian.org/Firmware/Open

Are there any other libre firmware projects?

The fact is that computers have to be available on a practical basis, on hardware that people are able to obtain, in order to be what they should be: useful tools.

It's like complaining that a hammer isn't made from 100% pure low-background-radiation steel. For 99.9999% of people, that really isn't going to make any difference and just makes it almost impossible to obtain such a tool or use it practically. I'm sure, for certain people, tasks, etc. that you need that perfect tool to be as sterile as possible and will absorb the expense and hassle of doing so.

But I can't imagine that the target audience of any Debian distro is that kind of person, as it would be incredibly niche. The target audience is just someone that has a machine and just wants to use it.

I understand the creep that occurs in allowing certain things, and moving away from the ideals, but the fact is that just about anyone using any Debian-based tool needs just such non-free software in order to make it work in any practical or reasonable manner. Even as someone who for years used to compile their own kernels, dedicating hours of computer time to apply tiny personal patches, it was inevitable that I had to "load blobs" for wireless, networking, even sound cards (sound fonts, etc.) to make things work, even 15, 20 years ago.

Debian's idealism means that there are a number of distros that are basically nothing more than Debian + nonfree, just to make it usable.

And, yes, in an ideal world, I'd love all that firmware to be open-sourced, but it's never going to happen (e.g. radio regulatory blobs for wireless cards which cannot legally be tampered with).

I believe this solution does not require a vote, as it balances the needs of different segments of the Debian community and Debian's principles.

Keep providing images without proprietary firmware, disable the automatic download on the website download page, create a new download page containing separate side-by-side panels catering to different segments of the audience for installing Debian, ordered by the sophistication of the audience and the amount of people in the audience. Each of the panels should contain appropriate iconography and minimal text to avoid overwhelming people; longer explanations could be hidden behind links/dropdowns. Where the images containing proprietary firmware images are mentioned, include an item pointing out the non-free firmware and the limitations of Debian support for that firmware. Some examples of the panels that could be included:

* VMs; linking to the free images
* relatively libre hardware like RaptorCS's POWER9 computers; linking to the free images and explaining that we need help packaging the free firmware for those devices, since most of it isn't in Debian yet
* desktops/laptops; linking to the non-free images
* smartphones/tablets; linking to Mobian images
* clouds; linking to the cloud images
* servers; linking to the non-free images
* Windows; linking to the Debian WSL app and win32-loader
* SBCs; linking to some relevant info on the wiki
* Raspberry Pi; linking to the RPi non-free images

If the Debian CD/live teams don't want to test the free images, then those teams should feel free to stop testing them, and call for other people to do that work.

If the Debian CD/live teams don't want to build the free images, then that would pose a problem for people who don't want to download or redistribute non-free firmware. I think there are enough of these people that the opportunity to hand over building the free images to a separate team would be needed.

I feel that the above is a good balance of preventing the problems pointed out in the proposal mail (along with some other ones), while not completely fixing all of them due to the conflict with the needs of the segment of Debian users who want to not have non-free firmware and then mitigating that through the creation of a separate team for that.

We need to solve the issues around non-redistributable firmware too:

Some firmware is only available in the operating system preinstalled on the device and needs to be manually extracted before d-i is run, potentially even only from processes running on the preinstalled operating system in cases where the storage must be wiped (such as Android devices) before an alternative OS like Debian can be installed. IIRC there is some laptop WiFi firmware that is like this.

Some firmware is not redistributable and is only available in proprietary drivers on websites and is hard to extract from those drivers. IIRC some of the proprietary nvidia firmware for use by the libre nouveau GPU driver is like this, both signed firmware for very
new nvidia hardware and unsigned firmware for very old nvidia hardware, although the firmware for the old nvidia hardware has libre firmware in nouveau, but the libre firmware is/was buggier than the proprietary firmware. The tools for extracting the old firmware aren't in Debian.

We also need to do something to improve open/libre firmware:

We could package the libre/open firmware projects that are missing.

We could lobby hardware vendors to release their existing proprietary firmware and hardware management software under libre licenses.

We could lobby hardware vendors to stop requiring signatures for the existing libre/open firmware projects.

We could lobby hardware vendors to allow users to enrol their own keys for verifying firmware.

We could use some of our money to fund new work on the existing libre/open firmware projects.

We could initiate the creation of a new non-profit dedicated to the reverse engineering and reimplementation of proprietary firmware.

https://meetings-archive.debian.net/pub/debian-meetings/2022/DebConf22/debconf22-199-fixing-the-firmware-mess.webm