Hacker News new | ask | show | jobs
by arp242 1108 days ago
As I understand it "firmware" is essentially just the same as an EEPROM, except that using volatile memory is cheaper and easier to upgrade. No one seems to have great issues with EEPROMs (FSF doesn't anyway), but uploading that same code to the device when it starts is a huge problem? I never understood this, and especially given the huge practical trade-offs the entire thing seems fighting windmills.

The Linux-libre people even removed the warning that the CPU is vulnerable to spectre/meltdown if you don't update the microcode. But ... your CPU already comes with that microcode out of the factory, just a different version of it. How is running an older known to be buggy microcode better?
1 comments
jasomill 1108 days ago
Debian distributes firmware stored in volatile RAM because it is either required to use the hardware, or, as is the case for CPU microcode updates, highly recommended for most users.

As far as I know, Debian does not distribute proprietary EEPROM firmware updates at all, as these are generally not required to use the hardware (and, depending on the device and update in question, may or may not be recommended for most users).

In other words, the difference is practical, not ideological.

link
pabs3 1107 days ago
Debian distributes fwupd, which accesses the Linux Vendor Firmware Service, which distributes updates for proprietary firmware stored on devices:

https://fwupd.org/ https://wiki.debian.org/Firmware/Updates

link
arp242 1108 days ago
Organisations like the FSF recommend that you don't use devices that require "non-free firmware" at all. They don't recommend anything like this for devices with "non-free EEPROMs at all". Stallman himself has stated he has no problem with such devices (I can't find a direct quote on this right now, but I'm 100% sure I've seen Stallman write or say this at time point).

My point was that the entire position just doesn't make any sense: either you reject all non-free software no matter how it's loaded (which means there are very few computers you can actually use), or you just use your hardware with "non-free firmware" that would be baked in anyway and stop worrying about the entire thing.

link