It’s about everything. Computers, phones, the computer that makes your car work. Every bit of electronics that boots - that probably includes your smoke detector and oven
I can’t remember where I read this but I saw somewhere that open firmware is forbidden in things like cellular modems because it might be abused to disrupt communications. I think that’s bullshite, though.
Isn’t this actually more likely to happen if it’s closed-source, since the code isn’t visible to third-parties like security researchers? That’s why zero days are a thing.
Different countries regulate the radio spectrum differently, so transmitting on a certain frequency might be legal in country A but illegal in country B. They don’t bother making different radios for different countries, though; instead, they just build hardware capable of transmitting on all the frequencies and then restrict what it can do via the firmware. The argument goes, if they allow device owners to modify the firmware, then they might modify the radio to transmit illegally. Never mind that there are myriad other ways an attacker could do that, that are almost as cheap and easy…
In additional to the other comment, I think there’s also a traditional fear of corruption in open source. If the code is public then malicious parties are free to read and take advantage of holes in the security. Secondly it would be possible to contribute code with secret functionality that goes unnoticed. These are fairly easily debunked but seem to remain in people’s heads.
Ugh I hate these arguments about giving bad actors easier access. Bad actors are going to figure out flaws and security holes whether it’s open source or not. Security through obfuscation is a temporary measure and having more eyes on the source means more chances for good actors to find flaws and publicize them for fixes.
In theory, yes, you could make a mess, and any firmware is supposed to be certified to allow the device to be used.
In practice, this has been a convenient excuse to keep a whole chip with a separate OS in every smartphone, and it is very difficult to isolate from the rest of the system (see Graphene OS efforts).
I say all firmware should be opensource. Whether you’re allowed to change them or not is a separate question… for now.
If everything that might cause disruption was forbidden, we wouldn’t be allowed to do anything. Even normal user traffic in high enough quantities can cause services to go down. No malicious intent involved.
Easy, since it’s open source, anyone could, if they’re inclined, edit the code to do something just differently enough to cause a problem, or unlock features they’re not supposed to have access to, or spoof something that they shouldn’t be able to spoof.
This was a big argument against Windows getting a full Unix style socket in Windows 10, I believe. MS did it anyway and basically nothing changed. The blunt realty is that if an attacker is so inclined, they will find a way. Whether anyone wants them to or not. In the case of Unix style sockets, simply pushing the attack onto a Linux VM running on the windows system is usually enough, at most, moving the attack to a Linux or Unix system is also pretty easy but requires additional hardware (even a raspberry Pi) to complete.
As simply as I can, there’s enough software defined radios out there that you can hack to accurately spoof a genuine (closed source) device with enough effort, that this argument dies on the table to anyone with the technical knowledge to know what it actually means. It’s the same argument as outlawing guns. If you outlaw guns, only outlaws will have guns; which is also total horseshit in it’s own right, but makes a point. They’re making it hard for people (the non-malicious public) to get access to services in the way they want on the basis that it would “make it easier” for hackers to do the illegal. While it may be true that hackers will be able to do some things easier, by not requiring specialized hardware to do whatever malicious thing they want, they’re effectively punishing thousands or hundreds of thousands of people who are not malicious and want open source by prohibiting it, just to make the small number of hackers work harder to do things.
Fact is, if they allow it, they need to invest time and effort into implementing safeguards to ensure that any abuse is caught and stopped. They don’t want to put in that effort. The idiotic thing is that they need to put in those safeguards anyways because other tools exist that can still attack in the same manner. So they’ve saved themselves nothing in the prohibition, made the job of malicious hackers “harder”, and punished a large percentage of their client base for no good reason.
My laptop (well, ships in Q2, so I can’t do a damn thing yet anyway) doesn’t support libreboot (but I believe they’re working on it?) Framework. I was more focused on the upgradability/fixibility of the hardware, because I’m tired of the typical hardware and it’s anti-consumer features. Hopefully an option soon exists for the AMD 7 (or whatever the hell processor I chose for the 16.)
Flatpak packages still suck at integration without breaking something in the core app. They’re really great for bleeding edge and cross distro support tho.
Wayland still can’t do all the cool tricks X11 can, so it’s not like it’s really being forced upon anyone beyond X11 losing on potential major updates which is unlikely.
DEs are willing to switch to Wayland given that it is either equal or superior to X11 which is still not the case for several scenarios and applications.
Exactly my POV. Do all the things X11 can, and I have no problem switching whatsoever.
Why did no one had any issues switching from PulseAudio to PipeWire? Because it was simply better. It could do everything PulseAudio could, plus a lot more. It was backwards compatible (with plugins of course) and there were practically very little issues with it at the point at which distros and users decided to switch. It was a finished product.
I was just in a position to buy a top of the line video card. Even thought Nvidia still outperforms AMD at the top end I never even considered them an option.
I agree but it’s very unfortunate considering graphics cards are so expensive to replace nowadays so if you already have an Nvidia card then you’re kinda screwed.
“reduces fragmentation” wtf lol. If it wasn’t for flatpak making it easy to run proprietary / obscure apps on my weirdo little distro (Void Linux, one of the few remaining non-systemd distros) I would have switched to something mainstream like Debian long ago. People are gonna go with the distro that supports (i.e. has non-broken packages for) the apps they use. Having a cross-platform package manager makes it easier for small independent distros to exist and be useful, not harder.
EDIT: And while it’s true that Wayland adoption kills obscure X11 window managers, Wayland adoption also spawns a wide range of obscure Wayland compositors. Think hyprland, wayfire… It’s by far not all Gnome and KDE! If anything, we can expect more people making Wayland compositors as hobby projects, if Waylands claims about a simpler codebase are to be believed.
I use flatpak because I enjoy the sandbox as well. Nice to know that a zeroday in some obscure internet-enabled program won’t automatically grant the hacker access to my entire home directory. And as for xbps-src, I might as well submit my package to the official repos while I’m at it. Don’t get me wrong, I do want to eventually contribute to Void’s repos in some way, but when I have time for that. And right now, I don’t have time to essentially become a package maintainer just to be able to use the apps that I need to use.
Yeah, but not everything gets accepted. Like, for example, I use Viber and they won’t accept it because it doesn’t do version numbering when doing releases… and you have no idea when they will update. Basically, short of unpacking the deb and checking the version in the ELF binary, there is no way to know which version you’re running. So, I just post those obscure or out of date software templates on GH and other places.
I’ve also submitted a few times in the official repo… for things I know that I use reglarly and can maintain. Basically, most of them don’t have that many updates, like once or twice a year, so that’s why I opted to submit and maintain them, lol 😂.
If anything, we can expect more people making Wayland compositors as hobby projects, if Waylands claims about a simpler codebase are to be believed.
They are not. Wayland compositors have to do a lot more of the same thing in every compositor than window managers ever had to. So many in fact that their whole central design idea has to be corrected for by everyone using wlroots to implement those common parts to get anywhere anyway which means wayland compositors in other languages without wlroots bindings are less likely.
have to do a lot more of the same thing in every compositor than window managers ever had to
Yes, but is that not entirely expected? As far as I understand, compositors are complete implementations of Wayland’s display server specification, whereas window managers are just a helper program that, well, manages windows, while Xorg does the heavy lifting required to fully implement the X Window System protocol. So the only real difference that I see is that, in the X world, the “common parts” are managed by a separate process (Xorg), whereas in the Wayland world, they are managed by a separate library (wlroots). So a hobbyist developer trying to make a window manager in some obscure language would need to figure out how to communicate with Xorg in that language, whereas a developer trying to make a compositor in some obscure language would need to write wlroots bindings for that language. Maybe I am just ignorant, but those seem like comparable efforts to me.
And lastly, in the X world, the only (widespread) implementation of the X Window System protocol is Xorg, but, in the Wayland world, there are compositors that use wlroots, and those that don’t. So wouldn’t that alone indicate more fragmentation / diversity? Sure, there are more X window managers than Wayland compositors out there, but X11 has also existed for longer. In short, I don’t see how the Wayland system is more adverse to diversity of implementations than X
linuxmemes
Hot
This magazine is from a federated server and may be incomplete. Browse more on the original instance.