This is a development instance of xesite. Things here are probably unfinished or in drafting. Don't take anything here super seriously. If you want to share this to an online aggregator, please don't. Drafts are not finalized yet for a reason. Please don't be the reason I need to implement more advanced security than just obscurity.

GNU Doesn't Care About Your Agency

Read time in minutes: 10

Cadey is coffee
<Cadey> EDIT(2022-02-10 12:47 EST): I apparently misread part of the GNU #guix channel rules and made an unreasonable assumption that violators of the rules could be banned. I have amended a conversation fragment accordingly. My intent was not to lie, but to point out that some users actually need stuff that nonguix provides but they just have to know that it exists in the first place.

Or: Ubuntu gives the user more agency about how they want to use their computer than fully libre GNU/Linux distros ever can.

There are many different kinds of Linux distributions, but today we're going to think about a certain kind of distribution: ones where the distribution is totally comprised of free software as much as possible.

These distributions aim to let users benefit by making it possible to study, hack at and modify every byte of software on the machine's hard drive. This is a fairly noble goal, however in the process of doing this they break core parts of hardware compatibility by "de-blobbing" the kernel. Most of these distributions have a very paternalistic implementation where the "de-blobbed" linux-libre kernel is the only option, thus limiting users' agency.

For example, let's think about the CPU that I'm using right now. The CPU I'm using is designed to be able to load CPU microcode updates that are distributed by the manufacturer in order to mitigate bugs in the microcode that released with the CPU that can cause real-world impact on what I do. Due to Facts and Circumstances that are immutable for the sake of argument, this microcode is not open source and cannot be compiled from source code. The linux-libre kernel removes the ability to load such firmware updates at runtime.

This means that if something like the FDIV bug or Spectre shows up again but it can be patched trivially with a microcode update, by nature of using the linux-libre kernel I am doomed until the base microcode gets updated from the motherboard manufacturer. If they release a closed-source update that you cannot inspect or modify.

This paternalistic view of "you shouldn't be able to load microcode updates because they aren't open source" means that my CPU will be vulnerable to potentially critical security flaws and I have no way to work around it. This ends up creating a limitation in how I use my computer. This is worse than the limitations of proprietary hardware because there is the illusion of free choice that the community will spout off about as the next coming of sliced bread. That still doesn't change the fact that my wifi card won't work without the normal kernel and firmware blobs.

Combine this with other things like wifi card firmware (some wifi cards don't have the firmware stored on the device, they require the OS to send it firmware at runtime to make it work at all), and you have actually limited the agency and capability of users far, far more than if you just let them load the firmware in the first place.

Cadey is coffee
<Cadey> Yes, Yes the companies made the hardware this way in the first place and are responsible for the problem, but telling users they are wrong for wanting it to work because of an implementation detail about how the hardware updates itself feels a lot like victim blaming. I am aware of the Talos II being a magical puppy and rainbow situation where all of this isn't an issue, but sadly the world just didn't turn out that way and we have to deal with the results of it.

Consider a situation like wanting to play an online game together with friends, but through Facts and Circumstances you have an Nvidia GPU and the game is on Steam with no open source option. If you are using a fully open source operating system with no capacity to install Steam or the Nvidia drivers, you are screwed and thus your freedom to use your computer how you want is severely limited.

This also extends to how those Linux distributions handle things like AWS. AWS is largely the poster child of a proprietary cloud hosting platform that you are made to work with as part of your job. Consider if something like Parabola GNU/Linux created AWS images and gave users a best-in-class user experience for using them. This would make the net cost of using a highly auditable environment a lot lower than the current "don't use AWS lol" (which is again really close to victim blaming), and would also create institutional knowledge that would let other people benefit from this as a second or third order effect.

Parabola making AWS images means they can create more generic images, which means that other people can use those images to do whatever they want with their own hardware. This lets you have a net benefit to everyone in the project by decreasing the friction of using it, so it will in turn make users more likely to adopt it.

Remember the law of halves. Every additional step in adoption costs you half your audience. Spinning up an AWS instance to mess around with it is a very low-friction operation.

Numa is delet
<Numa> But you can just not be a scrub and compile your own traitor kernel that lets you load freedom-violating binary blobs!

Cadey is angy
<Cadey> Then you have to hope your CPU is good enough to build a kernel, hope you can pay attention to the kernel security mailing list enough to upgrade it when you need to and finally hope you can upgrade the firmware blobset that the kernel publishes separately! Hope is not a scalable strategy.

If their goal is really to liberate users and make it easy for them to have control over what their computer is doing, they should make it trivial to escape hatch into a less "pure" setup without having to install third party repositories that you just have to know about or sidestepping the upstream update process to install your own system software. This is more victim blaming.

The GNU project could be more than a circlejerk around things that the toe cheese god said in the 80's and 90's. They could have been a source of reverse engineering tools, institutions and overall inspire the kind of culture that would make it easy to understand arbitrary hardware, platforms and software that you either come across or are made to use as a part of your job.

But they aren't. Instead, Guix, one of their if not their main flagship project for making a fully GNU system, is addled by the use of the linux-libre kernel. This makes the kernel fundamentally incompatible with a shocking number of computers, thus limiting users' freedom to use Guix at all.

Mara is hmm
<Mara> But wait, isn't there that one nonguix project that allows you to install a normal kernel and Steam?

Cadey is angy
<Cadey> Yeah, but talk about that in the main #guix channel and you get told to not talk about it. You just have to know that it exists and you can't learn that it exists without knowing someone that tells you that it exists under the table, like some kind of underground software drug dealer giving you a hit of wifi card firmware. This means that knowledge of the nonguix project (which may contain tools that make it possible to use Guix at all) is hidden from users that may need it because it allows users to install proprietary software. This limits user freedom from being able to use their computer how they want by making it a potentially untrustable underground software den instead of something that can be properly handled upstream without having to place trust in too many places.

Numa is delet
<Numa> That hardware is defective by design and you shouldn't use it.

Cadey is angy
<Cadey> Wow, thanks, I'm cured. My wifi card magically stopped existing and now everything is happy unicorns farting out rainbows that spawn free puppies and everything is saved forever.

Again, that doesn't help me with the situation that my wifi card doesn't work and I as a user want it to even though making it work will require proprietary firmware. This shit is how you get things like the "GPL condom" in the Purism Librem phone, where all the proprietary firmware is rigged to be loaded automagically in hardware instead of sofware. This limits your ability to tinker with or modify the firmware even if there are legitimate reasons such as critical updates. So by making the hardware work with fully free software you have limited the ability to actually improve the state of the world even with the proprietary firmware the manufacturer gives you.

Ubuntu gives the user more agency about how they want to use their computer than fully libre GNU/Linux distros ever can.

This article was posted on M02 10 2022. Facts and circumstances may have changed since publication. Please contact me before jumping to conclusions if something seems wrong or unclear.

Tags: gnu libre rant

This post was not WebMentioned yet. You could be the first!

The art for Mara was drawn by Selicre.

The art for Cadey was drawn by ArtZora Studios.

Some of the art for Aoi was drawn by @Sandra_Thomas01.