On Thu, Feb 18, 2016 at 10:03:16AM -0500, Greg Troxel wrote:
>
> Jorge Luis <jorgeluiscorreioeletronico%gmail.com@localhost> writes:
>
> [...]
>
> > NetBSD really include blobs?
>
> Yes, because it is the only currently known path to make some drivers
> work. Mostly this is firmware to be loaded.
>
> It would seem reasonable to have some MK knob to disable to remove this,
> for people that don't want to run code without sources.
>
> However, you might want to ponder the difference between firmware that's
> in ROM on a wifi card and the same firmware that's squirted in at boot
> time from the OS. It gets messy when you become really hard core about
> software freedom...
Since one of my network card was unsupported, I wondered if I could try
to add the support by myself (knowing strictly nothing to start with).
And to have an idea of what an ethernet card could do, or simply to
know at least the basic standard words or expressions, I downloaded some
Intel documentation about a recent high-end card.
I was simply amazed about what the device is doing by itself... And came
to the conclusion (am I mistaken?) that a "safe" OS is good (this
prevents some relatively easy remote level of eavesdroping), but if one
does not know what the hardware does by itself... (Imaging what a device
handling communication could do to pass your communication where they do
not belong, and I speak about hardware, not software even in blobs.)
There is even a famous paper by Ken Thompson about compilers. It's good
to have the sources, but if one does not know what the compiler does...
And the size of the sources or the organization of the sources can
prevent actually any level of checking...
This is not to say that doing nothing is good or to say that since
everything can not be done, nothing has to be done. This is simply to
say that claiming an "absolute" security is a fallacy.
Hence, there is some arbitration between theory and reality; principles
and practicability.
--
Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
http://www.kergis.com/
http://www.arts-po.fr/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
Attachment:
signature.asc
Description: PGP signature