As per fsf only those linux distributions are 100% free:
Dragora
Dyne
Guix
Hyperbola
Parabola
PureOS
Trisquel
Ututo
libreCMC
ProteanOS
Do you agree or no?
I see a lot of people that want to switch from windows to a linux distro or a open os. But from what i see they tend to migrate to another black boxed/closed os.
What is a trully free os that doesnt included any closed code/binary blobs/closed drivers etc.
Just 100% free open code, no traps.
What are the options and what should one go with if they want fully free os that rejects any closed code?
Ah… but then that’s not enough, you need to insure that the supply chain itself is 100% free! For example if you are using an Intel CPU, how can you verify it does what it says it does?
Enter precursor.dev ! Check this out if 100% free is not enough for you.
PS: honestly do what makes pragmatically your world, and that of the ones around you, better. Hopefully it is toward free software but IMHO if you have more agency with usage (which yes does overlap significantly with this) then it’s a powerful step to keep on doing so.
Personally I’m a fan of smoke signals. No proprietary blobs in sight.
Probably OpenBSD NetBSD
Literally one of the first things OpenBSD does when you first boot it is automatically install firmware blobs via: https://man.openbsd.org/fw_update
I think using major distros like Fedora, Ubuntu, or Debian is fine, because corporate backing often supports faster security fixes and better infrastructure.
Fedora and Debian are 100% free operating systems that only include free software.
The FSF does not like them because they include non-free firmware.
The debate is entirely how you define what is software and what is hardware.
How is it 100% free if it has non free firmware? Lol.
Your hardware is most likely not free and open source. If you use non-free hardware, it is better to have security fixes then leave it unpatched. If you are using non-free hardware it doesn’t matter how free your distro is, you still must depend on hardware blackboxes. Your hardware can directly interact with your distro and do something malicious regardless of the presence of firmware blobs.
Those distros (Fefora & Debian) are fully free, but acknowledge that hardware isn’t in most cases. And like responsible and reasonable developers they choose what is best for stability and security.
Exactly, the Intel TPM is almost certainly a literal NSA backdoor, as claimed by the Chinese government (which would explain Microsoft giving up Windows market share by requiring that for Win 11). When your CPU has its own network stack in a secure enclave that is inherently its own OS basically, how does running a pure open source OS on top of that mitigate anything?
Your hardware is 100% “not free”. It has proprietary firmware. Lots of it. Most of it is for internal chips that you are not even aware of. The hardware you are running is not free. And it has firmware. Clear?
So, your position is that hardware that let’s you upgrade some of this firmware, hardware that let’s you control what bits get put on it, is LESS free than hardware that does not let you see or control that. How greater control is less free is totally beyond me.
And the reason you think this is because you actually have the non-free bits that make up a firmware upgrade. So you tell yourself that not touching this upgrade is a good thing because that upgrade is “proprietary”. Except that you are still running proprietary firmware for the exact same hardware. It needs firmware to work. The firmware you are downloading is just an upgrade.
Either you are running hardware that does not let you upgrade its firmware but that still has firmware nonetheless or you are running hardware with firmware that could be upgraded but you are refusing to upgrade it.
Either way, you have done absolutely nothing to advance your “freedom”. Honestly, it just boggles my mind.
Now, if there really was hardware out there that could be run without using any proprietary bits, that would be a different story. If you were willing to run such hardware, I would buy your ideological purity story. But we all know that this is not the hardware you are running. If you are not typing these comments on x86-64 than it is on ARM. Either way, your words are going through proprietary firmware before they get to me (even if you run these FSF approved distros).
I look forward to the day when truly free hardware exists and I can lose this argument to you. I truly do.
For that goal, really stick by the FSF recommendations, for that, they are perfect as they have strict requirements.
But I think calling other GNU/Linux distros black box only because some drivers are proprietary is a bit too far, some people just prefer a “minimum damage” approach and that’s a compromise everyone needs to decide for themselves. If I were living in China or Iran, however, then I would exclusively run distros like that as well.
Edit: typo
We ate talking about:
- CPU Microcode
- Firmware for network and WiFi cards
Those are not just “some hardware will not work”. Currently, don’t using those blobs that you will have an vulnerable CPU but ad you are also offline that should be safe /sarcasm
I have to answer to this post directly… First of all: I am a member of the European free software foundation. I am since over 10 years.
Using those distributions is, sadly, a security risk!
Everybody must be absolutely clear about the fact that CPU microcode updates are property blobs, and therefore removed by those projects.
This means: Your CPU runs with only the build in firmware and is most likely vulnerable against many CPU level attacks. CPU bugs can only be fixed with microcode , and if you drop those from the systems you leave the systems vulnerable.
Full free software distributions are a important, but very esoteric.
OP claims even the kernel itself is non free software. So let me just cite the kernel archive
Is Linux Kernel Free Software?
Linux kernel is released under the terms of GNU GPL version 2 and is therefore Free Software as defined by the Free Software Foundation.
I heard that Linux ships with non-free “blobs”
Before many devices are able to communicate with the OS, they must first be initialized with the “firmware” provided by the device manufacturer. This firmware is not part of Linux and isn’t “executed” by the kernel – it is merely uploaded to the device during the driver initialization stage.
While some firmware images are built from free software, a large subset of it is only available for redistribution in binary-only form. To avoid any licensing confusion, firmware blobs were moved from the main Linux tree into a separate repository called linux-firmware.
It is possible to use Linux without any non-free firmware binaries, but usually at the cost of rendering a lot of hardware inoperable. Furthermore, many devices that do not require a firmware blob during driver initialization simply already come with non-free firmware preinstalled on them. If your goal is to run a 100% free-as-in-freedom setup, you will often need to go a lot further than just avoiding loadable binary-only firmware blobs.
The FSF has an ass-backwards approach to firmware, leading to only these distros fulfilling their requirements.
Their preference for firmware is as follows:
- Firmware that’s open source (fair enough)
- Firmware that can’t be updated (i.e. devices that are flashed once at the factory)
- Firmware that can be updated (CPU microcode, firmware for GPUs, SSDs, etc)
As Linux includes patching of CPU microcode on boot (to fix security vulnerabilities and bugs) the default build of Linux doesn’t fulfill those requirements.
Honestly, I am grateful that the FSF is a bit more strict in this definition. While I do not care too much about this, I think it is good that we have some ideal to follow and look forward. And its good, because anyone who wants to go that route, have a community and direction.
Disagree. Their priorities are backwards.
Company A releases a product, it runs closed-source proprietary firmware on-board, and it can’t be updated by the user even if bugs or compatibility issues are found later on in the product’s life cycle.
Company B releases a product, it runs closed-source proprietary firmware on-board, but it can be updated by the user if bugs or compatibility issues are found later on in the product’s life cycle.
According to the FSF, product A gets the stamp of approval, product B doesn’t. That makes no sense.
I have seen enough devices get kneecapped by the manufacturer after release to know that the FSF’s viewpoint is the correct one.
Idealism is fine.
Braindead self-denial less so.
How is proprietary firmware that cannot be updated superior?
The line the FSF draws between what is hardware and what is software is total nonsense
The FSF should stick to software so they can maintain the completely hard line that you value. That can apply to actual software.
There should maybe be a Free Hardware Foundation too (maybe a sister or sub-project). If that existed though, they would have to reject pretty much all the hardware that all of us use, including the hardware that the operating systems in this list were designed to run on. Because they are all completely proprietary regardless of their firmware update policies.
I would love a FHF. Let’s all use open schematic, RISC-V systems with open source firmware. Yes please!
But let’s stop doing dumb shit like refusing to update the microcode on our Intel CPU and pretending that is more free instead of just more dumb.
The way why the FSF approaches firmware today is totally braindead (in my view).
Iirc, the list is of operating systems that the FSF recommends. You could have a system running 100% free software, but the FSF won’t recommend it if the distro makes it easy to theoretically install proprietary code. It’s fine to run such a system, but the FSF won’t recommend it.
Better get an Open Hardware RISC V system, with stuff like the graphics, sound and elt/WiFi/Bt being Open Hardware too.
Then you can go with a fully open OS and it will actually make sense.
This. When RISC V hardware starts being more common and decently priced (price/perf), sure, I’ll happily go all open. Till then running with half my hardware broken doesn’t really do me any favors
Became quite trivial, e.g. took me 15min to get CopyParty on a Debian on a Banana Pi running RISC-V https://mastodon.pirateparty.be/@utopiah/115332958192905605 and staying headless performances are fine.
Depending on whether you want a distro that removes all non-free options from the start or one that gives you free options, or ways to only select free options, I’d add Gentoo to that list. Much like in other situations, it gives you the choice to have your cake and eat it too. You can select a list of licenses you want (with certain predefined sets), and override that list on a per-package basis if you want/need.
Here is a Guide/Wiki-Article.
Trisquel is an Ubuntu base, with all non-free and binary-blobs removed.
Any spyware, data harvesting, tracking, advertising, or hidden code has been removed.
This also means some hardware will not work under Trisquel, because that hardware relied on drivers which were a blob of unreadable code.
–
I think everyone running Linux should try an FSF endorsed distro, and have it as a general goal to move towards over time. The easy way, is to try it first on a LiveUSB or in a VM.
To really see these distros shine, they need to be used on hardware that has open-drivers available.
To find functional open-hardware, you can use the same hardware models that various online, libre, hardware-retailers are using, such as:
Or trawl through h-node.org to decipher what may work.
–
A second 100% libre laptop or box is a good idea for sensitive or personal content.
My priority in what I use is for it to work out-of-the-box, be secure, and not get in my way. For security reasons I do support the concept of 100% open-source purity (though I’m much softer on or even opposed to the “free” part of FOSS), but I’m not prepared to sacrifice convenience for that cause.
You know it’s explicitly not “free as in beer” right?
In theory. In practice being free to use, share, modify, and redistribute it makes it in practice “free as in beer”. I am aware that projects are technically allowed to charge money for an iso file and the like.
Calling Debian stable another black boxed closed OS is just rage bait.
We need purists like the fsf. They are truly fighting the good fight, but I am also happy to see people be just more free too, even with some compromise.
We need purists like the fsf.
I do not mind that they are purists. On this issue, my problem is that the line they draw between open and proprietary is an entirely meaningless one and yet the act as absolutist about it as everything else.
I do not mind that they are “pure”. I dislike that what they are saying is wrong (inaccurate, not morally wrong).
The operating system and up seems like a totally resonance place to draw the line for Free Software. I mean “software” is right in the name.
Making a big deal about firmware is asking me to pretend I do not know how hardware works and ignore that I am actually using totally proprietary tech regardless. And classifying hardware that is more open as less free just jumps the shark completely. It hear no evil, see no evil nonsense that demands that I never ask questions or look behind the curtain.
I do disagree with you. Proprietary firmware and proprietary hardware does make you less free. But if the rental agreement you have with them is good enough for you, why would I bash you for it, you know?
Its why RISCV is exciting in the CPU space to me. Its more free (even if the IP under it is proprietary). Every step we take towards it advanced the field to me. Again though, if you are renting any piece of the stack, it’s still better that you own what you can to do what you/want then just giving into the “you will own nothing” push.
Just gotta take the wins where we can, celebrate the work, and keep working, you know?
I am not sure we are understanding each other. My point is that the FSF counting worse firmware outcomes as wins (like firmware that I cannot even see or update). Their position is that, if it is not a binary blob in your distro, it does not exist and is therefore ok. Whatever. Firmware that can be updated is better than firmware that cannot. The fact that that they disagree is nuts.
Let’s just agree that RISC-V is a good thing. I cannot wait to have Linux running on a truly free ISA. The hardware design needs to be free too though. The ISA is not enough. A proprietary chip is still a proprietary chip even if the ISA is RISC-V.
But, if the ISA is free, at least I am not locked into a proprietary ecosystem because I can also buy my hardware from somebody else and run all my existing software on it.
People underestimate how important RISC-V is on the micro-controller side. Because when you have an NVIDIA GPU, the “firmware” that you use on Linux is just small piece of the puzzle. There are several chips in that card and today you have absolutely no idea how any of them work. You may not even know what ISA they use. In the future (and it is increasingly common today) all those internal chips will be RISC-V chips too.
I agree, rhetoric like OP’s framing a non-FOSS distro as ‘just another closed source/black boxed OS’ reads like OP is suggesting it isn’t even worth migrating from Windows to say, Bazzite. Which is dangerous.
I’ll take a door I can peer into but has a few shadows over a completely closed door anyday.
Debain and Fedora are 100% free software operating systems.
Point at a single package in either one that is proprietary software.
Driver firmware does not count. Why? Because that is hardware. The hardware is proprietary regardless and there is proprietary firmware in my hardware regardless of what my OS does.
None of the operating systems listed run on “free” hardware, so arguing about how free the non-free hardware is is meaningless.
Calling Debian and Fedora “closed source” or “black box” because they distribute firmware is madness. Hardware that cannot be updated at all is less “black box”? If that is your view, your opinions hold no weight with me at all.
driver firmware does not count?
ofc it does.
it is just your opinion and it holds also no weight with me tooWhy does the proprietary firmware in your hardware only suck if it can be upgraded?
You are quite happy running hardware that uses proprietary firmware as long as it does not show it to you. But if it shows it to you then it has to be free software?
I am not saying free software would not be better. Clearly it would be. But saying that not showing the firmware to you is better than showing it to you makes no sense. Please try to make a good argument for why it is ok as long as you don’t see it?
Given that you are willing to run proprietary firmware, why are you not willing to run proprietary firmware that can be upgraded? Got an argument for that makes your “ofc it does” even a little bit valid?
Or are you running on 100% “free” hardware? Because that is for sure not anything based on AMD or Intel and for sure not using any GPU or network card that I have ever heard of.
RISC-V is fighting the good fight. But even there the actual hardware being used today is proprietary, including of course the firmware (accessible or not). And I doubt you are running RISC-V anyway.
