:: Re: [DNG] gNewSense
Top Page
Delete this message
Reply to this message
Author: Adam Borowski
Date:  
To: dng
Subject: Re: [DNG] gNewSense
On Mon, Jun 27, 2016 at 08:48:16AM +1000, Ozi Traveller wrote:
> That's a good question! I tried too but couldn't get there either. :(
>
> http://linux.softpedia.com/get/System/Operating-Systems/Linux-Distributions/gNewSense-17250.shtml
> https://trisquel.info/en/forum/release-gnewsense-4-beta-codenamed-ucclia
> https://libreplanet.org/wiki/Free_distros_torrent


I would strongly recommend against using gNewSense for anything but a
throw-away test box. They leave critical bugs unpatched that cause data
loss, random crashes, security issues, for ideological reasons.

Let's see for example CPU microcode. I prefer AMD as they're far less
backdoored than Intel, but what about this:
https://lists.debian.org/debian-security/2016/03/msg00084.html
An unprivileged user, even contained in an unprivileged virtual machine,
can execute arbitrary code in the host's kernel. Yay.
Like most CPU bugs, this one affects only a few processor models, but as
there's several tens of severe bugs per year, and that's counting only found
&fixed&announced ones, there's plenty for every model. Recent Intel CPUs
are especially bad here: http://danluu.com/cpu-bugs/, up to disabling widely
hyped extensions:
https://techreport.com/news/26911/errata-prompts-intel-to-disable-tsx-in-haswell-early-broadwell-cpus

Yes, free software is vital, not just for ideological but also practical
reasons, but if you don't have free hardware to run it on, I'd prefer the
non-free hardware to at least work reliably. And without the microcode
update, you're running a non-free blob anyway -- the version you have burned
into the CPU's ROM, just as non-free as the update but more buggy.

And it's not a matter of just firmware (for CPU, network cards, etc). What
about running X on modern graphics cards? Nouveau causes crashes on mine
while the proprietary driver works reliably. Graphics driver debugging
requires some very specific skills -- I for one couldn't do anything above
reporting a bug and providing serial console logs:
https://bugs.freedesktop.org/show_bug.cgi?id=79518


gNewSense guys also suffer from hypocrisy: for example, they push as "free"
documentation that requires keeping possibly false blabbing that's
irrelevant to the documentation, and can't be printed/etc without
advertising on both covers.

(Actually, even Debian includes some non-free licenses in main: GFDL forbids
chmod -r or locking your server room (a door key might be 6000 years old
technology, but the GFDL wording sounds clear to me). Or, Affero licenses
which forbid an IMAP server or steganography.)


Meow!
--
An imaginary friend squared is a real enemy.