Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.devel > #104190
| From | Tim Woodall <debiandevel@woodall.me.uk> |
|---|---|
| Newsgroups | linux.debian.devel |
| Subject | Re: Firmware - what are we going to do about it? |
| Date | 2022-04-19 19:00 +0200 |
| Message-ID | <EdZmP-9OSv-13@gated-at.bofh.it> (permalink) |
| References | (3 earlier) <EdUn7-9LWC-7@gated-at.bofh.it> <EdVjb-9Mw7-1@gated-at.bofh.it> <EdVsR-9Mzp-1@gated-at.bofh.it> <EdYh3-9Ogb-1@gated-at.bofh.it> <EdYAp-9OC8-9@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
On Tue, 19 Apr 2022, Andrey Rahmatullin wrote: > On Tue, Apr 19, 2022 at 04:30:44PM +0100, Tim Woodall wrote: >>> On Tue, Apr 19, 2022 at 02:38:03PM +0200, Jonas Smedegaard wrote: >>>> When I install systems, I consider non-free blobs more risky than other >>>> code. >>> Do you consider loadable non-free blobs more risky than their older >>> versions soldered onto the hardware? >>> >> Definitely "more risky" possibly not "less secure" >> >> One of my biggest frustrations is that it's impossible to selectively >> apply "security patches" and companies are wont to "smuggle" in feature >> changes along with security fixes. > [...] >> No, but I do see a benefit in them not being applied automatically as >> part of a standard update. And for something like a firmware upgrade for >> a network card, I might only want to install it if there was a security >> issue that might actually impact me or I was having a problem. Otherwise >> it's hard to imagine a scenario where a firmware upgrade can make things >> better but it's easy to imagine it making things much worse. > Then what about hardware that doesn't have soldered firmware, only > loadable one? Would you not use it at all? > No, of course not. But I wouldn't upgrade the firmware by default any more than I upgrade the firmware of my radio-alarm clock by default. I upgraded the alarm clock _once_ because it had the new (wanted) feature of being able to set three differently timed alarms rather than the two that it had out of the box but since then I've never even looked to see if there's an upgrade available. Even if someone discovered a security threat that allowed a rogue actor to broadcast a signal to it that turned it on at full volume I still wouldn't bother to upgrade it unless someone actually started doing that in my neighbourhood. (not that the manufacturer would provide an update anyway now) And I cannot buy the same model any more. Subsequent models have the "feature" that in the event of a power failure the radio turns on when power is restored, great, I really wanted to be woken up at 2am to be told that the powercut I didn't know about is over, it has the "feature" that it only sets the time while the radio is actually on, so the first alarm after the clocks change is an hour wrong. (I have no idea whether upgrading the firmware of the one that works the way I want will cause it to adopt the "new, improved" behaviour and I have no intention of finding out.) Those are the sorts of "upgrades" that you'll inadvertently pick up with closed source firemware upgrades. Most of these devices, like my automatic sheet feed scanner, have no credible threat to running "out of date" firmware and unlikely to benefit from an upgrade unless you either hit a known issue or happen to hit an issue that the manufacturer is willing to fix after you report it. Tim.
Back to linux.debian.devel | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-19 02:30 +0200
Re: Firmware - what are we going to do about it? Ansgar <ansgar@43-1.org> - 2022-04-19 08:40 +0200
Re: Firmware - what are we going to do about it? Devin Prater <r.d.t.prater@gmail.com> - 2022-04-19 10:00 +0200
Re: Firmware - what are we going to do about it? Marco d'Itri <md@Linux.IT> - 2022-04-19 10:30 +0200
Re: Firmware - what are we going to do about it? parodper <parodper@disroot.org> - 2022-04-19 10:40 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-19 10:50 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-19 12:00 +0200
Re: Firmware - what are we going to do about it? Luca Boccassi <bluca@debian.org> - 2022-04-19 11:40 +0200
Re: Re: Firmware - what are we going to do about it Steven Robbins <steve@sumost.ca> - 2022-04-23 20:40 +0200
Re: Firmware - what are we going to do about it Steve McIntyre <steve@einval.com> - 2022-04-24 01:30 +0200
Re: Firmware - what are we going to do about it Luca Boccassi <bluca@debian.org> - 2022-04-25 09:40 +0200
Re: Firmware - what are we going to do about it? Christian Kastner <ckk@debian.org> - 2022-04-19 12:00 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-19 12:10 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-19 12:50 +0200
Re: Firmware - what are we going to do about it? intrigeri <intrigeri@debian.org> - 2022-04-19 13:40 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-19 14:40 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-19 14:50 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-19 16:20 +0200
Re: Firmware - what are we going to do about it? Tim Woodall <debiandevel@woodall.me.uk> - 2022-04-19 17:50 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-19 18:10 +0200
Re: Firmware - what are we going to do about it? Timothy M Butterworth <timothy.m.butterworth@gmail.com> - 2022-04-19 18:30 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-19 19:00 +0200
Re: Firmware - what are we going to do about it? Ansgar <ansgar@43-1.org> - 2022-04-19 19:10 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-19 20:00 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-19 23:10 +0200
Re: Firmware - what are we going to do about it? Ansgar <ansgar@43-1.org> - 2022-04-20 08:10 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-20 08:20 +0200
Re: Firmware - what are we going to do about it? Tim Woodall <debiandevel@woodall.me.uk> - 2022-04-19 19:00 +0200
Re: Firmware - what are we going to do about it? Russ Allbery <rra@debian.org> - 2022-04-19 19:30 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-19 23:40 +0200
Re: Firmware - what are we going to do about it? Russ Allbery <rra@debian.org> - 2022-04-20 00:00 +0200
Re: Firmware - what are we going to do about it? Jonas Smedegaard <jonas@jones.dk> - 2022-04-20 11:10 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-20 18:20 +0200
Re: Firmware - what are we going to do about it? Ansgar <ansgar@43-1.org> - 2022-04-20 18:30 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-20 18:50 +0200
Re: Firmware - what are we going to do about it? Russ Allbery <rra@debian.org> - 2022-04-20 20:00 +0200
Re: Firmware - what are we going to do about it? Sam Hartman <hartmans@debian.org> - 2022-04-21 02:10 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-21 15:50 +0200
writing good GR ballots (Re: Firmware - what are we going to do about it?) Holger Levsen <holger@layer-acht.org> - 2022-04-22 12:00 +0200
Re: Firmware - what are we going to do about it? Luca Boccassi <bluca@debian.org> - 2022-04-20 00:30 +0200
Re: Firmware - what are we going to do about it? Christian Kastner <ckk@debian.org> - 2022-04-19 14:10 +0200
Re: Firmware - what are we going to do about it? Jonathan Dowland <jmtd@debian.org> - 2022-04-20 12:50 +0200
Re: Firmware - what are we going to do about it? Paul Wise <pabs@debian.org> - 2022-04-20 09:30 +0200
Re: Firmware - what are we going to do about it? Timo Röhling <roehling@debian.org> - 2022-04-19 12:10 +0200
Re: Firmware - what are we going to do about it? Jeremy Stanley <fungi@yuggoth.org> - 2022-04-19 14:40 +0200
Re: Firmware - what are we going to do about it? Bastian Blank <waldi@debian.org> - 2022-04-19 23:10 +0200
Re: Firmware - what are we going to do about it? Jeremy Stanley <fungi@yuggoth.org> - 2022-04-20 01:00 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-20 17:40 +0200
Keep both images but stop pretending no-free is unofficial Sam Hartman <hartmans@debian.org> - 2022-04-19 16:30 +0200
Re: Keep both images but stop pretending no-free is unofficial Marc Haber <mh+debian-devel@zugschlus.de> - 2022-04-19 19:00 +0200
Re: Keep both images but stop pretending no-free is unofficial Sam Hartman <hartmans@debian.org> - 2022-04-19 22:10 +0200
Re: Keep both images but stop pretending no-free is unofficial Bastian Blank <waldi@debian.org> - 2022-04-19 23:10 +0200
Re: Keep both images but stop pretending no-free is unofficial Pirate Praveen <praveen@onenetbeyond.org> - 2022-04-20 09:30 +0200
Re: Keep both images but stop pretending no-free is unofficial Andrey Rahmatullin <wrar@debian.org> - 2022-04-20 09:50 +0200
Re: Keep both images but stop pretending no-free is unofficial Pirate Praveen <praveen@onenetbeyond.org> - 2022-04-20 10:00 +0200
Re: Keep both images but stop pretending no-free is unofficial Andrey Rahmatullin <wrar@debian.org> - 2022-04-20 10:10 +0200
Re: Keep both images but stop pretending no-free is unofficial Polyna-Maude Racicot-Summerside <debian@polynamaude.com> - 2022-04-20 14:30 +0200
Re: Keep both images but stop pretending no-free is unofficial Andrey Rahmatullin <wrar@debian.org> - 2022-04-20 15:10 +0200
Re: Keep both images but stop pretending no-free is unofficial Ansgar <ansgar@43-1.org> - 2022-04-20 10:30 +0200
Re: Keep both images but stop pretending no-free is unofficial Samuel Thibault <sthibault@debian.org> - 2022-04-20 16:30 +0200
Re: Keep both images but stop pretending no-free is unofficial Ansgar <ansgar@43-1.org> - 2022-04-20 16:40 +0200
Re: Keep both images but stop pretending no-free is unofficial Marco d'Itri <md@Linux.IT> - 2022-04-19 23:10 +0200
Re: Keep both images but stop pretending no-free is unofficial Gunnar Wolf <gwolf@debian.org> - 2022-04-21 20:20 +0200
Re: Keep both images but stop pretending no-free is unofficial Hakan Bayındır <hakan@bayindir.org> - 2022-04-21 20:30 +0200
Re: Keep both images but stop pretending no-free is unofficial Gunnar Wolf <gwolf@debian.org> - 2022-04-21 21:20 +0200
Re: Firmware - what are we going to do about it? Diederik de Haas <didi.debian@cknow.org> - 2022-04-19 21:40 +0200
Re: Firmware - what are we going to do about it? Paul Wise <pabs@debian.org> - 2022-04-20 09:40 +0200
Re: Firmware - what are we going to do about it? Paul Wise <pabs@debian.org> - 2022-04-21 08:20 +0200
Re: Firmware - what are we going to do about it? Pirate Praveen <praveen@onenetbeyond.org> - 2022-04-20 09:50 +0200
Re: Firmware - what are we going to do about it? Devin Prater <r.d.t.prater@gmail.com> - 2022-04-20 12:10 +0200
Re: Firmware - what are we going to do about it? Polyna-Maude Racicot-Summerside <debian@polynamaude.com> - 2022-04-20 14:40 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-20 17:50 +0200
Re: Firmware - what are we going to do about it? Polyna-Maude Racicot-Summerside <debian@polynamaude.com> - 2022-04-20 14:40 +0200
Re: Firmware - what are we going to do about it? Samuel Thibault <sthibault@debian.org> - 2022-04-20 14:50 +0200
Re: Firmware - what are we going to do about it? Polyna-Maude Racicot-Summerside <debian@polynamaude.com> - 2022-04-20 15:10 +0200
Re: Firmware - what are we going to do about it? Samuel Thibault <sthibault@debian.org> - 2022-04-20 15:20 +0200
Re: Firmware - what are we going to do about it? Jonathan Dowland <jmtd@debian.org> - 2022-04-20 15:40 +0200
Re: Firmware - what are we going to do about it? Devin Prater <r.d.t.prater@gmail.com> - 2022-04-20 17:00 +0200
Re: Firmware - what are we going to do about it? Steve Langasek <vorlon@debian.org> - 2022-04-20 18:40 +0200
Re: Firmware - what are we going to do about it? Devin Prater <r.d.t.prater@gmail.com> - 2022-04-20 20:00 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-20 21:20 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-21 16:00 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-20 19:20 +0200
Re: Firmware - what are we going to do about it? Jonathan Dowland <jmtd@debian.org> - 2022-04-20 12:50 +0200
Re: Firmware - what are we going to do about it? Simon Richter <sjr@debian.org> - 2022-04-21 22:10 +0200
Re: Firmware - what are we going to do about it? Russell Stuart <russell-debian@stuart.id.au> - 2022-04-20 13:40 +0200
Re: Firmware - what are we going to do about it? Paul Wise <pabs@debian.org> - 2022-04-20 14:40 +0200
Re: Firmware - what are we going to do about it? Steve McIntyre <steve@einval.com> - 2022-04-20 18:00 +0200
Re: Firmware - what are we going to do about it? Steve Langasek <vorlon@debian.org> - 2022-04-20 21:30 +0200
Re: Firmware - what are we going to do about it? nervuri <nervuri@disroot.org> - 2022-04-20 22:20 +0200
Re: Firmware - what are we going to do about it? Paul Wise <pabs@debian.org> - 2022-04-21 08:00 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan.bayindir@tubitak.gov.tr> - 2022-04-21 09:30 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-21 10:00 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-21 10:20 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-21 12:50 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-21 18:40 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-21 10:00 +0200
Re: Firmware - what are we going to do about it? Russ Allbery <rra@debian.org> - 2022-04-21 19:20 +0200
Re: Firmware - what are we going to do about it? Andreas Tille <andreas@an3as.eu> - 2022-04-22 07:20 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-22 08:40 +0200
Re: Firmware - what are we going to do about it? IOhannes m zmölnig <umlaeute@debian.org> - 2022-04-22 09:40 +0200
Re: Firmware - what are we going to do about it? Marc Haber <mh+debian-devel@zugschlus.de> - 2022-04-23 12:20 +0200
Re: Firmware - what are we going to do about it? Thomas Goirand <zigo@debian.org> - 2022-04-21 09:40 +0200
Re: Firmware - what are we going to do about it? Mattias Wadenstein <maswan@acc.umu.se> - 2022-04-21 11:30 +0200
Re: Firmware - what are we going to do about it? Paul Wise <pabs@debian.org> - 2022-04-21 11:50 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-21 11:40 +0200
Re: Firmware - what are we going to do about it? Moritz Mühlenhoff <jmm@inutil.org> - 2022-04-21 20:10 +0200
Re: Firmware - what are we going to do about it? Leandro Cunha <leandrocunha016@gmail.com> - 2022-04-22 00:30 +0200
Re: Firmware - what are we going to do about it? Philip Hands <phil@hands.com> - 2022-04-22 11:20 +0200
shim-signed (was: Firmware - what are we going to do about it?) Marc Haber <mh+debian-devel@zugschlus.de> - 2022-04-23 12:30 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Ansgar <ansgar@43-1.org> - 2022-04-23 14:00 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Marc Haber <mh+debian-devel@zugschlus.de> - 2022-04-26 16:10 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Ansgar <ansgar@43-1.org> - 2022-04-26 17:00 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Steve McIntyre <steve@einval.com> - 2022-04-23 19:30 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Paul Wise <pabs@debian.org> - 2022-04-24 04:40 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Marc Haber <mh+debian-devel@zugschlus.de> - 2022-04-26 16:20 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Steve McIntyre <steve@einval.com> - 2022-04-26 18:40 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Bastian Blank <waldi@debian.org> - 2022-04-26 21:10 +0200
Re: shim-signed (was: Firmware - what are we going to do about it?) Paul Wise <pabs@debian.org> - 2022-04-27 00:10 +0200
Re: shim-signed The Wanderer <wanderer@fastmail.fm> - 2022-04-27 00:40 +0200
Re: shim-signed Steve McIntyre <steve@einval.com> - 2022-04-28 18:20 +0200
Re: shim-signed The Wanderer <wanderer@fastmail.fm> - 2022-04-27 00:40 +0200
Re: shim-signed Tollef Fog Heen <tfheen@err.no> - 2022-04-28 06:30 +0200
Re: shim-signed Steve McIntyre <steve@einval.com> - 2022-04-28 18:30 +0200
Re: shim-signed Tollef Fog Heen <tfheen@err.no> - 2022-04-24 09:00 +0200
Re: shim-signed Hanno 'Rince' Wagner <wagner@debian.org> - 2022-04-24 09:20 +0200
Re: shim-signed Tollef Fog Heen <tfheen@err.no> - 2022-04-28 06:30 +0200
Re: shim-signed Steve McIntyre <steve@einval.com> - 2022-04-28 18:30 +0200
Re: Firmware - what are we going to do about it? Holger Levsen <holger@layer-acht.org> - 2022-04-22 11:50 +0200
Re: Firmware - what are we going to do about it? Paul van der Vlis <paul@vandervlis.nl> - 2022-04-23 15:30 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-23 16:10 +0200
Re: Firmware - what are we going to do about it? Paul van der Vlis <paul@vandervlis.nl> - 2022-04-23 23:00 +0200
Re: Firmware - what are we going to do about it? Iustin Pop <iustin@debian.org> - 2022-04-23 23:10 +0200
Re: Firmware - what are we going to do about it? Simon Richter <sjr@debian.org> - 2022-04-24 05:10 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-24 09:50 +0200
Re: Firmware - what are we going to do about it? Timothy M Butterworth <timothy.m.butterworth@gmail.com> - 2022-04-23 23:20 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-23 23:30 +0200
Re: Firmware - what are we going to do about it? Paul van der Vlis <paul@vandervlis.nl> - 2022-04-25 18:10 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-25 18:50 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-25 22:50 +0200
Re: Firmware - what are we going to do about it? Ansgar <ansgar@43-1.org> - 2022-04-26 08:20 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-26 09:50 +0200
Re: Firmware - what are we going to do about it? Ansgar <ansgar@43-1.org> - 2022-04-26 10:40 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-26 11:00 +0200
Re: Firmware - what are we going to do about it? Andrey Rahmatullin <wrar@debian.org> - 2022-04-26 11:10 +0200
Re: Firmware - what are we going to do about it? Hakan Bayındır <hakan@bayindir.org> - 2022-04-26 11:50 +0200
Re: Firmware - what are we going to do about it? Hans <hans.ullrich@loop.de> - 2022-04-26 11:50 +0200
Re: Firmware - what are we going to do about it? Helmut Grohne <helmut@subdivi.de> - 2022-04-30 14:10 +0200
csiph-web