Quoting Andrey Rahmatullin (2022-04-19 18:01:10) > On Tue, Apr 19, 2022 at 04:30:44PM +0100, Tim Woodall wrote: > > > On Tue, Apr 19, 2022 at 02:38:03PM +0200, Jonas Smedegaard wrote: > > > > When I install systems, I consider non-free blobs more risky > > > > than other code. > > > Do you consider loadable non-free blobs more risky than their > > > older versions soldered onto the hardware? > > > > > Definitely "more risky" possibly not "less secure" > > > > One of my biggest frustrations is that it's impossible to > > selectively apply "security patches" and companies are wont to > > "smuggle" in feature changes along with security fixes. > [...] > > No, but I do see a benefit in them not being applied automatically > > as part of a standard update. And for something like a firmware > > upgrade for a network card, I might only want to install it if there > > was a security issue that might actually impact me or I was having a > > problem. Otherwise it's hard to imagine a scenario where a firmware > > upgrade can make things better but it's easy to imagine it making > > things much worse. > Then what about hardware that doesn't have soldered firmware, only > loadable one? Would you not use it at all?
I notice that you shift the conversation topic from *upgrading* firmware to *introducing* firmware. I already mentioned that I would sometimes upgrade to newer firmware, which I mean to imply that yes I would sometimes dare to permit my devices to execute firmware. Sorry if that was unclear. My concern is about hardware changing behavior. I.e. hardware not being stable. Sometimes I choose to let my devices be broken (e.g. not load firmware onto a builtin wifi or audio device that I don't really use). Sometimes I choose to let my devices work like they did last year (e.g. not upload newer firmware onto a bluetooth or ethernet device that last year worked fine with its builtin firmware). - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
