> Hello,

Hello Mr. Whoever you are,

> It has come to my attention that OpenBSD does not included non-free
> drivers, dubbed "blobs" - which is excellent. However, you still
> include non-free firmware in the kernel and some packages.

That is false.

The kernel includes a few minor firmwares which are FREELY PROVIDED
by the vendors of that hardware, since those vendors chose to not put
those firmware onto ROMS on their cards. Those firmwares are FREE.
Please indicate a single vendor who wants MONEY for that firmware.
They don't want money. They want people to use the hardware which
they skipped on adding a ROM to. That is why the firmware is free.

A few other firmwares are slightly less free. Meaning they are free
for money, but they try to stipulate subtle rules we do not want to
impact the freedom of our source tree with. To solve this specific
problem, a few creative developers in the group have found a way to
package those up and make them available on the internet. OpenBSD
has a tool built in which will download those, so that our base source
tree remains full of freedom.

Those are treated the same. If the hardware exists, we load it onto
the hardware.

The firmwares are NOT RUN BY THE HOST CPU.

They are running on the network or other such hardware which you
foolishly purchased!

> With spying revelations, it is well-known that non-free firmware can
> contain backdoors. ( just one recent example:
> http://www.wired.com/2015/02/nsa-firmware-hacking/ )

You are speaking in riddles. Non-free firmware can contain backdoors
just as well.

99% of the hardware we run on contains firmwares *IN ROM*. Those
could contain backdoors. You use such machines. You sent your email
from a machine containing ROM firmwares. Quite often, those are not
in true ROM, either, but rewriteable using tricks that the vendors
know, but which we don't know.

> I would feel a lot safer if the kernel and packages were fully free,
> containing no non-free drivers nor non-free "firmware".

That's nice. Then don't run hardware which needs those firmwares.

See, your problems are solved so easily!

> At the very least provide a separate branch of known "clean" 100%
> free packages and kernel. For example the non-free athn and rsu
> firmware are currently in the repository, and I would suspect other
> non-free firmware is into the kernel.

You are so full of BS!

The firmware for the athn driver is NOT IN THE REPOSITORY!

For USB devices, the driver needs at least version 1.1 of the following
firmware files, which are loaded when an interface is attached:

/etc/firmware/athn-ar7010
/etc/firmware/athn-ar7010-11
/etc/firmware/athn-ar9271

A prepackaged version of the firmware can be installed using
fw_update(1).

There is Makefile somewhere in the ports tree which KNOWS where to find
that firmware on the internet. That's it. Your definition of free is
so clouded!

Same with the rsu firmware. WHERE in the source repository do you see
the bytes that came from the vendor?

> Offering a stripped kernel and separating those few packages only
> increases the security of OpenBSD.

That is BS. If you don't want to run those firmware, don't buy and insert
those particular USB devices.

> Also, We can probably find replacements for most all the non-free
> firmware.

You are quite a persistant idiot. Find replacement of a firmware that
a vendor wrote for their specific undocumented chip; which runs on the
custom processor and hardware on the athn USB device? That runs on the
rsu hardware, which is probably some kind of crappy vendor-modified ARM
or MIPS or 8085 derived cpu attached to a blob of Verilog logic they
designed in their own lab?

You don't know jack shit about computers or electronics, that much
is obvious.

> Taking for example this replacement for some of the athn
> firmwares: https://github.com/qca/open-ath9k-htc-firmware

That is not a "device firmware". Those Atheros devices contain no
cpu, only gate array logic to do their work. As a result, a driver
has been written which runs on the NATIVE HOST CPU, meaning, inside
Linux or OpenBSD. Same as our ath(4) driver.

That is a non-firmware designed chipset.

Once again you show that you don't know shit.

> All we'd need is a driver to load those instead of the blobs.

Good luck with that buckeroo. Looking forward to your complete
rewrite of the Broadcom NetXtreme II 10/100/Gigabit firmware, by
the way. There are about 25 versions of this product, and they
have 4-6 MIPS 64-bit cpus running different firmwares on them.
Total size, around 260K. It's like a bunch of independent operating
systems running on propriety hardware!

Please remember to send your new firmware source for that hardware
nicely indented; we like the tabs + 4-space mode described in our
style(9) page!

Fact is, modern hardware simply "is what it is". Telling people
that OpenBSD should not run on such hardware is a gigantic illusion.

You come off like a child, demanding freeeeeeedom.

I hope your next mail goes straight to Linus Torvalds. He is also
encouraging people to use the hardware they accidentally bought in
exactly the same way!! The nerve of him.

Countryguy, I guess my challenge would be this: If you consire all
this easy and important, why don't you start right away implementing on
those ideas and share the links with the results with everyone? (This
is what I say to myself every time I think about something on the lines of
your message. That is, it's not something to write about, or to
suggest, but to get done. If it's good and relevant to you, start working
on it, it's all BSD - maybe other people would follow you). I guess that's
why projects like OpenBSD deserve respect: they are not just preaching the
importance of security, they are actually working and building an OS
consistent with this. And they are working on that for a looong time.

So, the best "constructive critic" IMHO is 1) provide better code; or 2)
fork. What will it be? "Nah, just had this great important revolutionary
idea that I thought would change reality." Thanx, but... It's harder than
this, YOU need to WORK on your idea, A LOT, implement it, ask for guidance
from other people, make it better... Takes a good load of stamina.

If you want HW freedom, I think the viable way is this:
https://www.crowdsupply.com/purism/librem-15#products-top

Don't forget to cryptograph all your messages, all your data, making sure
it goes encrypted end to end always.

Cheers!


On Friday, June 5, 2015, <***@safe-mail.net> wrote:

> Hello,
> It has come to my attention that OpenBSD does not included non-free
> drivers, dubbed "blobs" - which is excellent. However, you still include
> non-free firmware in the kernel and some packages.
>
> With spying revelations, it is well-known that non-free firmware can
> contain backdoors. ( just one recent example:
> http://www.wired.com/2015/02/nsa-firmware-hacking/ )
>
> I would feel a lot safer if the kernel and packages were fully free,
> containing no non-free drivers nor non-free "firmware".
>
> At the very least provide a separate branch of known "clean" 100% free
> packages and kernel. For example the non-free athn and rsu firmware are
> currently in the repository, and I would suspect other non-free firmware is
> into the kernel.
>
> Offering a stripped kernel and separating those few packages only
> increases the security of OpenBSD.
>
> Also, We can probably find replacements for most all the non-free
> firmware. Taking for example this replacement for some of the athn
> firmwares: https://github.com/qca/open-ath9k-htc-firmware
>
> All we'd need is a driver to load those instead of the blobs.
>
>
> Thanks for your time and consideration!

On Fri, Jun 05, 2015 at 08:11:17PM -0400, ***@Safe-mail.net wrote:
> Hello,
> It has come to my attention that OpenBSD does not included non-free drivers, dubbed "blobs" - which is excellent. However, you still include non-free firmware in the kernel and some packages.
>
> With spying revelations, it is well-known that non-free firmware can contain backdoors.

Yes, and apart from firmware, the hardware can contain backdoors, too.
So just don't use firmware and hardware made by vendors you don't trust.
Instead use firmware and hardware from a vendor you can trust.

Oh, there is no vendor you can trust?
Well, go fix that problem then. Build your own open hardware community or
company. I'd be happy to use hardware that works, is affordable, and aligns
with your ideals. I might even write a driver for it since being fully open
you'll be providing docs which make my job much easier (because usually
nobody gives me docs).

Артур Истомин wrote:
> Your rant is cogent. But if so, why OpenBSD does not supply
> microcode updates from Intel/AMD? There are tons of security fixes.

Are they free? Send a patch.

I got the idea of this post, finally: one guy lacking basic knowledge
pops in and talks in confusion about some non-free parts inside
OpenBSD's kernel. Few threads more and another one is posting a
suggestion of liberation. Cheap ads.

I am convinced now the "free" idea got distorted reaching the boundary
of paranoia.

For the OP: Was openssl able to satisfy you because it was free, open,
source code available, GPL sexy version on? Was it free of bugs,
trojans, backdoors, etc?

A time will come when folks will appreciate quality code and people
behind it. Nah, I really don't think so!