Post AzH3tfmnvPMCsXBn5E by jae@darkdork.dev
 (DIR) More posts by jae@darkdork.dev
 (DIR) Post #AzH3NYlCVm3bp07tfE by eighthave@social.librem.one
       2025-10-16T17:42:22Z
       
       2 likes, 1 repeats
       
       Dear tech media, could we please stop using GrapheneOS as the judge on what's secure?  I respect very much what GrapheneOS has built, but their stance that free software is not important to security is very short sighted.  They literally are willing to call binary blobs secure because someone told them they are?  They have no other standard to go on, since they can't inspect them.https://www.theregister.com/2025/10/15/fsf_librphone_vs_proprietary_binary_blog/#FreeSoftware #FOSS #mobile #LibrePhone #FSF #proprietary
       
 (DIR) Post #AzH3tfmnvPMCsXBn5E by jae@darkdork.dev
       2025-10-16T17:54:41.419481Z
       
       2 likes, 0 repeats
       
       @eighthave what do you suggest as an alternative so something that is both secure and fsf-approved? @rms likely would recommend not ever using a phone.
       
 (DIR) Post #AzH8FUZmgS1OIal6rA by eighthave@social.librem.one
       2025-10-16T18:30:11Z
       
       1 likes, 0 repeats
       
       @moshimotsu there is a very good reason why security audits are done on source code.  Yes, observing behavior is important. Then when one has the source code, one can follow up and confirm the exact behavior.  With a binary blob, that is not feasible.
       
 (DIR) Post #AzIXioBlXGIXXJYn44 by eighthave@social.librem.one
       2025-10-17T08:12:21Z
       
       0 likes, 0 repeats
       
       @jae @rms That's exactly what the FSF Librephone project is trying to build: a phone that RMS would recommend.  They are going to take LineageOS, find the device they can most easily replace all the binary blobs, and start working on that one.
       
 (DIR) Post #AzIXw23zGHJ0KeE9mi by jae@darkdork.dev
       2025-10-17T11:05:57.439334Z
       
       0 likes, 0 repeats
       
       @eighthave @rms that seems reasonable albeit a lofty goal with a lot of r&d. the correspondence ive had prior im still not sure rms would ever use a cell phone of his own. maybe he will chime in this thread. last time we talked we were discussing alternative systems focused mainly around pocsag pager which ive ran for years now.
       
 (DIR) Post #AzJ1kreAe8bfSvk6ts by nobody@mastodon.acm.org
       2025-10-17T16:40:06Z
       
       0 likes, 0 repeats
       
       @eighthaveI retweeted this yestertday, but then smb pointed out that...> They literally are willing to call binary blobs secure because someone told them they are?...this never really happened? At least I followed the links and the stance they express in the thread is nothing of the sort, just a neutral "out of scope" dismissal.I share the sentiment otderwise, IMO @signalapp and Moxie have done a lot of harm in this regard, sort of reenacting Telegram's denial policy but wrt gservices
       
 (DIR) Post #AzKxjRXKEBLYhBWljE by eighthave@social.librem.one
       2025-10-18T15:04:25Z
       
       0 likes, 0 repeats
       
       @nobody @signalapp It happened because GrapheneOS claims to do everything for security, but then, dismisses projects that aim to replace binary blobs with free software.  So perhaps they did not literally say what I wrong, but that's the synopsis of their logic, as far as I can follow it.  I know of no standard to audit binary blobs with any reliability.  Moxie was also never a believer in free software, his hand was forced by OTF to make Signal free.  It was a requirement to receive funding.
       
 (DIR) Post #AzKxn1GJrBeUMjHK2i by eighthave@social.librem.one
       2025-10-18T15:05:05Z
       
       1 likes, 0 repeats
       
       @nobody @signalapp It happened because GrapheneOS claims to do everything for security, but then, dismisses projects that aim to replace binary blobs with free software.  So perhaps they did not literally say what I wrote, but that's my synopsis of their logic, as far as I can follow it.  I know of no standard to audit binary blobs with any reliability.  Moxie was also never a believer in free software, his hand was forced by OTF to make Signal free.  It was a requirement to receive funding.
       
 (DIR) Post #AzL10HZynjuQbDUSqu by nobody@mastodon.acm.org
       2025-10-18T15:41:06Z
       
       0 likes, 0 repeats
       
       @eighthaveThe post said "we don't care for getting fsf approval", nothing about librephone@signalapp
       
 (DIR) Post #AzOUmlbRxPGdlFWrtA by eighthave@social.librem.one
       2025-10-20T07:58:56Z
       
       1 likes, 0 repeats
       
       @nobody @signalapp They said "GNU and FSF promote a bunch of highly insecure operating systems and products which causes real harm to users"Without GNU and FSF's decades long fight for real free software, we'd be stuck with Microsoft and Apple for our "secure" options.  GNU made Linux possible, made Android possible, made Qubes and Tails possible, etc. If you care about getting to real security, where everything is free software that can be inspected, then supporting efforts like FSF is key
       
 (DIR) Post #AzOZZGNvDKIqwha8VE by nobody@mastodon.acm.org
       2025-10-20T08:52:31Z
       
       0 likes, 0 repeats
       
       @eighthave @signalapp > They said "GNU and FSF promote a bunch of highly insecure operating systems and products which causes real harm to users"Well, yeah they did say that, but it doesn't mean "we shouldn't bother removing blobs" or "blobs and bootstrap arent related to security", and also it's not untrue xDDD, they do tell readers to do things without informing them about all of the compromises involved
       
 (DIR) Post #AzOa2QLdFakmFAPpwm by nobody@mastodon.acm.org
       2025-10-20T08:57:47Z
       
       0 likes, 0 repeats
       
       @eighthave @signalapp And "FSF is key"... what have they done relevant to making software free since ever? "The Onion"-stlye publications and legalese? Honestly, Nix (Guix, &c&c) is the only development in the past 2 decades that I'm aware of that has any practical implications for software freedom, because (tldr) bootstrap and incentives.Inshallah with the actual new management, hires like Zoey, FSF _might_ become somehow relevant to software freedoms
       
 (DIR) Post #AzObkBmcrXOtlgTTrU by eighthave@social.librem.one
       2025-10-20T09:16:55Z
       
       0 likes, 0 repeats
       
       @nobody @signalapp GNU is still central to GNU/Linux and GNU/Linux is central to building Android, GrapheneOS, Debian, Tails, Qubes, etc. Even macOS ships GNU.  Maintenance counts. Don't forget maintenance.Then like you said GNU Guix is leading the charge on strictly bootstrapable  systems.  And GNU Taler is leading the charge on privacy-respecting digital currencies, like real ones that aren't based on scams.
       
 (DIR) Post #AzOebh8nCr6uHIU4n2 by nobody@mastodon.acm.org
       2025-10-20T09:49:00Z
       
       0 likes, 0 repeats
       
       @eighthave@civodul OOC, how does FSF contribute to maintaining and developing Guix?@signalapp
       
 (DIR) Post #AzOpLIQMQwICU15Iy8 by civodul@toot.aquilenet.fr
       2025-10-20T11:49:14Z
       
       0 likes, 0 repeats
       
       @nobody The FSF is a fiscal sponsor of the Guix project, together with Guix Foundation, but the FSF does not contribute per se to Guix development (even less so now that the project no longer uses FSF infra).@signalapp @eighthave