Background: I have a security clearance (inactive for now) and as part of that security clearance, I receive free online security classes and newsletters from the NSA or military, and I pay attention to those classes. So when I see questionable things, it makes me suspicious (and as one my online classes puts it, "You can never be too paranoid when it comes to security"). So put on your paranoid caps along with me and let's go for a ride down security lane...
Today I received a notification for 16 system updates on Mx Linux! The problem I see with that is all of the updates are prefixed with "firmware-", for example firmware-atheros, firmware-linux, and firmware-brcm80211. I recognize Atheros for the wireless card I have but what does "firmware-linux" imply? My motherboard firmware? I don't want Mx Linux updating my motherboard firmware. And what the heck is firmware-brcm80211 for?
All of these updates should be documented somewhere before I download them, but I cannot find any documentation on the Mx Linux website for these updates. That is a yellow flag to me but I'm not going to the forum for Mx Linux to ask about it because my personal experience with Mx Linux so far is hostility towards me. So could someone find out for me where and what these updates are for?
Issue with this update: Incorrect terminology. According to the Debian website
Firmware is defined as embedded software, meaning a non-volatile chip on a physical device (mouse, graphics card, etc) is programmed, so from what I can see what they should have named these updates is "driver-*", since a driver is yet another subset of software written for helping the OS kernel interface with hardware. It is not firmware. Incorrect terminology is another yellow flag to me.
What all Linux distributions need to do (please) is:
Today I received a notification for 16 system updates on Mx Linux! The problem I see with that is all of the updates are prefixed with "firmware-", for example firmware-atheros, firmware-linux, and firmware-brcm80211. I recognize Atheros for the wireless card I have but what does "firmware-linux" imply? My motherboard firmware? I don't want Mx Linux updating my motherboard firmware. And what the heck is firmware-brcm80211 for?
All of these updates should be documented somewhere before I download them, but I cannot find any documentation on the Mx Linux website for these updates. That is a yellow flag to me but I'm not going to the forum for Mx Linux to ask about it because my personal experience with Mx Linux so far is hostility towards me. So could someone find out for me where and what these updates are for?
Issue with this update: Incorrect terminology. According to the Debian website
That is a half-truth, which to me is a yellow flag because technically firmware refers only to embedded software, and software is defined as "a set of instructions, data used to operate or execute specific tasks on a computer". It is logically impossible for a well-defined boundary between firmware and software to not exist because by definition, firmware is very clearly defined as a subset of software, and not the other way around.What is firmware? Firmware refers to embedded software which controls electronic devices. Well-defined boundaries between firmware and software do not exist, as both terms cover some of the same code
Firmware is defined as embedded software, meaning a non-volatile chip on a physical device (mouse, graphics card, etc) is programmed, so from what I can see what they should have named these updates is "driver-*", since a driver is yet another subset of software written for helping the OS kernel interface with hardware. It is not firmware. Incorrect terminology is another yellow flag to me.
What all Linux distributions need to do (please) is:
- Stop getting their terminology incorrect so your intentions can be transparent.
- Avoid obfuscating terms so your intentions can be transparent.
- Document all updates online with a list of the updates, a reason for the updates, and names of who wrote the software. This is for accountability purposes, since it can be a way to track corporate shills who would love nothing more than to undermine Linux (and such corporate espionage or undermining of competition has been documented before).