Are there blobs in antiX and what can be done about it?
 

Are there blobs in antiX and if yes, what can be done about it?

Most due to hardware, I'd think? There's open source hardware but not much... also open drivers for reverse engineered hardware.

Have fun! :hattip:

I think AntiX Core has a completely libre kernel.

had - not any more.

To O/P

antiX is not libre, but you can make it so (if your hardware allows).

1. antiX-19-full comes with the following that according to vrms are non-free.
Just use apt to remove them.

2. Change the debian and antiX sources.list to remove contrib and non(-)free

3. Install a libre kernel: https://jxself.org/linux-libre/

Again,,, assuming your hardware is, that's where I fail as well.

I love this: https://www.crowdsupply.com/sutajio-kosagi/novena :)
or maybe we could 3-D print our own? https://en.m.wikipedia.org/wiki/Open-source_hardware :D


Add: Don't forget about your Bois, for that you'd have to get tricky with eg Libreboot &c!

Thanks. Maybe the installer should offer a libre install if you do not have any hardware that requires blobs. Or if you can live without some hardware. What is that CPU microcode? What would you be missing without it?

Ulysses_, maybe you'd like to fork AntiX?

From Debian:

On antiX, you can run liveusb with persistence, make the 3 changes I mentioned above, remaster, use live kernel updater to set libre kernel as default and bingo - you have a libre-antiX on your usb device ready to install.

Off-topic, could checkout: https://www.gnu.org/distros/free-distros.html

What about virtualization? All hypervisors require you to build the kernel don't they. Let's go for virtualbox plus open-source usb support (there are instructions for integrating the usb support from kqemu). Would building the kernel be way too hard and a hack if you start with the libre kernel?

I've done automated remastering of antiX before.

If anybody in this thread is interested in a script to make a completely libre version of antiX, that's what the goal of "distro-libre" is (but for more than one distro.) Script takes existing iso, makes changes, creates new iso. But I haven't worked on antiX in a long time. If this is something people are interested in doing I'll go rejoin their forum, but let me know.

Does your script parse the text in #5?

Let's say you make an exception and you include one non-free driver. But you do it in a virtual machine. Can it change the CPU microcode and affect all virtual machines and the host?

The text is a list of packages, which I could use the script to remove.

You run the script, it downloads the iso (unless it is already downloaded) and it makes the changes and gives you a modified iso as output. You can do whatever you want with that iso, host it on the Internet Archive for example.

It's actually really trivial, but it still requires maintenance.

Is this a project you would like to be part of? I'm not asking for much, mostly this is the sort of thing I'm only likely to work on (at this time) if there is interest in it. If it interests you, I'll go join the antiX forums.

You're asking about virtual machine escape: https://en.wikipedia.org/wiki/Virtual_machine_escape

Technically speaking it is always a possibility, however remote.

Also, by the way:

A guy at the antiX forum says you'll need to use the live-kernel-updater to swap out the non-free kernel with the libre one.

I don't think we thought to ask but what hardware are you giving up? Even on laptops you can sometimes switch hardware if there's not a free one available; If you'd worry about the Bios being free you may need to remove the chip and flash it. :doh:

Anyone know what they call spy hardware, embedded in your system from whatever shady offices of the world or is it still just plain old spyware? Using one right now... :eek:

Not giving up any hardware yet. I was concerned your script might have a fixed set of packages that it knows to be nonfree and removes them. But it seems that instead you get the list of what to remove with an invocation of apt and then remove them one by one with other invocations of apt. How do we know this list produced automatically is really the complete list of packages that have blobs? What's to stop spooks from forcing debian to include a blob in an update without telling you the updated package is now nonfree?

Wouldn't LFS be the obvious choice for you?

No because LFS is about teaching, not a production distro. I wonder why no one is promoting a production distro that is fully built from the sources automatically.

People do build Linux from scratch to use as well. Gives a good reason right on their website, build it however you want it.

That is how you would do it, yes.

That is another example of roughly the same thing, done slightly differently.

That's how these things are typically done.

Speaking in the long run? Deterministic builds.

As someone else mentioned, the only other way to be sure is to build all the binaries yourself.

But that has two flaws-- one, it doesn't address hardware problems. I don't mean driver issues, I mean if your goal is to be as spook-free as humanly possible, you have to delve into hardware issues regardless of drivers (stuff like ME and CPU vulnerabilities.)

For that, there really isn't a distro-- just ongoing research and paying attention to Black Hat conferences, etc.

Removing non-free software and non-free drivers is a great start, but you also probably have hardware with its own operating system on-board to worry about. Such as your CPU running Minix.

The other issue is that even free software can have what's called "bug doors." Linus Torvalds has talked about those.

No. The point was to build a production setup, where you literally will know each and every bit gone into it...

Apart from the "automatically" part, aren't they all?

And even if not, would you trust it? How about Slackware?

They are all pretending to be open source and the exceptions that seriously try to eliminate blobs do the building themselves. Instead, I was talking about the end user having the option of automatically building everything at installation time, not following complex instructions but just waiting however long it takes.

Freemedia, where do I download the antix or devuan version of your script?

Let me help you here. First, I've made this script before. It works-- it produces a bootable iso that is modified from the original version of antiX. I've used it to do things like replace systemd in Trisquel with Upstart, even in the Live version. I've used it on several distros including antiX. Look what it says on the left <- for "Distribution".

Using it to do exactly what you want was a goal at one point, but to give you a script to download I would have to spend at least a day or two (not all of a day) updating that work to do what you want.

I've joined the forums and I may well work on that anyway.

With that said, it doesn't sound like you're going to be happy with anything-- not even LFS. That doesn't mean I refuse to work on this, rather it means that I want to be sure what you want before I take the time to do this in a hurry. It's likely I will work on it either way, but I want to be sure what your needs are before I make it my top priority-- you know? A lot of people here have asked some good questions, and I'm not sure even you know exactly what you're looking for. But I'm still watching the thread with interest. Keep in touch, don't be a stranger. You'll find me here or the antiX forums if you need me.

There are automated LFS derivatives that do that. What you install is basically a script and it downloads source code and builds your system. I think Arya Linux works like that.

Freemedia, definitely do NOT make it a priority, it is only a convenience as far as I can tell, one can always follow the instructions in this thread and come back here for help if they get stuck.

Make one thing clear. Is the blob-free antix we are talking about as secure and privacy respecting as devuan or more? Antix's ability to run on older hardware is an attractive feature when you want it for both the host and guests in virtualization, as low ram and cpu usage are greatly appreciated when you run lots of VM's. Also the stability of a debian derivative like antix is attractive. But my core motivation in this thread is security and privacy. Without sacrificing ease of use.

Antix is also attractive because it is perceived as a people's distro, as opposed to a corporation-serving one. But then I have no idea who finances its development and decides things. Who does?

As far as I know, "anticapitalista" makes the final decisions, but cedes to trusted volunteers, if that tells you anything.

I am going to guess that antiX and Devuan are on similar levels in terms of being secure. I would take the one that has non-free binaries removed over the one that doesn't. Neither remove those by default.

Transparent is not more vulnerable then anything you make it to be...

I nearly crashed trying to decode this one. Where did I imply transparent is more vulnerable? I'd go for LFS-based Arya Linux any time if it worked with debian packages and was maintained as well as debian.

Neither a joke, nor an entirely serious suggestion but--

Debian has all the source-- why not just Compile Debian?

Because antix works with less ram and cpu usage. At least the version I tried a few years ago did. It even booted on year 1999 hardware.

That was antiX-13.2_386-full Luddite 4 November 2013 on a Celeron at 400 MHz with 384 MB of ram.

Since systemd creep on ram usage and cpu usage has been documented on the net over the years since sysytemd was adopted.
Citation: link

Why rebuild something already tweaked and polished?

http://yatsite.blogspot.com/2009/07/...-old-gear.html

Some kid bought the above for street cred in high school . After I fixed it.

...and I strongly suspect that this entails shipping with non-free firmware at the very least, maybe even non-free drivers.
Oh, those two sentences.
They cannot be reconciled, only a compromise is possible.

Pretty sure there's very little finance involved apart from running the servers for the web pages / download mirrors, the rest is an ongoing community effort and the mothership debian of course.
But it would be interesting to hear anticapitalista's statement.

That's a good reason for me, though I'm trying to figure out Ulysses's reasoning.

You and I are on the same page regarding systemd-- that, or I like it even less than you do.

Or one might wonder: why not just compile devuan (debian without systemd). Because antix is faster and needs less ram. Could configure devuan with the same packages but there must be more to antix than a collection of packages.

You *could* of course dwell a bit on the antiX documentation to see, what's it about...

Have a feeling though, you're probably guessing right... :rolleyes:

Bitjam and Dave are giants in human form. Lot's of custom scripting going on. Anti is like the rock we all live on.
A lot of free flowing tweaking goes on even after a release.

Just a thankful opinion though.

Edit: cringing after I posted this. I abhor main stream. Ubuntu and Mint can keep it.

Look at what is installed and then perhaps try to discern what it actually is:
Those emphasised above are device firmware/microcode for those devices. The binaries mostly live in /lib/firmware and they are in most cases part of the Linux kernel sources.

There are a few important points you should consider with regard to these:

1) None are Linux binaries, so they cannot be executed by the host OS.

2) If you don't own that particular hardware, they will never be used.

3) Some devices, by design, have their firmware/microcode loaded by the host OS.

4) Many other devices on a typical x86 system have the same (closed source, proprietary) firmware already loaded onto the device. The system BIOS/UEFI, CPU microcode, the IME/PSP firmware and other firmware in devices such as hard disks and network controllers are just a few examples.

5) Once loaded, the firmware runs on the device, not on the host OS - which is exactly the same as any firmware already installed on any other devices.

It boils down to:

Do you have any of that hardware?

If so, do you want it to work?

You can remove the packages and get some "feelgood", or you can just leave them there...

Those I have not emphasised are not part of the kernel, but in particular, the broadcom/b43 related packages are to do with drivers for certain wifi chips. If you have those devices, you either install the required driver or don't use the device (but presumably continue using the rest of your hardware with it's embedded firmware - ignorance is bliss?).

x86 is what it is, if you want totally free, then you need different - open - hardware.

This was a fascinating conversation that I constantly find myself referring to as it incorporates concepts than I'm learning, applying & turning over in my head regularly regarding privacy, software freedom, etc.

I do know for a fact that AntiX would not be happily running on my WinXP-era HP Pavillion w/out some of those "blobs" particularly the broadcom ones...so in that regard I must be pro-blob.

On the side, there's my librebooted X200 running a certain liberated legacy-era distro well enough but there are issues (w/the browser's ability to handle the modern web, to be more specific) that keep me from going all in with the libre camp for now.

Lots of Smart People, some even on this forum ;-) are ok with binary blobs. They believe that the dangers are negligible to non-existent and that leaving no binary blob unturned is a rabbit hole from which there is no escape. I can see that, although I think we can all agree that things like the Intel ME are a truly unsettling trend.

But as cynwulf notes, open hardware offers the only true escape from "the blobs."

In the Sparky linux aptus package(control center) there is an option to "remove all non-free". You might have a look at that

Looks like andyprough has done something about it...in the form of a de-blobbed antiX alpha!

Check it out -
https://trisquel.info/en/forum/avail...-non-free-bits

I haven't tried it yet but it looks suspiciously like the distro I've been looking for since blag bit the dust...

According to chatter, there should be a new/improved beta sometime this summer.

Have you ripped the blobs out of your hardware yet? :doh:

A blob (in this context) is never hardware, but either firm- or software.

Firmware* runs your hardware, you rip software in or out... but, don't sweat the details. If you don't know, we make it up as we go! Was there TV 100 years ago, no?

Some might not firmly get anything if the school of hard knocks were actually hard.

Think of how much could be done in juat 106 years, if we'd necromanc the idea of education as firmware in babies, to upgrade them all?

I'm running your standard-issue Thinkpad X200 w/libreboot; it's the best I can do to cover the hardware side. What can I say? GNU/Linux has taken a few twists and turns since I first heard of it 20+ years ago...we stand on the shoulders of those who came before us and do the best we can.

I know that there may still be issues with hard drive firmware, etc., so of course I limit my subversive/deep state activities on this rig. ;-)

I'm confident that I'll see an affordable blob-free desktop/laptop in my lifetime...& I can't wait!

Libreboot is a great way for reducing, re-using, recycling and beyond. :)

Free software helps the kids, not to be lazy; so, should evolve quite quickly into free hardware?

I still haven't played with Linux From Scratch but have a Novena bord (:https://en.m.wikipedia.org/wiki/Nove...ting_platform):) so am leaning twords learning? For now waiting on an SSD to build a Debian on. :D