@wyatt8740@tech.lgbt okay it doesn't matter what you think should be the default, what FSF is advocating for is not installing or updating microcode on your system that needs a microcode update to stay secure, which is obviously worse than just installing the micro code
it's only needed to stay secure if you are already insecure to begin with, running software that you shouldn't be trusting and that makes you vulnerable to boot. the "required" updates won't fix the underlying source of your insecurity, they will only provide a channel for enshittification of your computing device https://www.fsfla.org/~lxoliva/#specmelt
see also my upcoming talk at LibrePlanet https://libreplanet.org/2024/speakers/#6621
you missed "theater" or "illusion" after "security"
doctorow law: if they give you a lock without the key, it's not for your benefit
analogously, if you get software without freedom, it's not for your benefit, it's to control you. and the more control the software installation channel gives the software supplier, the stronger the risk of enshittification it imposes on you
@lxo@gnusocial.net I mean I wouldn't call it enshittification I would call it security plus there's always flags built into the kernel that disable spectre/meltdown mitigations if it's too much slowdown for your computer to handle (I'm personally considering disabling mitigations for my HP stream 13)
the improvements and fixes would be welcome if we could tell them apart and separate them from undesirable changes imposed through a nonfree packaging arrangement
@lxo@gnusocial.net how would it control me? it's just code that tells the computer how to function, it's a hot-patch over the microcode already in the processor
what's also "not for your benefit" is a computer that is fundamentally broken because you've failed to install microcode patches that fix bugs in the CPU, like the 12th and 13th gen processors have a bug where games would throw up a "not enough video memory" error, or a motherboard firmware update that doesn't make your CPU explode like what happened recently with AMD and motherboard manufacturers
>? it's just code that tells the computer how to function
Since it's proprietary, you don't know that. You're making an unsubstantiated and probablistically virtually unsubstantiatable claim.
Also: there's been persuasive computing efforts since the 90s ( https://cacm.acm.org/issue/may-1999/ ), that genie is out of the bottle and is not coming back.
You either push to exert control your computer, or you let it slip to those who would control you with it
> but what about [bugs]
If a hardware makes their design #defectivebydesign and hides details of fixes from the user, that's on the hardware manufacturer, not the user.
@Jessica@wyatt8740 If you cannot inspect the code, how do you know it doesn't contain a virus?
Not upgrading microcode doesn't mean you get infect by viruses. Spectre etc are very limited, and only really matter if you run non-free code from the internet, via Javascript or some other means.
@Jessica@wyatt8740 It is only worse if you consider security more important than software freedom, some people and organizations consider software freedom more important than security. Since without software freedom you cannot have security.