Many people in this community have openly hated Linux, FOSS and disregarded FSF’s viewpoint in these below posts-
And in many occasions certain people(I won’t take names as then I may be accused of doing name-calling attacks) have been hateful towards FSF and Linux. This is an open letter not to just them but to all who hates the success of Linux in both server field and desktop field. Please stop advocating for proprietary software.
Power corrupts; the proprietary program’s developer is tempted to design the program to mistreat its users. (Software designed to function in a way that mistreats the user is called malware.) Of course, the developer usually does not do this out of malice, but rather to profit more at the users’ expense. That does not make it any less nasty or more legitimate.
Yielding to that temptation has become ever more frequent; nowadays it is standard practice. Modern proprietary software is typically an opportunity to be tricked, harmed, bullied or swindled.
Linux is open source therefore it must secure. 12000 members actively maintain it along with leading tech companies. How can it not be secure? There are no security holes in Linux unlike Windows and MacOS (maybe some here and there which are instantly fixed by the hardworking kernel devs at FSF which is why you don’t need to reboot when updating Linux, unlike Windows which forces it’s backdoors through updates and they are lazy too which is why they don’t bother to check the kernel code quality and you hence you need to reboot).
Don’t mistake “hate”, for criticism. No company, person, or platform should be above criticism. It’s not good to be a fanboy/girl of anything. It makes you blind to it’s problems.
Proprietary software has it’s place. Not everything needs to be open source. As someone who’s worked on proprietary and open source projects, I’ve honestly found the open source community to be quite toxic, demanding, and entitled. It’s one reason why some developers don’t want to make their software open source. Not to mention all the licensing issues, the expectation to make it “free”, and the feeling someone could be eyeing over your work (it can make some feel “naked”). Not to mention the double standards, of the developer wanting their work to be private (look at all the issues with MS copying stealing code for their AI).
These are just issues I’m aware of, that were on the top of my head. Given time, I could either find, or think of more. I’m not going to, because I have better things to do. I’m just saying that nothing is perfect. Even open source stuff has issues.
To equate proprietary software to malware is silly. FOSS is not always the answer and there are a lot of problems with FOSS especially when it comes to monetization. You can see this in the quality of the code, the UX and UI of FOSS applications and their overall usability. There are exceptions to this but it is generally true from my experience.
The screen saver lock bypass was fixed within ~15 days of reporting it. Mistakes happen and it’s okay to acknowledge it and fix it. Hiding those mistakes behind closed doors isn’t. Also the quick responsiveness further proves my point.
For your other posts: I am not against bugs in foss world nor I refuse to admit they don’t exist. Mistakes do happen and hence it’s okay to have all people in the world to have a look at your work.
Also I am not going to bother posting 20 flaws in MS world each against one flaw in GNU world. It would make the thread…cluttered.
I agree with the premise that this forum has recently gone in a ‘Linux not good’ vibe. I disagree with some points, can make more nuance arguments for others, and concede the weaknesses and reality of Linux as a solution. I think that Linux is extremely valuable for privacy and security and worth recommending as an option for someone who is looking to increase their privacy.
However, the only reason I’m replying is because I don’t want Linux users to be represented as folks who utterly slam everything that isn’t free and open source. I agree that FOSS has strengths that I think would make the world a better place if adopted more. Proprietary software also has strengths in terms of production, distribution, and maintenance. The assumption that proprietary software is inherently evil is highly doubtful and will only serve to turn away people who might otherwise consider FOSS.
Folks are dogging on Linux and I do think that’s a little silly in the privacy space. But implying that open source is the only valid option is also not the way to go. We live in a complex world with lots of threat models and at some point you gotta trust someone. While Linux and FOSS applications are great options that should not be discounted, proprietary solutions can also be great options.
linux isnt perfect, foss projects arent automagically secure just because their code is open, and the organizations and people behind them arent automatically good because their projects are foss.
i think its pretty dishonest of you to go out of your way to make a whole post trying to push that the fsf is some definitive authority when they are imperfect themselves. you and they are not above any other entity, organization or project and you should stop acting like anything that doesnt align with what the fsf says to be malicious.
I don’t think so. Others in the forum have infact never hated Linux (with a few exceptions maybe I didn’t find anyone straight up hating). As a matter of fact the people who @l00ker accused of “hating” on Linux have argued with fair points about the insecurities present within Linux and the same post also says this-
P.S-I don’t hate Linux in any way. I pointed out the flaws in it. that’s all. Much love to Linux devs for their awesome work, and much love to the community on general (Except Arch community maybe?)
On the other hand @l00ker just copies GNU manifesto in verbatim which we all know is a bit misleading. I could spend debunking this post all night but for the sake of my sanity I will keep it short.
Wrong. There are a lot of security holes in Linux. Ask any sysadmin. Companies are built around securing Linux.
Linux and BSD are not made for use with desktops and it’s mostly used in servers therefore distros like Debian and Ubuntu freeze their packages and don’t update it very often to increase stability. You don’t want that in your desktop for obvious reasons. Many companies also don’t use in on bare metal on their servers and use Linux on Hypervisors like Xen (Like Qubes does; I know it’s a wrong analogy but still).
I know Arch exists and they update their stuff frequently but it doesn’t do QA tests (manually or automated); and it also doesn’t do any meaningful security enhancements on it’s packages despite being widely used in desktops.
Also there is the problem of Toxic project leads who frequently vents out his anger on fellow devs and ignores security suggestions. Many security stuff are also dropped for the sake of supporting it on servers.
And I could go on…but I doubt @l00ker would change his mind abut security in Linux. It’s wasted effort anyways. Also other people like @dom0@Raznick have already done better jobs than I ever could.
Nobody is hating the “success” of Linux. As a matter of fact, I want Linux to succeed. But I don’t believe that succession is achieved while desktop Linux remains a security nightmare. I am critiquing Linux not to defame it or the work of thousands of people, but for it to get better in terms of security and it’s only fair that we educate everyone in the forum about the insecurities of Linux so everyone can start contributing and demanding for better security on the platform.
I understand how the recent ‘vibe’ about linux in the forums could provoke a reaction, but the OP is going waaaay over the top.
“Secure” is not a digital yes/no state for any device/OS/software/network/etc. There are varying levels of security and so many “it depends” situations. Is MacOS or Windows or Linux more secure? That depends on configuration, how it is used, and most importantly how threat aware the user is. Is it Windows Pro with all telemetry disabled? Is it MacOS but with iCloud toggles all switched on? What distro of Linux? It all depends.
Government and corporate cybersecurity professionals use all three OS’s.
It is perfectly valid to use Linux or Windows or MacOS. The questions around here should be about how to make them each more private and secure for the various use cases of the individual human beings using them for their individual human use cases.
Techlore does not need fanboy factions sprouting up, it is the fast road to toxicity.
I don’t understand why people in a “security and privacy” community are actively advocating for proprietary garbage. I also don’t understand why you all would choose to have your devices locked down by proprietary TPM backdoors, choose (in)Secure/restricted boot over normal booting processes that actually does what it should…“boot” up the operating system. Android is also constantly hailed as secure in this forum, god knows why. Any modern smartphone is virtually a tracking chip (Rob Braxman made a video about it).
And The XOrg vulnerability is a myth. I don’t know why you are all making a big deal over a myth. It remains the most based WM of all time.
Compleatly aside from that vulnerability XOrg is a security & privacy nightmare.
It’s desing is incredibly flawed since it lacks any form of sandboxing. As I mentioned before it’s trivial to make a keyloger.
And that’s not an opinion. You can go and test it yourself.
Also think about the fact that it’s a security joke while being 100% FOSS. Being FOSS does not mean security my any means. (I’m not avogating against FOSS software, I’m just myth-hunting.)
There certainly is one thing that most Linux users don’t realize about their Linux systems… this is the lack of GUI-level isolation, and how it essentially nullifies all the desktop security. I wrote about it a few times, I spoke about it a few times, yet I still come across people who don’t realize it all the time.
So, let me stress this one more time: if you have two GUI applications, e.g. an OpenOffice Word Processor, and a stupid Tetris game, both of which granted access to your screen (your X server), then there is no isolation between those two apps. Even if they run as different user accounts! Even if they are somehow sandboxed by SELinux or whatever! None, zero, null, nil!
xinput list # Finds your keyboard ID.
xinput test id # Replace "id" with the Keyboard ID.
# Happy keystroke logging without the need of root.
Note that even Vista doesn’t have these kind of issues.
My two cents:
Linux isn’t secure. Despite that whether you want to use Linux, it’s entirely up to you. Accepting all the risks, if you are using Linux by any chance, please DO NOT USE XOrg whatever may your threat model be.
And please refrain from the idea of “hardening” something will make it secure even if it is inherently flawed. (I often see these “hardening” guides for Firefox, Linux and they are cringe. Yes, even Techlore had made some of them in the past. )