Home Explore Help
Register Sign In
nuclearkev
/
website
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
website
/
org
/
articles
/
concerns-with-linux.org

concerns-with-linux.org 8.5 KB
Permalink History Raw

Concerns with Linux

<p>
A few months ago I was poking around on a Debian system just for fun and wanted
</p>
<p>
to install <a href="https://gnu.org/s/emacs" title="GNU Emacs">GNU Emacs</a>. On the core install <a href="https://www.gtk.org/" title="GTK">GTK</a> isn't installed by default, so I
</p>
<p>
fired up <code>apt</code> to pull down the program and it's <em>insane</em> amount of
</p>
<p>
dependencies. When I saw the number of dependencies, I was shocked! I've built
</p>
<p>
Emacs like a hundred times now and never needed all that. I was curious and
</p>
<p>
began to look through the depends to see what's up. To my surprise, I found tons
</p>
<p>
and tons of <em>unneeded</em> programs and libraries, especially <a href="https://webkitgtk.org/" title="webkitGTK">webkitGTK</a>, which I
</p>
<p>
have <em>never</em> needed for Emacs.<sup class="footnote-ref" id="fnref:1"><a rel="footnote" href="#fn:1">1</a></sup> Especially because Emacs is an editor not a web
</p>
<p>
browser. "Interesting," I said, "there could be hundreds of programs installed
</p>
<p>
and no one would ever know..." This thought made me take a deep look at the
</p>
<p>
current state of GNU/Linux and here's what I've found.
</p>

While looking into my concerns on what I'm calling dependency hell, I ran into an interesting article entitled Why You Should Migrate Everything from Linux to BSD.2 While I'm not totally advocating that, it brought up some very interesting points and valid concerns with GPL'd software. From my own findings in tandem with the information from the article, I have come up with 4 concerns that I have with GNU/Linux: malicious influence, dependency hell, proprietary influence, and lack of care.

Malicious Influence

If you read the article mentioned above, you'll see how systemd, Firefox, Linux (I don't think he explicitly mentioned Microsoft's influence in that article) have been influenced by companies in a potentially malicious way. I won't repeat what he wrote about but I will say that this should be a rather large concern for us. With core programs like systemd and Linux being hijacked can we really say if a GNU/Linux system (running systemd) is safe? Probably not. At this point, I wouldn't recommend anyone run a distro that using systemd. This knocks out many distros including but not limited to: Debian, Arch, and anything based on those 2 (besides Devuan).

"But that's just one program, why does it matter?" Yes, it is one program, however, on the mentioned distros above, it is very difficult to run them without using systemd. Also, systemd has become a program of programs. It encompasses nearly every aspect of your system. It can even integrate with some programs such as Emacs.3 In theory, systemd could be used as a gateway to nearly every part of your system. If that isn't concerning, I don't know what is! Check out this article too!

Dependency Hell

I have always complained about dependencies. I've been annoyed with them since like 2010! This is on of the many reasons I started using Dragora. It doesn't suffer from the same dependency struggles that you get when you have a dependency tree such as in apt, pacman, or portage. Why is this a concern for me? Well, the biggest issue that I see is that there is a potential for something unknown being put on your system. For example, say you never want to see webkitGTK again due to some security bug or something. Then you go to download Emacs and just like that you got webkitGTK back. A normal person wouldn't think Emacs would depend on something like that since it's an editor, not a web browser. This is not only annoying but potentially dangerous if that security bug hadn't been fixed in webkitGTK yet (only if you found yourself using it by accident).

Another reason I dislike massive amounts of dependencies is that it complicates your system. You already are running a very complicated computer with a complicated OS with a complicated kernel etc, etc. Why add another complication to the party? Have hundreds and hundreds (potentially thousands) of dependencies is just a great way to break your system. You install an update, something breaks. Totally normal on a Arch system! Well, what broke? I don't know, go check the 100 packages that got updated in the last update. Good luck. That situation is truly stupid, in my opinion. The fewer dependencies the better, the simpler the system the better! There are only a few distros nowadays that don't suffer from this issue (that I know of): Dragora, Slackware, [potentially] Void, [potentially] Guix System (although this has other complicating factors), and CRUX.

Proprietary Influence

Why doesn't it seem to bother anyone except for free/libre-tards, such as myself, that there are so many damn proprietary modules in Linux? Also, why the hell does no one care that Linux is starting to be more like the Windows kernel with it's ~28 million lines of code and hundreds, potentially thousands, of proprietary drivers/modules? Heck, at this rate Linux will be the new Windows!! Well, I believe that part of the reason for this odd behavior is that Microsoft (MS) is "hijacking" Linux (the kernel). I don't have any real proof of this except that MS going from hating Linux to loving them and now they're donating tons of money to The Linux Foundation... Yeah, seems sketchy to me! If I was getting millions of dollars to do something, I'd probably listen to the guy giving it to me.

At the rate this is going, I wouldn't be surprised if we would start to see potentially malicious code being put into Linux and it becoming difficult or impossible to turn off. This would be a major concern to projects like Linux-libre whom just take the code and run it through a de-blobbing program. If something like that were to happen, I doubt that the folks at Linux-libre would have the manpower to fork Linux and keep it going. It would be interesting to see what would happen that's for sure.

Lack of Care

As mentioned in the previous section, no one seems to care about what's going on here! There are some folks in the "Free Software-side" of the GNU/Linux community that do but the majority don't. I believe that this may be the worst factor of them all. If the community just lets all this stuff happen it will happen and it won't get better. Unless we actively refuse these concerning items, they'll just keep going. Sadly, I don't think that the community will do this. I believe that in due time we will see Linux push malicious changes and other programs following suit (such as systemd).

--------------------------------------------------------------------------------

So, what are we to do? Well, let's lay out the options: GNU Hurd, *BSD, keep using linux-libre until the dark times and then decide, nothing. The most ideal situations would be to get Hurd working well or remove Linux and use a BSD kernel. The two best would be OpenBSD4 or NetBSD, as they don't load proprietary modules by default. You could do as the article says and migrate over to a BSD.5 They don't really have the same issues due to their specialized communities (more to come on this topic. The most practical as of now is to just use Linux-libre and see what happens. I, personally, think migrating to BSD is the best for advanced users but normal folks should probably stay were they are for now (if not on linux-libre, migrate to that).

All-and-all, I'm not sure what's going to happen here in the GNU/Linux world. I hope for the best but plan for the worst. We will see what happens!

Footnotes

that I have never ever wanted to do. I understand that the Debian package maintainers what to include everything possible in their standard Emacs package but this fact doesn't change my mind about my concerns with dependency hell.

  1. I later found out that webkitGTK can be used with xwidgets, something
  2. Check out his [[https://unixsheikh.com/articles/why-you-should-migrate-everything-from-linux-to-bsd-part-2.html][sequel]] too.
  3. I fundamentally disagree with the Emacs team's decision to do this.
  4. [[https://www.hyperbola.info/][Hyperbola GNU/Linux]] is currently doing this with OpenBSD's kernel. See [[https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/][here]].
  5. This is something I am planning on doing. Article to come!