The officially official Devuan Forum!

You are not logged in.

#1 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-04-18 06:51:53

golinux,

I'm not even going to comment on your evaluations concerning the supposed quality of my comments - because I know that such type of appreciations of other people's posts in here are not the purpose (or, according to common sense, should ever be the subject) of discussions on this forum.

So, I'll just comment on something else that I feel the need to.

Because I'm not a native English speaker, your statement (in another thread) that I "like to chew on a dry bone" was something that left me in doubt as to whether that was an insult or not - and, just a low-level form of expressing contempt, instead. And so, I first gave you the benefit of the doubt.

But, you saying now that my opinions come "from the gnat that keeps buzzing in our ears" has just cleared my doubts, as to whether your unwanted appreciations are slightly and intentionally insulting or not.

If this is the disrespectful (and, unexpectedly low-level) type of behaviour from an "Administrator" of a forum, then there's (definitely) something very wrong with the latter.

Everyone else,

Please, excuse me if I have better things to do than to come back here.

#2 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-04-17 23:26:48

Hello again, siva.

Concerning the installation of proprietary components,

When I say that it should be made sure that "the user really wants to and knows what s/he's doing", what I mean by this is that,

(I have been introduced to Debian a long time ago - and so, I don't know now to what extend did Debian use to do something in this regard, on its wiki pages - or if it was Ubuntu that, in its first releases and documentation, made this clear about repositories... But, even if they didn't originally,)

The correct way to deal with this issue, in my opinion, (besides having the proprietary components not included in the installation media, for more security) is to have, on the instructions of how to add proprietary components, in the part that describes how to activate the necessary repositories, a preceding warning/indication, where it's (explicitly) stated something like:

By activating these repositories, you are making it possible to install software of which the source code is unknown - and, in relation to which, there are consequentially no guarantees that it is secure, or that it is rid of any sort of spyware or malware.

So that, when using the installer, instead of a novice to GNU/Linux just (unreflectively) choosing "Yes" (to quickly move on with the installation) to a mere question about if s/he wants to add a proprietary component, s/he is instead forced to read such a warning in the instructions of how to do this, and be educated (i.e. warned) about the important issue in question.

And, as a side note,

Having a distribution that behaves like Debian does right now, is also a way to please both the "purists", who only want to use Free Software, and the people who care less about this issue. Since that, unless a user modifies him/herself the "sources.list" file, Debian is practically just like any other fully "libre" distribution. And, those who want to use proprietary components and software can also use them in the same distribution. (With this also practically eliminating the need for people to create, and maintain, a separate fully "libre" variant of the same distribution.)

Concerning what I can do, to help (in practical terms) with such an installer, or with a possible mirror,

Unfortunately, I don't know how to properly program (besides basic stuff), and also don't have the time to involve myself in the creation and maintenance of a mirror (too much important stuff to deal with already, in my volunteer "citizen journalism" activity, on my free time). So, I'll have to stick to making small donations, so that other people who know how to do this kind of stuff can do it instead.

But, my "contribution" to this particular subject of the installer can then be the simple suggestion that, the best thing to do, in my opinion, (besides getting rid of systemd and its dependencies, and adjusting other packages to the absence of such) is to just modify Debian's original installer in the parts where it refers to "Debian", instead of "Devuan", and in those where there are links to the original mirrors - and, just leave all the rest as it is.

Debian is already a great distribution in itself. So, there's no need to modify anything about it, in my opinion (besides removing the systemd component). Also, from the name "Devuan" that's what I think that everyone is also expecting (i.e. for this distribution to be just a "Debian without systemd").

#3 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-04-17 19:30:52

This thread is not about criticizing Devuan's installer (I've created another thread for that: https://dev1galaxy.org/viewtopic.php?id=1984). This thread is only about something that I would really like to know, in case Devuan's installer ends up, nevertheless, being/becoming something I'm not comfortable with using.

Concerning suggestions about how should the installer deal with proprietary Wi-Fi components, the best way to do it, in my opinion, is exactly what Debian does. That is, to not include anything proprietary in the installation media, but allow it to be added during the installation, only if the user really wants to and knows what s/he's doing - https://dev1galaxy.org/viewtopic.php?pid=8402#p8402 - so that the installation of such proprietary components cannot happen by accident, either

(1) because of the user pressing a wrong key, or even

(2) because of some bug, that inadvertently causes a proprietary package (included in the installation media) to be installed.

(In sum, Debian's approach to proprietary software, from a "paranoid about such type of software" point-of-view, allows the installation to be very close to 100% secure. This being the reason why I'm just looking for a Devuan equivalent to such Debian installer.)

#4 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-04-17 18:24:32

I'm not trying to pull anyone towards anywhere.

I just have the habit of, whenever I claim something that goes against what people believe to be true, present the proofs or basis of my claims, so that anyone can know where I come from (i.e. that I'm not just making things up) and make their own judgement about what I say. And, when responding what I did to you, I again felt the need to present arguments for my claims. That's it.

Besides, I think I've already presented every concern that I have with any aspect of this particular distribution (Devuan). So, I don't expect to post anything in here more that might be upsetting to somebody.

[EDIT: I will then just put a "strike through" on top of the last two paragraphs in that last post of mine, since they're unnecessary, in this case, to argument my personal scepticism about the "Tor" network. P.S. - Thank you, anyway, for your tip - and, also for all your help.]

#5 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-04-17 16:31:24

I'm not interested in anonymity - only in security.

And, the "Tor" network (created and funded by the US government itself: https://trisquel.info/en/forum/how-use- … ment-26792) doesn't provide anonymity, anyway: https://twitter.com/BlackFerdyPT/status … 8218624000

There's no such thing as anonymity on the Internet. Since that, the Internet itself was created by the US government as a tool for surveillance (http://forums.debian.net/viewtopic.php? … 60#p670674). And, even if you use strong encryption, the US government has ways of decrypting it (https://www.youtube.com/watch?v=PZQXxUmROIU#t=1h8m25s - with this last interview having been made to a former US Naval Intelligence officer himself).

(But, as always, when I talk to people who are not aware of this, feel free to believe whatever you want...)

#6 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-04-17 00:30:28

fsmithred wrote:

Gnuinos is another one that uses debian-installer, has all free software and uses a libre kernel.

Refracta and Exegnulinux have all free software but use a different installer.

Hello again, fsmithred.

Indeed, Gnuinos is (for the reasons you've stated) the most interesting Devuan-based distro I've come across (and, one in which all my security concerns with proprietary software are eliminated). But, unfortunately, they don't have a stable release yet...

But, yes. Either Gnuinos or an undoubtedly safe installation of Devuan should be my choice.

I will look also into those other two derived distros, the first one of which I didn't know about. Thank you very much for your tip.

#7 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-04-16 23:53:37

Hello, fsmithred.

Yes. You were the one I was referring to (or thinking about) when I mentioned someone that (from what I had understood) was somewhat involved in the creation of Devuan's installer.

Thank you, very much, for your clarification - and, also for all that extra information. It's great for me to know that you're all planning to keep using Debian's installer.

The reason I like it so much (the non-graphical "netinst" variant, that is) is because, one thing I've always liked (very much) in computers and elsewhere is simplicity. And, with a Debian "Net Install", I have

1) a really fast (non-graphical) installer, that can run fast on any computer,

2) one that doesn't need a graphical environment to be loaded before starting (speeding up the process, again) and

3) one that, after the installation - because it has already downloaded, from the Internet, the more recent version of all the packages chosen (instead of older ones, present in the installation media) - doesn't require me to loose any more time with such installation, by having to update the system at the end of it.

(Three things, in total, that this particular installer does to make the installation process a very quick - and simple - one.)

And, yes, I noticed (and also remember very well) that you said on that other thread that you're working to solve the problems, or contradictions, that I had presented.

I didn't say it there, but I'll take the opportunity to thank you here, and very much, for that. smile

Best regards.

#8 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-04-16 23:07:06

siva,

Hi there.

(I see that such thread in the Debian forums really didn't pass unnoticed to you.) eheh smile

I understand that the BSD-family of distros might be even more secure than the GNU/Linux one. But, nevertheless, I would still like to stick with GNU/Linux - so that I can, once in a while, also play a (completely free) game or two, to unwind from intellectual work (like this one: https://www.etlegacy.com/).

#9 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-04-16 22:55:41

GNUser wrote:

Just remove contrib and non-free from your /etc/apt/sources.list and use vrms to find any packages you don't want. It really is as simple as that.

Not quite. Since that, if my concern about this is related to security,

(As I explain in the following post) If I let the installer first install anything proprietary, by then (i.e. after the installation) such security might have already been compromised: https://dev1galaxy.org/viewtopic.php?pid=8382#p8382

#10 Re: Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-04-16 21:21:11

msi,

I'm not spreading FUD about Devuan (or, at least, that's not my intention). I'm just exposing a very serious concern that I have, with a very specific aspect of one of its components. And, the reason why I do this, is because I would really like to adopt this distribution.

(Eitherwise, I wouldn't even bother participating in this forum, and would just leave for another distribution - which I don't want to, because this distribution is almost a *perfect* one for me, with the exception of what I call people's attention to.)

And, I'm not the kind of person who speaks or writes with so-called second intentions (as people say, in my native language) - and, therefore, I don't come here to make "suggestive statements".

As for "allegations", when I say that the installer is buggy and installs proprietary firmware, that's not me claiming that. I'm repeating what was said to me in another thread in here, by someone who (from what I understood) is involved in the creation of such installer. That is, I'm stating facts - not making allegations.

As for me being suspicious about proprietary software, I believe I've made very good points about, and given very good facts as base for, such concern of mine on other threads - so, I completely disagree that such concern is for "no good reason"...

Also, if I repeat the same arguments or facts in different threads, that's because I have to, in order to explain the different kind of questions I raise on those different threads. I cannot assume (or, above all, expect) that other people have read all my posts in other threads or subforums. And, I believe that the proper way to pose my questions, or raise my concerns, is to write them under the assumption that each one will be the only one that a person will read from me.

And, I really am sorry, if I end up being annoying because of all this...

But, my situation is that, the main reason why I adopted GNU/Linux as my main OS, was because I wanted to have a secure OS. And, therefore, I really don't like anything that might pose a risk (as I see it) to that same security.

And, I have very good reasons to worry about my computer security. Since, (besides having myself witnessed very strange things happening in non-secure computers that I had) what happens to other people who have the same (or similar) kind of political activity that I have, and who don't take the same kind of precautions I take, are things like this: https://www.youtube.com/watch?v=5utlGvodeAM#t=9m21s

[EDITED: Or, wait, I think I know of what you are specifically (also) talking about - and, I will therefore add another explanation shortly...]

I suppose you were referring to what was said in the first thread I created in here, and also to something I've said in a subsequent thread I created. And, also to clarify things on my side,

The bug you pointed me to didn't concern (at least, specifically) the situation I was describing. Since that, such bug is related to an "expert install" where one is given the option of "selecting" repositories. And, what happens to me, is when I do a regular (net) installation, where I'm not even asked about what repositories do I want to use or activate.

And, the fact that such bug doesn't correspond to my (specific) situation - together with what I said on my first thread, as to not believing or understanding how could what was happening to me be a sort of "bug", if Debian's original installer didn't have it - was the reason why, in a subsequent thread I created, I described the situation as "supposedly or reportedly because of some 'bug'".

I was not "suggesting" anything - but instead (clearly) implying something - with that. I was just (honestly, as is my costum) describing the situation as I see it (i.e. that this problem might have been wrongly identified as a bug or not). With the situation being that, I still cannot understand how this problem can be the result of some "bug", properly said - or, at least, as I understand one to be (i.e. an unintended flaw created by the necessary modification of a component, instead of something that was just deliberately and consciously added). But, I've quit trying to understand this, and just moved on...

#12 Re: Devuan » contrib and non-free repositories should be disabled by default » 2018-04-16 00:48:05

I was calling everyone's attention to an aspect that didn't seem to be being noticed by some (in a way, kind of correcting people, if they were implying that the alternative didn't allow for such a thing also).

And yes, I was aware that I was also repeating some arguments already presented in this thread. But, this time, it was to present them as justification for a new aspect (education) that I hadn't mentioned before.

#13 Re: Devuan » contrib and non-free repositories should be disabled by default » 2018-04-15 22:34:01

Debian's installer also allows for such a choice - with the difference being that, in order to add proprietary firmware, it's the user that has to add it her/himself to the installation - with this being a way that eliminates (1) any possibility of a mistake or of (2) the user not being (really) aware of what s/he's doing.

(I've seen it myself, with the Debian installer asking if one wants to add proprietary firmware, and then telling the user to then use an external medium to provide such firmware.)

The "downside" of Debian's approach is that, it doesn't allow for a person/novice to just install the OS without caring about such "free vs proprietary" issues. But, (ethical issues aside) for the reasons I stated, this is something that is not only not desirable, but also potentially dangerous - and, also something that (I think) the user should definitely be educated about (which is what I believe that Debian does, by not facilitating such procedure).

#14 Re: Devuan » contrib and non-free repositories should be disabled by default » 2018-04-15 18:06:56

Even if the installer would always ask, when wanting to install any piece of proprietary software, if the user wanted to do so... If the user happens to make a wrong click or key press, s/he can accidentally install non-free software against her/his will.

We already have all sorts of distros that install proprietary firmware/software without even asking the user. And, the reason why I really like Debian, is because it doesn't do anything of this sort.

(If "user-friendliness" and nonconcern for the inclusion of proprietary firmware or software are the guiding lines, then people can fork Ubuntu, for example, instead.)

Debian clearly differentiates itself from other distros for only including, in its installer - and also using, under normal conditions - Free Software. And, if the user really wants to and knows what s/he's doing, s/he can nevertheless install proprietary software her/himself.

The use of anything proprietary should always be avoided and discouraged. Since that, proprietary software is, by its own nature, always potentially dangerous (ex: https://linux.slashdot.org/story/07/08/ … ox-profile).

Whenever possible, the best solution is to always substitute your components by ones for which there are free drivers and firmware (https://h-node.org/). And, when talking about laptops and other equipments that are more difficult to modify the components of, everyone can avoid all of these problems by informing her/himself first about the equipments they want before buying them.

#15 Re: Off-topic » Our dystopian future? » 2018-04-15 15:13:38

More like "our dystopian present", or "very near future"...

state officials are really into intelligent, big data processing, networking of information, storing all the information and linking it up, applying AI and predictive policing for it,

This is already happening in the West, also - but, is being done covertly instead: http://forums.debian.net/viewtopic.php? … 60#p670674

Also, in China, subversives are taken into reeducation camps. While, in the West, people who defy the establishment have car "accidents" (https://www.corbettreport.com/episode-2 … -hastings/), commit "suicide" (https://www.washingtonpost.com/archive/ … 0b6989ebe/) etc.

The only other major thing separating us from China, right now, is the fact that we still have Democracy. But, just like it happened in Europe, in the first half of the 20th century (including in my country), that can change.

All that is needed, is for these supposedly Islamic terrorist attacks of dubious origin (https://www.prisonplanet.com/articles/d … wledge.htm) to continue, and become bigger, a "state of emergency" being declared because of such, and that will be the perfect excuse to "suspend Democracy" (as one establishment politician says, in my country: https://www.youtube.com/watch?v=A5naDDnigsw) obviously, during an "indefinite" period of time, just like it happened in Egypt (http://www.bbc.com/news/world-middle-east-18283635).

Listen to what Richard Stallman has to say about all this: https://vimeo.com/28195912

In Paris, for example, because of the series of terrorist attacks in France, you already have military troops patrolling the streets, and you can be forced to show an ID card just for being at a train station, or close to it. (Just like during Nazi occupation!)

Hell, with the Economic Collapse that has already started (http://forum.prisonplanet.com/index.php … #msg899883) and that will be truly felt in about a year (https://twitter.com/i/web/status/984053725621698565), the whole *huge* social unrest that this will cause, will be another perfect excuse for a more authoritarian and controlling Police State.

You think that the Internet, as we know it, is going to last forever? It's not: https://www.phoronix.com/forums/forum/p … post996815

You think it's only in China that the government has the ability to shutdown the Internet, and that something like that would never happen in the West? You're wrong: https://www.prisonplanet.com/government … apace.html

I could go on and on about all this...

Nineteen Eighty-Four wasn't written out of a great foresight capability its author had - and, as a warning to Mankind. It was drawn, by an MI6 agent, out of plans that already existed at the time, of what to turn our Western society into. And, the reason why it was written, was to "condition" people for all this - just like the (increasingly) huge amount of dystopian science-fiction novels, movies, TV series (http://forum.prisonplanet.com/index.php … #msg594255) and even computer games that are omnipresent in our culture today.

#16 Re: Devuan » What proprietary software does Devuan install by default? » 2018-04-14 23:25:13

Hello, golinux.

The commands that fsmithred and GNUser told me about, are very good tools, indeed. But, unfortunately, they don't really solve my problem. (With this being the reason why I proceed to ask so many questions.)

I really am sorry if I'm being a PITA... But, the problem I see with this default inclusion of non-free software, is that it can violate people's security and also ethical principles or concerns - with that only being "solved" after those two things have already occurred.

And, to be more explicit, I can give you an example.

I have an old laptop that can use, on its Wi-Fi card for its "free" driver, either (1) an incomplete (but functional, and completely) free firmware, or (2) a complete proprietary firmware.

And, on a FSF-approved distro that I tried, that (incomplete, but functional) free firmware is the one that is installed, and I can use my laptop with no problems.

Let's say that the alternative proprietary Wi-Fi firmware (of which we don't know the source code) might be able to steal my Wi-Fi password and send it somewhere else on the Internet. And, let's say that Devuan installs such proprietary firmware without telling me anything about it, I naively think that it must have installed the free one instead, and I only discover what really happened at the end of the installation, after having used my Wi-Fi password to proceed with such installation...

If that proprietary Wi-Fi firmware is really capable of stealing my password, then it will already be too late.

As I've just said in another thread, in here (https://dev1galaxy.org/viewtopic.php?pid=8377#p8377) the problem I have with all non-free software, is that I see it all as potentially dangerous (ex: https://linux.slashdot.org/story/07/08/ … ox-profile).

#17 Re: Devuan » contrib and non-free repositories should be disabled by default » 2018-04-14 22:28:55

wdq,

The problem I have with non-free software (firmware included) is that, I see all of it as potentially dangerous (ex: https://linux.slashdot.org/story/07/08/ … ox-profile). And, for that reason, I want to either (1) not install it, or (if I really need to) (2) to install it only when I really want and decide to.

And, I can give you an example.

The motherboard I'm using needs a proprietary firmware to reach higher speeds on its Ethernet port. And, because I see such components in my computer that connect to the Internet (Ethernet port, Wi-Fi card) as particularly sensitive components, in terms of security, I don't want to (ever) use any proprietary software (or even just firmware) on those.

So, when Debian asks me, in an installation, if I want to add any proprietary firmware to run on my Ethernet card, I simply choose "No".

But, with Devuan's installer having proprietary firmware in its installation media, I fear that it might add such proprietary firmware (to my Ethernet driver, for example) and not even tell me anything about it.

(Something that, with Debian wouldn't even be possible - because Debian's installer doesn't have any kind of non-free software in it. And, I would have to be the one to - very knowingly and conscientiously - add it myself.)

#18 Re: Devuan » contrib and non-free repositories should be disabled by default » 2018-04-14 18:19:54

And, if the user decides to install a proprietary firmware (say, for wireless) during the installation,

With this bug fixed, will s/he be left with only the "main" repository activated, at the end of a fresh installation? (And, not the "contrib" or "non-free" repositories, from where that same firmware is originally from?)

If so, (that is, if the user ends up with proprietary firmware on his/her computer, but with only the "main" repository activated) this can:

1) be misleading - in the way that it might convince the user that only Free Software has been installed on his/her computer, when s/he checks the "sources.list"; and also

2) prevent those same pieces of non-free software from being updated.

#19 Re: Devuan » What proprietary software does Devuan install by default? » 2018-04-14 17:54:29

fsmithred and GNUser,

Thank you very much for all those commands (that I didn't know the existence of).

I wasn't able yet to successfully install any version of Devuan on my computer (I'm waiting for the next stable release, that should be as functional on my computer as Debian 9) - but, I've tested all those commands in Debian already, and they work very well.

(That's a great way, then, to clear any doubts as to what type of software one has had installed on his/her computer.)

Panopticon and everyone,

The issue here is to really (know how to) know: "What proprietary software does Devuan install by default?"

(My critique concerning the inclusion of this type of software, by default, has been left by me in/to another thread - and, I really just want to know here what I'm asking.)

And, concerning what I ask, nevertheless, I didn't get an exact answer...

I know, then, that Devuan installs some proprietary Wi-Fi firmware, when installing the OS itself. And, having I checked the "/firmware" directory in the "netinst.iso" installation image, I can see there other types of firmware also. But,

1) Is the firmware in this directory the only non-free software that the Devuan installer uses? (That is, are there any other non-free packages/software present in the installation media, in other directories?)

And, concerning the previous question...

2) Is the installation of this non-free type of software something that Devuan's installer can only do by using packages already included in the installation media itself?

3) Or, in a "Net Install" or other, if Devuan's installer wants, it can activate the "contrib" or "non-free" repositories and use those to download non-free software from the Internet (with this being the reason why these repositories are left activated, in the "sources.list", after the installation)?

4) Also, is the user always asked, or at least warned, about the installation of this type of non-free software?

5) And, is the non-free CPU microcode included in the installation media only run during the installation, or also installed on the computer?

#20 Devuan » What proprietary software does Devuan install by default? » 2018-04-13 09:13:01

Fernando Negro
Replies: 7

I recently found out that, instead of behaving like Debian's - that only installs proprietary firmware on your computer if you decide to add it yourself to the installation - Devuan's installer (1) contains proprietary firmware in it, and (2) leaves the "contrib" and "non-free" repositories activated, after the installation, supposedly or reportedly because of some "bug".

(https://dev1galaxy.org/viewtopic.php?pid=8292#p8292)

So, having I noticed that the (serious) concern for not including any proprietary software by default, that Debian has, has not passed on to Devuan... I would like to know the following.

1) Is Wi-Fi proprietary firmware the only non-free thing that was added by Devuan to the original Debian installer?

2) Is Devuan's kernel (Linux) also rid of any proprietary firmware, just like Debian's?

3) Is there any other proprietary firmware or software that Devuan installs by default?

#21 Devuan Derivatives » Any Devuan-based distros that use Debian's original installer? » 2018-04-13 08:39:23

Fernando Negro
Replies: 40

I recently found out that, instead of just modifying the original references to Debian and its repositories in the original Debian installer, the developers of Devuan decided to "heavily modify" the installer, and add proprietary firmware to it.

With the result of this being that, the installer is reportedly buggy, and (as I said) installs proprietary firmware on your computer.

(https://dev1galaxy.org/viewtopic.php?pid=8292#p8292)

Well, the reason why I chose Debian above all other distros, was exactly because I didn't want either (1) serious bugs or (2) anything proprietary on my OS, by default.

So, I would just like to know...

Are all Devuan-derivative distributions completely based on Devuan's original code, including that of the Devuan installer?

Or are there some that still use, and modify, parts from the original Debian code instead, including the installer?

#22 Re: Off-topic » Why I think that "systemd" is something very bad » 2018-04-10 09:43:55

It's a similar security risk as the one created by the "zeitgeist" daemon, whose development is sponsored by Canonical...

If you have a daemon that already keeps a log of all of the user's most important activity,

You don't even need to have a piece of malware installed on the computer, all the time, to know what the user is up to.

All that you need now, is to somehow read that same log, whenever you can - like, when a user decides to try out one of the many proprietary programs that Ubuntu encourages people to, on its "Software Centre" (and, more specifically, one that behaves like this: http://linux.slashdot.org/story/07/08/2 … ox-profile) - and there goes a whole log of the user's activity into the hands of Big Brother.

#23 Re: Devuan » contrib and non-free repositories should be disabled by default » 2018-04-10 09:18:57

Fernando Negro wrote:

Since that, one of the reasons why I want to adopt Devuan is because I see systemd as a great security risk. (And, I will explain this last point of mine in another post.)

There. I've already posted the main reason why I want to adopt Devuan, in another sub-forum in here: https://dev1galaxy.org/viewtopic.php?id=1986

#24 Off-topic » Why I think that "systemd" is something very bad » 2018-04-10 09:04:59

Fernando Negro
Replies: 2

Writing as a user, that has adopted GNU/Linux in order to have more security on his computer, the following are (besides the very good principles of diversity in evolution - that should also be applied to "init" systems, and other pieces of the GNU/Linux operating system - to allow us to compare which ones are the best results that better suit each particular situation) the reasons why I really don't like "systemd".

First of all,

Whenever I hear of "unification" and "uniformization" applied to human organizations or development (in situations where they are not needed, for practical reasons, and don't make people's life better) I raise my guard. Because, it automatically makes me thing of the same principle applied to bigger/political organizations.

The more centralized the power of decision is, the less democratic it becomes. Since that, it makes it much harder for minority voices to be heard, and doesn't allow for different groups to follow each one their own path.

(When I speak of this happening in "bigger/political organizations", just look at the example of small Iceland, where the people easily changed their own government when they realized that it was corrupt, and compare that to the situation in the EU, where this super-state repeatedly imposes its will on whole different countries, and doesn't allow them to do things their own way.)

And, I've heard part of this same principle being discussed by the people who criticise the uniform adoption of "systemd" by the major GNU/Linux distributions.

But, the main problem I see with the adoption of "systemd" is (not even this one - but) one that relates to security.

(Important note: The following, is something that I'm writing as a mere user, with limited knowledge of how GNU/Linux works. And, therefore, I might be wrong concerning some of the details of what I describe. But, the general principle of such concern of mine, is something that I believe to the undoubtedly true...)

And, what I mean by this is,

(From the limited knowledge I have of what the different "init" systems do - and, knowing that "systemd" is not now responsible for everything yet,)

If you want to install a piece of malware on a computer, that surveils/controls the different aspects of its operating system...

1) In a pre/non-"systemd" environment, in order to surveil/control all those same different components, you will have to build a piece of software that does that altogether, including possibly at the same time - which results in a rather complex piece of software whose (complex - and, therefore big) activity might be spotted by the operating system or its user.

2) While, on the other hand, if you already have a daemon running, that controls all those same different aspects/components of the operating system, if you want to install a surveilling/controlling malware, all that you have to do is "stick" to that same daemon. That is, if you want to surveil/control the different aspects/components of the operating system altogether, there's no need to go any further than infecting (or remain connected to) one single daemon. Which,

    a) not only reduces greatly the complexity of such malware - and, by that,

        I) reduces greatly the probability of it being spotted, from its reduced size and activity, or

        II) makes it possible for it to operate within certain limits/restrictions - like those of a small chip implanted on your hardware (ex: https://libreboot.org/faq.html#intel) - but also

    b) serves as a perfect hiding place and, above all, *cover* (that couldn't be used before the existence of "systemd") for the activity of such piece of malware - because, if a knowledgeable user notices something odd and asks "What is this active program that is surveilling and controlling all these different aspects of my computer?" his/her reaction now will be "Oh, that's just 'systemd'...".

#25 Re: Devuan » contrib and non-free repositories should be disabled by default » 2018-04-10 05:15:32

fsmithred wrote:

For the record: The live images don't have contrib and non-free in sources.list, but they do have non-free wireless firmware installed. There's a script you can run that will remove the non-free firmware. It's in /root in the minimal-live and in /usr/local/bin in the desktop-live.

Well, that just confirms my suspicion (and proves the point I was making)...

Devuan's developers are, then, adding proprietary software in the installation images (that is not there in Debian's).

This is a big security risk. And, it's starting to make me loose (a lot of) trust in Devuan. Since that, one of the reasons why I want to adopt Devuan is because I see systemd as a great security risk. (And, I will explain this last point of mine in another post.)

Board footer

Forum Software