Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

How much do you trust Debian?

Off-Topic discussions about science, technology, and non Debian specific topics.
Message
Author
cynwulf

Re: How much do you trust Debian?

#21 Post by cynwulf »

The funding of the Debian project is in fact relevant to any trust you wish to place in it. It's always prudent to "follow the money".

But looking at Debian funding only is rather pointless. If you have a few names there such as google, Lenovo and AWS - that's largely irrelevant. "Upstream" donations to the Linux Foundation and other projects are much more relevant for example, and apply to all Linux distributions and Linux based OS. systemd, as another example, is a IBM/Red Hat funded and developed project, which has a clear business agenda. IBM/Red Hat develop software for their own business case. It's hardly any different to Microsoft doing the same, the difference is mainly in the "open source" development and the licence.

Those corporations are very much in control, they are steering things, their reps are on the board of directors and technical advisory board of the Linux foundation. You may want to "trust" Debian and not trust Microsoft for example - but you first have to consider this:

https://www.linuxfoundation.org/our-mem ... erpower-2/

Microsoft and Oracle are at the top, in the platinum members category - two corporations with a history of hostility to open source. If you don't trust Microsoft and don't use Windows and use Linux because of that, that could present you with a problem...

The board of directors always has a mix of Facebook, Oracle, Microsoft and IBM reps among others...

https://www.linuxfoundation.org/board-of-directors/

I don't trust Facebook, Oracle, Microsoft or IBM - this is no different.

The technical advisory board currently has 4 google reps on it:

https://www.linuxfoundation.org/technic ... ory-board/

I also certainly don't trust google.

Linux is the kernel for Android - which along with the enterprise server and embedded markets, is "Linux". Hobbyist desktop users running distributions, are a tiny percentage in comparison - not even registering on the scale.

Linux is a business and corporations are firmly in control. Pretending that these highly paid people and massive donations are about "charity" is just laughable naivety. Corporations don't pour millions into projects like Linux because it's nice to do so, and they don't pay their own developers to work on it as a hobby.

The "open source" nature of the code doesn't matter. You're trusting others to audit - many of the "auditors" are google, AMD, Intel, Microsoft, etc software engineers...

Torvalds famously admitted some years that the Linux kernel code base was too large and complex for humans to audit. Unless you audit every line yourself and have to skill to understand every line - which Torvalds admitted that even they don't... you have to either blindly trust the Linux kernel or stop using it. In trusting the Linux kernel, you're placing trust in FAANG, Microsoft, IBM and "Big Tech" as a whole - there's no getting away from that.

Old article:

https://www.linuxfoundation.org/wp-cont ... t-2017.pdf
The top 10 contributors, including the groups “unknown” and “none,” make up just over 54 percent of the total contributions to the kernel; that is up slightly from the previous version of this report. It is worth noting that, even if one assumes that all of the “unknown” contributors are working on their own time, well over 85 percent of all kernel development is demonstrably done by developers who are being paid for their work. Interestingly, the volume of contributions from unpaid developers has been in slow decline for many years. It was 14.6 percent in the 2012 version of this report, but is 8.2 percent this time around. There are many possible reasons for this decline, but, arguably, the most plausible of those is quite simple: kernel developers are in short supply, so anybody who demonstrates an ability to get code into the mainline tends not to have trouble finding job offers. Indeed, the bigger problem can be fending those offers off. As a result, volunteer developers tend not to stay that way for long.
To summarise - it's already mostly corporate contributions and promising "volunteers" get bought off anyway. So while GPL prevents someone taking the code and closing it off and selling it as a product - it does nothing to prevent the paying off of key developers to effectively put most important "open source" development on the corporate payroll.

Whether people care or not, that's the realty of it.

User avatar
Diesel330
Posts: 127
Joined: 2021-11-08 19:57
Location: Eastern Europe
Has thanked: 29 times
Been thanked: 16 times

Re: How much do you trust Debian?

#22 Post by Diesel330 »

I don't know what to say, your post is enlightening and sad. I only want to own my computer that I paid for and it seems I can't.

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: How much do you trust Debian?

#23 Post by canci »

The trust is obviously not infinite, but Debian isn't controlled by one entity, nor is there necessarily a pressure to go a certain course or deliver certain software. It's left alone by commercial desktop endeavors, which is what makes it usable and bearable for me. I think OpenBSD is probably much better, but it comes with even more barriers than using Linux. Or maybe that's just my perception. Maybe I'd just have to take the plunge :)
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

User avatar
NorthEast
Posts: 349
Joined: 2018-11-18 04:35
Has thanked: 12 times
Been thanked: 30 times

Re: How much do you trust Debian?

#24 Post by NorthEast »

cynwulf wrote:
To summarise - it's already mostly corporate contributions and promising "volunteers" get bought off anyway.
An alternative view is that the "volunteers" chose their employment in part because it enabled them to keep contributing to their GPL work and enhanced that work.

Bulkley
Posts: 6383
Joined: 2006-02-11 18:35
Has thanked: 2 times
Been thanked: 39 times

Re: How much do you trust Debian?

#25 Post by Bulkley »

Computer insecurity is pretty much an Internet problem. If you never plug into the Internet (directly or indirectly) your only security problems will come from any family or friends who have access. On the Net we can control security somewhat with browser settings and add-ons.

For most of us, security is a nuisance problem. In some parts of the world a computer leak can be deadly. In that case I'd either stay off the Net or use a security OS like Tails. Remember that your phone broadcasts your location.

Then there is the user problem. If you have a secret don't post it on Facebook or Twitter. Set your browser security to Strict. Don't store passwords in your browser. Never put identity codes (SSN, driver's license, etc.) on-line or in email. Don't buy on-line. Stay away from Google as much as you can. Use a VPN.

kedaha
Posts: 3521
Joined: 2008-05-24 12:26
Has thanked: 33 times
Been thanked: 77 times

Re: How much do you trust Debian?

#26 Post by kedaha »

cynwulf wrote: 2022-01-26 13:24 Linux is a business and corporations are firmly in control. Pretending that these highly paid people and massive donations are about "charity" is just laughable naivety. Corporations don't pour millions into projects like Linux because it's nice to do so, and they don't pay their own developers to work on it as a hobby.[ ...]
Torvalds famously admitted some years that the Linux kernel code base was too large and complex for humans to audit. Unless you audit every line yourself and have to skill to understand every line - which Torvalds admitted that even they don't... you have to either blindly trust the Linux kernel or stop using it. In trusting the Linux kernel, you're placing trust in FAANG, Microsoft, IBM and "Big Tech" as a whole - there's no getting away from that.
No getting away from that? Well, the GNU Linux-libre is described as "a modified version of Linux with all of the binary blobs, obfuscated code and portions of code under proprietary licenses removed." See fsf.org/wiki/Linux-libre. It looks uncomplicated to install it using the apt repository. However, this kernel might cause the Debian OS not to work as expected without all that obfuscated stuff. It's used in the FSF-endorsed Trisquel, which says it's a 100% free OS and has a live CD for anyone who might be interested in trying it.
DebianStable

Code: Select all

$ vrms

No non-free or contrib packages installed on debian!  rms would be proud.

cynwulf

Re: How much do you trust Debian?

#27 Post by cynwulf »

NorthEast wrote: 2022-01-26 23:48An alternative view is that the "volunteers" chose their employment in part because it enabled them to keep contributing to their GPL work and enhanced that work.
No one is suggesting they are slaves. But corporations can throw money at projects, buy off the developers and effectively "own" what was formerly a "free software" project. You will then see the "open source" buzzwords in use. This effectively means that unfunded, volunteer driven, alternatives and forks just founder and die due to lack of manpower/funding.
kedaha wrote: 2022-01-27 10:45No getting away from that? Well, the GNU Linux-libre is described as "a modified version of Linux with all of the binary blobs, obfuscated code and portions of code under proprietary licenses removed." See fsf.org/wiki/Linux-libre. It looks uncomplicated to install it using the apt repository. However, this kernel might cause the Debian OS not to work as expected without all that obfuscated stuff. It's used in the FSF-endorsed Trisquel, which says it's a 100% free OS and has a live CD for anyone who might be interested in trying it.
To my knowledge Linux libre mainly removes the device firmware and microcode which is provided under "non free" licences and/or without source.

Most of the corporate contributions to the Linux kernel, are not in fact this firmware, but actual code commits under free licences. Just a few examples:

https://github.com/torvalds/linux/blob/ ... mmon/cpu.h
https://github.com/torvalds/linux/blob/ ... /hv_core.c
https://github.com/torvalds/linux/blob/ ... olt/acpi.c

The firmware, is a distraction which FSF are overly focused on. It's a Stallmanist thing.

If you have x86 hardware, then you already have a lot of proprietary firmware, a UEFI, IME, CPU microcode, etc. The loadable firmware provided in the Linux kernel is only of use for the devices it was written for. It gets loaded onto and runs on the device itself - so if you don't have the device - it is never loaded, thus it just takes up a few megabytes in /lib/firmware. If you do own the device, it's assumed you would want it to work? If you delete the firmware, then the device won't function - but removing/disabling the device would achieve the same end. Apart from "feeling free", it's largely pointless.

This is really a matter of "free hardware", the focus on the firmware images provided with the Linux kernel is just FSF tokenism. The x86 platform is effectively owned and controlled by Microsoft.

The elephant in the living room is every computer running IME/PSP - deleting the firmware for some realtek wifi adapter you don't even own in order to feel "free", doesn't change a thing...

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: How much do you trust Debian?

#28 Post by canci »

Effective computing is sadly always a trade-off and compromise with corporate ideas. Loads of proprietary firmware blobs everywhere.
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

User avatar
oswaldkelso
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1490
Joined: 2005-07-26 23:20
Location: UK
Has thanked: 1 time
Been thanked: 58 times

Re: How much do you trust Debian?

#29 Post by oswaldkelso »

Trust no one!

Debian, Linux, BSD, or especially any of the the Big Tech companies out there.

Whilst I mostly agree with cynwulf on what he had to say about security. Stallmans views on firmware are quit easy to understand. If the firmware on a device is not up-gradable/modifiable it's a hardware issue. If it is it's a software issue and to be floss it needs the four freedoms.

Even if we all acknowledge this is a fudge, at least it's a consistent fudge. The non-copyleft side of the debate seem to pretend it's not an issue. Though on One hand we have "big tech" funding all aspects of floss and on the other we have Governments across the world banning companies on grounds of national security.

To me that says there is an issue here. Different government want different companies to provide them with either security or spying capabilities. The sheer complexity of the code base now makes keeping tabs on it all highly precarious.

Heck the best way to be secure now a days is have no internet. I don't see that happening any time soon, but I'm certainly moving to more simple text based protocols like gemini and have been using text (ascii) based file backups for many years because when I die I want my decedents to be able to read my thoughts, ideas and musings and not have them die in some digital iceage of proprietary crap. My time capsule will be getting buried with me to be opened in one hundred years time :mrgreen:

TNO

typos!
Last edited by oswaldkelso on 2022-01-27 16:35, edited 1 time in total.
Free Software Matters
Ash init durbatulûk, ash init gimbatul,
Ash init thrakatulûk agh burzum-ishi krimpatul.
My oldest used PC: 1999 imac 333Mhz 256MB PPC abandoned by Debian

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: How much do you trust Debian?

#30 Post by canci »

oswaldkelso wrote: 2022-01-27 16:14 gemini
Are you continuing your lovely blog on gemini? :)
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

User avatar
oswaldkelso
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 1490
Joined: 2005-07-26 23:20
Location: UK
Has thanked: 1 time
Been thanked: 58 times

Re: How much do you trust Debian?

#31 Post by oswaldkelso »

canci wrote: 2022-01-27 16:24
oswaldkelso wrote: 2022-01-27 16:14 gemini
Are you continuing your lovely blog on gemini? :)
That had me confused for a while . What blog! Then I thought about it :-) I'd not posted since 2016 TNO and all that so took a look. Quite a blast from the past seeing what I was running and doing back then. Re a gemini capsule . Not yet though I may well once freedombox has it built in. I wanted to use a client that was tui and not some fancy new bloated crap or in a "modern language" like go or rust etc. That means my choice is limited (tui and written in C being my preference) so I currently surf geminispace vi bollux. My efforts to build telescope failed because it It couldn't find libevent despite it being installed!

The wider plan to de-tangle my self from the bloat/spying of the modern web is have a easy to use system with no gui. Using screen, mc, w3m cmus etc. I was reading that before to long the biggest energy usage will be computing in it's various forms. The planet burns and our biggest energy usage will be based around bullshit. All those subjects really require new threads so I'll leave it there so we can get back on topic.
Free Software Matters
Ash init durbatulûk, ash init gimbatul,
Ash init thrakatulûk agh burzum-ishi krimpatul.
My oldest used PC: 1999 imac 333Mhz 256MB PPC abandoned by Debian

Fossy
df -h | participant
df -h | participant
Posts: 338
Joined: 2021-08-06 12:45
Has thanked: 34 times
Been thanked: 31 times

Re: How much do you trust Debian?

#32 Post by Fossy »

Please don’t shoot the ordinary Debian user ...
follow with suspicious eyes these intellectual digital masturbation exercises or should I say unfortunately do not understand a snare of the obscure language spoken by my beloved Debian brethren ?
Remain with the following question , unless I have overlooked or not read enough between the lines :
With respect to owning our computer , not a word is mentioned about CPUs and BIOS / UEFI .
I find it strange ... or am I on a wrong wavelength ?

Translated with www.DeepL.com/Translator (free version)
ASUS GL753VD / X550LD / K54HR / X751LAB ( x2 )
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software

https://cdimage.debian.org/debian-cd/cu ... so-hybrid/

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: How much do you trust Debian?

#33 Post by canci »

oswaldkelso wrote: 2022-01-28 10:42
canci wrote: 2022-01-27 16:24
oswaldkelso wrote: 2022-01-27 16:14 gemini
Are you continuing your lovely blog on gemini? :)
That had me confused for a while . What blog! Then I thought about it :-) I'd not posted since 2016 TNO and all that so took a look. Quite a blast from the past seeing what I was running and doing back then. Re a gemini capsule . Not yet though I may well once freedombox has it built in. I wanted to use a client that was tui and not some fancy new bloated crap or in a "modern language" like go or rust etc. That means my choice is limited (tui and written in C being my preference) so I currently surf geminispace vi bollux. My efforts to build telescope failed because it It couldn't find libevent despite it being installed!

The wider plan to de-tangle my self from the bloat/spying of the modern web is have a easy to use system with no gui. Using screen, mc, w3m cmus etc. I was reading that before to long the biggest energy usage will be computing in it's various forms. The planet burns and our biggest energy usage will be based around bullshit. All those subjects really require new threads so I'll leave it there so we can get back on topic.
I've already moved over to w3m for a lot of static websites.

Your blog is a goldmine, especially for installing Debian on old macs and for window manager stuff. Would be great if you continued on gemini or simple HTML/CSS.

Back on topic:

Fossy has a point. There's sadly way too much proprietary crap in our hardware.
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

Fossy
df -h | participant
df -h | participant
Posts: 338
Joined: 2021-08-06 12:45
Has thanked: 34 times
Been thanked: 31 times

Re: How much do you trust Debian?

#34 Post by Fossy »

[/quote]
... There's sadly way too much proprietary crap in our hardware.
[/quote]
In a previous life I worked for a number of years for an official Asus distributor.
The logical reason that I chose this brand for our computers ( being a total of 7 laptops , 1 transformer book and 2 destop's ) , more I do not want to say about this .

Always been satisfied with my choice ... until now ... cross the fingers.

With one exception however : a stunning FX753VD
Image

Currently running Windows 10
1/ not upgradable to Windows 11 because the CPU is too old ; i7 7th generation ... :shock:
2/ installing a Linux based operating system on it is a real nightmare not to mention impossible ... have given up for the time being … maybe later ?

Not posted as question for support , just for illustration .

Who is the guilty party here?
ASUS GL753VD / X550LD / K54HR / X751LAB ( x2 )
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software

https://cdimage.debian.org/debian-cd/cu ... so-hybrid/

User avatar
argentwolf
Posts: 201
Joined: 2021-09-05 23:21
Has thanked: 185 times
Been thanked: 15 times

Re: How much do you trust Debian?

#35 Post by argentwolf »

Fossy wrote: 2022-01-28 15:20
Who is the guilty party here?
Fossy, for thinking you should be able to play outside their rules of engagement. Next time read the fine print. D'oh! :wink:
Vanguard Debian, because nothing's worse than doing nothing, whimsically!
32-bit | 2 Duo T5270 @ 1.40GHz x 2 CPU | 3.9GiB RAM | NV86 117MiB GPU | 465.76GiB SSD
64-bit | i7-4790 @ 3.60GHz x 8 CPU | 15.6GiB RAM | NVD9 1.9GiB GPU | 931.51GiB SSD

Fossy
df -h | participant
df -h | participant
Posts: 338
Joined: 2021-08-06 12:45
Has thanked: 34 times
Been thanked: 31 times

Re: How much do you trust Debian?

#36 Post by Fossy »

argentwolf wrote: 2022-01-28 15:44
Fossy wrote: 2022-01-28 15:20 Who is the guilty party here?
Fossy, for thinking you should be able to play outside their rules of engagement. Next time read the fine print. D'oh! :wink:
A little weak to want to make me feel guilty .
Don't you agree ?
Try harder :D
ASUS GL753VD / X550LD / K54HR / X751LAB ( x2 )
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software

https://cdimage.debian.org/debian-cd/cu ... so-hybrid/

User avatar
argentwolf
Posts: 201
Joined: 2021-09-05 23:21
Has thanked: 185 times
Been thanked: 15 times

Re: How much do you trust Debian?

#37 Post by argentwolf »

Fossy wrote: 2022-01-28 16:27 A little weak to want to make me feel guilty .
Don't you agree ?
Try harder :D
They're hiring... :shock:

https://www.oshwa.org/

drops mic
Vanguard Debian, because nothing's worse than doing nothing, whimsically!
32-bit | 2 Duo T5270 @ 1.40GHz x 2 CPU | 3.9GiB RAM | NV86 117MiB GPU | 465.76GiB SSD
64-bit | i7-4790 @ 3.60GHz x 8 CPU | 15.6GiB RAM | NVD9 1.9GiB GPU | 931.51GiB SSD

Fossy
df -h | participant
df -h | participant
Posts: 338
Joined: 2021-08-06 12:45
Has thanked: 34 times
Been thanked: 31 times

Re: How much do you trust Debian?

#38 Post by Fossy »

Fossy wrote: 2022-01-28 15:20
... There's sadly way too much proprietary crap in our hardware.
[/quote]
... a stunning FX753VD
Image
....
Currently running Windows 10 ( not anymore )
1/ not upgradable to Windows 11 because the CPU is too old ; i7 7th generation ... :shock: ( no longer required ) ... :D
2/ installing a Linux based operating system on it is a real nightmare not to mention impossible ... have given up for the time being … maybe later ? ( IT WASN'T )
.....
[/quote]
finally managed to disable “ windows boot manager “ :
first in windows run “ cmd “ as administrator :
copy / paste : bcdedit /set {bootmgr} timeout 0
Then reboot with the ISO stick.
Business as usual : the chosen ISO is now recognized and you can boot into it and install the Linux Distro of your choice ...
Debian of course ... what else ? :D
It was as simple as that .
ASUS GL753VD / X550LD / K54HR / X751LAB ( x2 )
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software

https://cdimage.debian.org/debian-cd/cu ... so-hybrid/

Fossy
df -h | participant
df -h | participant
Posts: 338
Joined: 2021-08-06 12:45
Has thanked: 34 times
Been thanked: 31 times

Re: How much do you trust Debian?

#39 Post by Fossy »

canci wrote: 2022-01-27 16:24 Back on topic:
" There's sadly way too much proprietary crap in our hardware. "
To be clear , I am not a trained IT / ICT'er .
I am nothing more than a dyed-in-the-wool "ordinary Debian user ".
My learning journey started about 8 years back with Linux Mint ( Ubuntu based Edition ) over LMDE4 ( Debian based edition ) to ended up by Pure Debian ( Buster > Bullseye ) .
Can I summarize it as follows please ?
Is Debian reliable ?
The vast majority will probably agree that Debian is indeed reliable .
So who or what should we be really wary of ?
My experience is that one should be much more concerned with the choice one makes when buying a computer , without going into detail here :
the reliability of the retailer.
The reliability of the chosen brand .
As Canci correctly points out : “ There's sadly way too much proprietary crap in our hardware. “
All the computers ( with a few rare exceptions ) are infected by Microsoft ... one brand more than another but not only by Microsoft .

My two cents .

Translated with www.DeepL.com/Translator (free version)
ASUS GL753VD / X550LD / K54HR / X751LAB ( x2 )
Bookworm12.5_Cinnamon / Calamares Single Boot installations
Firefox ESR / DuckDuckGo / Thunderbird / LibreOffice / GIMP / eID Software

https://cdimage.debian.org/debian-cd/cu ... so-hybrid/

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: How much do you trust Debian?

#40 Post by canci »

Maybe one day we can have RISC-V. For now, it still doesn't look very feasible:

https://drewdevault.com/2022/01/15/2022 ... ience.html
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

Post Reply