All of that is true, at least for now. But if you look at the work the systemd developers have been doing with remote attestation and end to end verification of computers, it starts to paint a grim picture. Web based integrity might not be that far off. But I really hope it doesn’t get that bad
its the opposite in the best possible way. FOSS = “we know it’s too complicated to make perfect. that’s why it’s all out in the open where we call eachother out on our shit. We dont sell, we improve.” proprietary = “there is no war in ba sing seigh and to say or demonstrate otherwise is terrorism against shareholders.”
The owner of the machine is the one who decide. You can already make the life of other non root users absolutely miserable. The major difference is that it is YOU who control that. Not the company you bought your laptop from.
Also attestation is a super cool feature when you understand it. Because again, it’s free.
In general, systemd hate is a mark of ignorance. Which is fine. Ignorance can be fixed.
I quite like the init and journal parts of systemd. I’m not a hater. But I’ve been around long enough to see where this attestation road might lead to. Google tried it recently with their WEI initiative.
But now the time is ripe again with child safety being mentioned left and right. This is all speculative but combine secure boot ,and kernel level attestation and suddenly one must use verified applications which among other things can’t block ads and whatnot
All of that is true, at least for now. But if you look at the work the systemd developers have been doing with remote attestation and end to end verification of computers, it starts to paint a grim picture. Web based integrity might not be that far off. But I really hope it doesn’t get that bad
Relevant article: https://www.gnu.org/philosophy/you-the-problem-tpm2-solves.en.html
And if anybody thought TPM provides security: https://www.elevenforum.com/t/tpm-2-0-is-a-must-they-said-it-will-improve-windows-security-they-said.13222/ https://gist.github.com/osy/45e612345376a65c56d0678834535166 https://www.sophos.com/en-us/blog/serious-security-tpm-2-0-vulns-is-your-super-secure-data-at-risk https://www.covertswarm.com/post/how-secure-are-tpm-chips
Reader, you know what’s likely most secure? FOSS code, peer-reviewed and regularly patched.
I don’t get why one would trust security theater, aka TPM and secureboot.
its the opposite in the best possible way. FOSS = “we know it’s too complicated to make perfect. that’s why it’s all out in the open where we call eachother out on our shit. We dont sell, we improve.” proprietary = “there is no war in ba sing seigh and to say or demonstrate otherwise is terrorism against shareholders.”
The owner of the machine is the one who decide. You can already make the life of other non root users absolutely miserable. The major difference is that it is YOU who control that. Not the company you bought your laptop from.
Also attestation is a super cool feature when you understand it. Because again, it’s free.
In general, systemd hate is a mark of ignorance. Which is fine. Ignorance can be fixed.
I quite like the init and journal parts of systemd. I’m not a hater. But I’ve been around long enough to see where this attestation road might lead to. Google tried it recently with their WEI initiative.
But now the time is ripe again with child safety being mentioned left and right. This is all speculative but combine secure boot ,and kernel level attestation and suddenly one must use verified applications which among other things can’t block ads and whatnot