- cross-posted to:
- linux@programming.dev
- cross-posted to:
- linux@programming.dev
I saw the news about Little Snitch coming to Linux via eBPF and Rust. On paper, it looks fancy. In reality, the backend is closed source.
Personally, I don’t see the point in installing a proprietary black box to monitor other black boxes. I’m sticking with my AdGuard Home setup and OpenSnitch for when I actually need to trace a binary.
I wrote up my thoughts on why I think this is a solved problem for most FOSS-first home labs.
Nice, something running in an eBPF context with a blob in the middle, what could go wrong …
Also there are already a lot of binary blobs in the kernel, that also makes me nervous a bit.
You can compile your own kernel, you know?
I’m speaking about the firmware and other blobs that are there because devices wouldn’t work without it.
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/WHENCE