Botnet, but it isn't botnet

Ian Carter
Ian Carter

Botnet, but it isn't botnet. There was a thread a while ago outlining this problem: 'propietary' free software, FOSS that is too big to be properly maintained, modified or audited, and as such, provide temporary or even permanent backdoors, or vulnerabilities exploited by many agents. The best example of this is Poetterware; software coming out from Red Hat aiming to standardize the GNU/Linux desktop experience, carrying all this baggage with itself for no practical reason concerning the end user, and often written in part or in whole by Lennart Poettering.

In this thread, I'm asking for a bit of a clarification on a few examples of what is and isn't, as well as tips to recognize, avoid and replace it.

What everyone here agrees about:

systemd

I don't need to say anything about this, we've heard about it for years. It's obvious.

Avahi

Something something about needing no configuration when networking.

polkit

Allowing users to turn off the computer without admin privileges, among other things.
Why not just use the suid bit?

NetworkManager

Using wpa_supplicant and dhcpcd is a breeze, why bother with this.

Pulseaudio

This piece of software was memed on by many people because it simply did not work, but is it really that bad? The fact that Poetter wrote it already makes me allergic, but I'm not too well informed about its code quality. It does "just werk", but who knows how much shit it needed to just work.

What I am not sure about, but most likely is:

D-Bus

D-Bus was released quite a while ago. Is there really a need for this? Programs depending on this are systemd (and elogind), big DEs and icon trays, among others. Hadn't had to depend on this until I used elogind.

Then there's the other stuff Red Hat's been up to, like the countless patches they've been getting mainlined into the kernel, and things like KVM, which actually are useful and even surpassing the performance of many propietary solutions.

What's the deal with udev? Why is that inside systemd, too?

Other urls found in this thread:

github.com/seL4/seL4
genode.org/
genode.org/documentation/general-overview/index
genode.org/about/road-map
forums.gentoo.org/viewtopic-t-1084252-postdays-0-postorder-asc-start-50.html

James Brown
James Brown

The only things missing on your list are GNU and Linux. Even GnuPGP is bloat for an OpenPGP implementation, and is indeed not properly maintained.

Henry Ortiz
Henry Ortiz

Okay smarty ass pants, I need a kernel that has decent hardware support, name me a few.

Jose Lopez
Jose Lopez

I use GNU and Linux, I was just stating that they're just as bad as systemd (which i dont and never have used).

John Campbell
John Campbell

just make something better then if you think that its so easy.

Landon Fisher
Landon Fisher

it _is_ easy and I am

Leo Mitchell
Leo Mitchell

Botnet and forced poz is totally fine, as long as it isn't written in C brain damage.

Jace Hall
Jace Hall

Botnet, but it isn't botnet. There was a thread a while ago outlining this problem: 'propietary' free software, FOSS that is too big to be properly maintained, modified or audited, and as such, provide temporary or even permanent backdoors, or vulnerabilities exploited by many agents.
It's the users, stupid.

When there's a horde of retards praising every shit design decision you make it's easy to stop caring about quality and think you can do no wrong. However, a developer is only as good as his critics. People try to count downloads and say the software is good but consensus doesn't tell you the truth, just everyone's own headcanon. One intelligent opinion is honestly worth a hundred idiotic ones. Even people who are completely reclusive in effect have a single critic; themselves. Some people may be pretty good at self-criticism but ultimately it won't hold a candle to an intelligent body of users. You need to be making your software for use by smart people, not retards. Obviously you can't stop retards from using your software, and you wouldn't want to. But must be conscious at identifying retards and disregard any sort of feedback or though they have on your work, instead of just taking the most brainless sycophants and making them mods in your support forum. If more distro maintainers followed this logic we wouldn't have the problem with systemdicks, if Poettering followed it systemdicks wouldn't have been so shit.

Jackson Bennett
Jackson Bennett

based

Adam Myers
Adam Myers

dbus
This one actually has a use, as an ipc. The reason most schizos get paranoid over dbus is that as a daemon it's default behavior often contests with other init systems that aren't systemd, as well as being able to hold connections between other programs literally what a ipc is designed to do
Some claim that it holds root privilages and spies on you but this isn't true at all, it does, work with policykits like consolekit and polkit to give permisions on programs that would normally need root, but most of that is on the policykit, dbus is only acting as a inbetween, which, is it's job.
There is a large problem in dbus where it is often used and hard depended on in situations where it really should be optional, most graphical applications use dbus but many can work without it.
gtk+3 works perfectly fine without dbus, it's manditory for most people because the devs are clinicly retarded and just keep ipc and debug in their code without any attempt to clean it up.
Dbus works well for developers of GUIs and similar systems where ipc is needed, but shouldn't be manditory if the dev is smart.
Problem is, most DE developers are clinicly retarded. The proves bad when you realise that 90% of gui applications are made by DE devs.
The few that aren't might end up taking the lazy route and using some bloated framework, which is even worse.

Dbus isn't going to kill you, it's just the left over cruft of debug that is being pushed on users because their to lazy to use something better.

Isaiah Ross
Isaiah Ross

Avahi is based on Apple's Bonjour software. I don't know why it comes enabled on many Linux distros. It's a security risk.

Joseph Richardson
Joseph Richardson

OpenSSL- overly convoluted code leading to multiple vulnerabilities

Ian Young
Ian Young

rolling for hurd

Logan Collins
Logan Collins

Dubs of truth

Sebastian Richardson
Sebastian Richardson

If you look into the differing family of IPC botnets you find that zeromq/tango/corba are not only connected to dbus, but are what dbus based its design upon. The code quality of dbus is shit. Its uneccessary attack surface on a system as you can run a dbus free system with powermangement just fine. To top it off dbus allows access to programs that allow privledge escaltion think that remote dns exploit in systemd, or if devious your fonts. as a standard procedure since dbus has a API and it is by design an IPC. All IPC's are shit but dbus has interoperability with most of the linux/systemd userland, and even some non shit programs that got dbus forced upon them. Just remove dbus.
Actually dbus does hold root privledges as it is mandatory in order to use it to launch it as root and then launch it again for each user. This is order to manage namespace seperation on a machine/cobra instance that has many users. But even so dbus itself doesn't get used as a exploit, its just the deliveryman once the exploit is on your system via remote code execution like javascript. Also see gdbus, the glib form of dbus.

Hudson James
Hudson James

Oh and OP font management and fonts libraries can be added to your list. Instead of just downloading one font and placing it in a folder to your liking your have at least six libraries, fontconfig, pango, cairo, freetype, harfbuzz, poppler, and fontforge. fontconfig and fontforge do the same thing, provide a .so library to manage fonts. Pango, cairo, and harfbuzz all do the same thing with differing levels of bloat, they render your fonts. And freetype is a font specification library. Most GNU/linux GUI programs request pango's pangocairo library built with freetype support which also makes fontconfig.so calls in its code for some reason like UUID marking your fonts or something like that. They are all inseperable without breaking gtk2/3 and random applications that depend on pango. Its fucking bloat and uneccessary to have all those libraries just to render fonts, why do I need three seperate renderers, one of which has pdf!?!?! support built in which is a huge security vulnerability.

Julian Powell
Julian Powell

pulseaudio
Pulseaudio sucks. I still have problems with it. Sometimes it won't play through. Sometimes it won't record. Sometimes it has high pitched beeps. Sometimes the volume control will sap 30% of my cpu if it's left open for a while (>1 hour).

It's just crap all and all. It doesn't solve any problems. It causes problems.

Grayson Barnes
Grayson Barnes

Works for me

Christopher James
Christopher James

NT

Joseph Murphy
Joseph Murphy

everything works so much better when i removed those things from my computer. no more gpu hangs or anything now.

Noah Murphy
Noah Murphy

NT
I think he meant a kernel that is secure, don't have spyware or backdoors in it and which you can use without Windows.

Dylan Martinez
Dylan Martinez

Quality post.

I actually like that my programs don't "smartly" talk to each other behind my back. Every time I copy something to a communication program I low-key fear that I paste and send something embarrassing/compromising by accident.
Are you implying that GTK3 can be easily de-dbusified? I'd be VERY interested in that, avoiding GTK3 has been pretty difficult and expensive so far.

Poppler is a font library? I thought it was just a fork from xpdf. It is a piece of shit though and it's really unnerving how ~every PDF in Linux land goes through it.

Evan Ramirez
Evan Ramirez

firefox

Logan Robinson
Logan Robinson

Windows New Technology?
More like Windows Nigger Technology.

Samuel Butler
Samuel Butler

Please learn the difference between bloat and botnet, thanks.

Systemd and the rest of poettering's shitty software is still free and open source at the end of the day. Point to the file and line number(s) of the botnet or fuck off with your shit thread.

James Cruz
James Cruz

Your success doesn't negate his failure.

Liam Butler
Liam Butler

But systemd has some botnet feautres, for example using google DNS servers by default and it is developed in a manner, that let's someone exploit it. Plus being viral. As far as I remember systemd also has double licensing. If the second license is bsd-like, then they could start slowly add nonfree dependencies, just like Google did with Android.
So even if systemd isn't botnet now, it has a huge potential to become a botnet.

Point to the file and line number(s) of the botnet or fuck off with your shit thread.
Not him, but why didn't you saged then?

Luke Ortiz
Luke Ortiz

Don't kill me if this is not the proper board to post.

On qresearch board, I now have to access the current board thru Index. Was able to post, but now am not.

Other info. Occasionally, have been blacklisted for a few days for sending info that may have a "blacklisted" address or link to same with info.

Now, I get this - pic related, and it does not post. Do you know why? Help greatly appreciated.

Attached: 8ch-posting.png (130.81 KB, 1265x480)

Colton Gray
Colton Gray

reddit spacing
GTFO

Robert Turner
Robert Turner

what the hell is reddit spacing?

Mason Hall
Mason Hall

Thanks so much for your ugly response. Now I know not to come here again to the AZZeZ NO HELP board.

Sebastian Wright
Sebastian Wright

kys

This is not the Zig Forums support board. This is the technology board. We LARP all day on here. If you're not here to LARP, GTFO.

Josiah Sullivan
Josiah Sullivan

Pulseaudio
but is it really that bad?

Attached: dc09737fdc445aaffc79e77ad610ab0ff407ace417eae2b7ad7836f6e16c569b.jpg (48.64 KB, 610x350)

Gabriel Taylor
Gabriel Taylor

fuck off boomer scum neck yourself

Kevin White
Kevin White

Basically, double-spacing and overusing newlines.

Adrian Parker
Adrian Parker

unnerving how every pdf in linux goes through it
Actually there's a alternative that is a standalone pdf renderer and creator that is a single small c library that beats poppler/libreoffice bloat by miles. Its updated to this day. Have a hint, its not xpdf based, μῦ
dbus free gtk3
install gentoo. No seriously, if you install gentoo you can have all the major graphics libararies without dbus if you find the right ebuilds.

Michael Lewis
Michael Lewis

Using wpa_supplicant and dhcpcd is a breeze, why bother with this.
you sure? looks kinda fucky compared to even nmcli

Nathaniel Green
Nathaniel Green

Since this is essentially an anti-bloat and shitty software design thread, I'll go ahead and shill seL4 and Genode again

We need something better than all the Win/Mac/Linux shitware we have now. Software nowadays is unmaintainable and bloated as hell. The answer is a secure microkernel OS with formal verification and a clean codebase with minimalism and isolation in mind.

At this point, pretty much everything can be hacked. Our cars can be hacked (which will become even more serious with the self-driving ones). Everything is connected and sending signals. The IoT is coming.
This wouldn't be such a problem if the software was actually designed properly

It's impossible to truly know how many bugs are in our code, but a general rule of thumb is that for every thousand lines, there are about one to five bugs. That sounds reasonable... until you realize how fucking massive codebases are. The Linux kernel is in the tens of millions now, and Bluetooth alone is hundreds of thousands. As system complexity goes up, the security goes down.
It's not just macroshit. It's Loonix too.

Yeah we could patch stuff, and we do. Oh we certainly do, but with our massive codebases, there are massive amounts of bugs. Eventually a vulnerability comes out, which prompts devs to actually do something about one, so they patch it. Yay, we removed one bug! Except in the process of patching, or in the process of continuing to maintain the program, we just introduced another bug. And the cycle continues...
Sure we could use firewalls, but that doesn't treat the problem at the root. It only mitigates our issues. Actually it barely does that, because our firewalls also run on big vulnerable operating systems with millions of lines of code, often the same ones we use on our normal systems.

And no, the AI and machine learning memes won't help. They're the same shit as firewalls. They run on a broken foundation, and once again don't actually treat the core of what's wrong.
We need an operating system running on a trustworthy kernel, one that isolates processes based on whether they are critical and trusted or not. What is malware? What is malicious activity? A common definition is a program that does something that the user does not know it will do, does not expect, is not documented or specified. Therefore, a trustworthy program is one the conforms exactly to its specification, does things in a timely manner, and ensures that things will be executed securely. We need to think of this the same way we think of network security. There's the ideal of zero trust. We don't allow traffic in unless it is confirmed to be safe. Whitelist instead of Blacklist. In the same way, a system must be considered untrustworthy unless proven otherwise.

Enter, SeL4, the provably secure operating system kernel. This little fucker is only 10k lines of C and ASM. This gives it a really small attack surface and means it can be verified FULLY. Now I know what you're thinking. "Oh but it's a MICROKERNEL! They're so slow they're a failed academic meme just look at muh mach!"
Mach was like four decades ago at this point. Microkernels have progressed a lot since then. In fact, they can be really, really freaking fast.
This one in particular also makes use of capability-based security. It may be small, but it doesn't take shit from anyone. Non-kernel code can only access stuff if it's explicitly allowed. If not, tough luck, CIAniggers.
There can be unprivileged code, but it certainly shouldn't be anywhere near the kernelspace. That's the privileged core of the operating system, and we need to keep it secure.

And to hammer that point home about the developments, see this lovely chart of the microkernel innovations stemming from the original L3 and L4. This stems all the way back from 1993, and has gone in so many interesting directions. From ports to MIPS and Alpha, to inspirations off into Fiasco and Pistacho, the latter of which has variants seen in Apple and Qualcomm products. seL4 is just the latest and greatest in this line.

Sauce code here
github.com/seL4/seL4
An operating system that can utilize seL4 and other microkernels of this type.
genode.org/
A look at its architecture
genode.org/documentation/general-overview/index
Road map. This year they plan to work on making it usable for common use cases.
genode.org/about/road-map

Attached: sel4.png (145.71 KB, 1164x869)

Gavin Brown
Gavin Brown

i like them. they just work unlike many network managers. the settings wont just change randomly like they do in the network managers when they get updates. used to use ubuntu and a dist-upgrade somehow installed two network managers because i had connman but the maintainers decided that the package manager should force install networkmanager too and it also has the wait-online systemd unit enabled by default so your system wont ever boot if you dont have a working connection.

Carter Powell
Carter Powell

NM is just a frontend to wpa_supplicant. Wpa_supplicant already has a builtin frontend for the GUI called wpa_gui, or wpa_cli if you prefer. Dhcpcd is just one command that executes unless you want to do something weird with dhcp in which case just read the manpages. Why do you need two frontends to the same library you stupid bloated normalfag?

Dominic Turner
Dominic Turner

pic related the "lovely chart"

Attached: lovelychart.png (248.71 KB, 1196x798)

Jaxson Thomas
Jaxson Thomas

How is software support though. Can I use a sel4 OS as a daily driver? What is it Luke to use?

<i.MX
sel4 on Librem 5
Oh baby!

Jaxon Hughes
Jaxon Hughes

Their focus for this year is making it more usable as a daily system. For programs that haven't been ported yet, there is an option to run virtualized Linux (tinycore to be precise, afaik) in isolation from the rest of the system, so a bug or vuln in Linux won't be able to touch the rest of the system
I haven't tried it in a bit. Will download shortly and see what's up

Matthew Roberts
Matthew Roberts

So if someone wanted to switch from gentoo to running gentoo in a tinycore instance ontop of SEL4 how would you go about it? Is there even a install/compile guide somewhere for SEL4?

Let's say I were a dev. How would I port drivers from linux to SEL4? Is there a guide? How would I port programs to use SEL4's equivelence of system calls in linux as to make them SEL4 compatible? Wheres the docs?

Hunter Gomez
Hunter Gomez

Are you implying that GTK3 can be easily de-dbusified?
Yep, theres a patch that exists for this.
You'll need to compile it though, since no distro that i know of has it officially packaged like this in their repository.
If your using gentoo, you can add the flussence overlay and mask everything that isn't gtk+:3.

John Ross
John Ross

q
Off yourself with semen

Luis Flores
Luis Flores

There's a patch for gtk+2 if you don't use that overlay.

Mason Allen
Mason Allen

old thread here >>969082

Jonathan Russell
Jonathan Russell

forums.gentoo.org/viewtopic-t-1084252-postdays-0-postorder-asc-start-50.html
upstream actually allowed you to disable it for a while but then GNOMEfags threw a tantrum and reverted it again
ever since everyone is stuck with dbus
Jesus fucking christ, I shouldn't even be surprised at this point. How can such a big group be so ridiculously incompetent?
Anyway, thanks. I was actually considering to move from Firefox to Lynx because the new versions need GTK3, but now I can update. But after taking the lynxpill I'll probably keep using it for a lot of things.

Lincoln Allen
Lincoln Allen

unbased

Zachary Gomez
Zachary Gomez

cringe

Noah Baker
Noah Baker

unbased

Jace Smith
Jace Smith

why do people install distros like gentoo or others that dont have systemd but then also want to use crap like gnome or other shit thats trying to depend on as much bloat as possible

Austin Thomas
Austin Thomas

nigger

Tyler Watson
Tyler Watson

why do people install distros like gentoo or others that dont have systemd but then also want to use crap like gnome or other shit thats trying to depend on as much bloat as possible
Maybe because GNOME is convenient for them? When I realised GNU exists and that Mint is driven by open sore idiots, that don't care about security (by using systemd), I decided to switch to Devuan, because Debian-based distributions was all I knew. After I switched, I wanted evertything to work just like on Mint, but it didn't - everything was broken - including cinnamon, so I installed i3-wm. Now I don't need Mint, cinnamon, nor systemd, but I can understand, some people want to have the software, systemd took away from them, even after switching a distribution.

Tyler Young
Tyler Young

unbased

Matthew Bell
Matthew Bell

In case you're talking to me (>>1051872), I don't have GNOME shit anywhere on my system by choice. The only reason I'm even considering GTK3 is because the retards at Mozilla dropped GTK2. It only saved them something like a mere thousand lines of code too, I swear open sores retards just get off on breaking shit for no reason.

Caleb Torres
Caleb Torres

Pulseaudio is actually not nearly as bad as it used to be. It can actually be pretty useful for some things.
The rest, however, I agree are bad. I'm not a Suckass-tier minimalist, but those programs are all way too large with respect to what they should do, not to mention that they are completely unnecessary for 99% of desktop users. And yes, better alternatives exist, which are not only lighter and smaller, but also offer more and better functionality.
The most glaring case is NetworkManager: connecting to WPA2/Enterprise networks is unironically harder than just using wpa_supplicant+wpa_cli, for instance. I see zero reason to use it.

Ryan Long
Ryan Long

a mere thousand lines of code
This line captures everything wrong with modern software.

Christian Gonzalez
Christian Gonzalez

It's Firefox we're talking about, 1000 is (unfortunately) nothing there. Which makes this reason for removal all the more ridiculous, god knows how heavy all these stupid ad """features""" they keep adding are.

Ian Clark
Ian Clark

not really specifically about you. its just that i have seen those people so many times. they install some nice minimal systemd free distro and then wonder why shit like gnome does not work properly. those people can be seen on the distro irc channels almost every day with their questions about why some bloated systemd dependent thing is not working properly

David Hall
David Hall

Pulse audio
Is it really that bad
Literally had to uninstall and reinstall it like some windows garbage the other day.

Hunter Cooper
Hunter Cooper

what do you mean by saying 'bsd-like' license?

Joseph Bennett
Joseph Bennett

MIT or BSD. Mostly interchangeable.

Carter Stewart
Carter Stewart

And the USE flags.
It's the (((diversity hires))). A guy on plebbit complained that south americans and (((rainbowhairs)))/(((diversity hires)))/women (that could be of one of those groups) can barely do a sandcastle or inflating balloon challenge (and another one) at the guadec. (What odd challenges. They look irrelevant except for a coding powress demostration), and yet they are tasking them with more and more complex ones, hoping to hire them (and probably doing so because gnome is brainless).
meganigger bot

Kayden Miller
Kayden Miller

I forgot to menction that the guy's comment got removed because of "racism". Iirc it was on the main linux subplebbit.

Connor Peterson
Connor Peterson

In my time with Gentoo i never tried ungoogled-chromium. I wonder how is it like compared to (((pozfox))).

Grayson Watson
Grayson Watson

We already have several superior solutions, Lennart.

Adam Gutierrez
Adam Gutierrez

Then there's no problem. Those superior solutions should be superior and you can completely ignore systemd.

Benjamin Johnson
Benjamin Johnson

As far as I know Chrom* straight up depends on DBus.

Daniel Davis
Daniel Davis

what do you mean by saying 'bsd-like' license?
Sorry I should say non-copyleft.

Austin Young
Austin Young

You can use the term "permissive free software licensing". The term of permissive refers to the fact that distributors have permission to fork the free software into a proprietary software project.

Joshua Evans
Joshua Evans

(((>>1052153)))
(((unbased)))

???

Brody Wilson
Brody Wilson

HAPAS ARE SUPERIOR TO WHITES

Christopher Diaz
Christopher Diaz

HAPAS ARE SUPERIOR TO WHITES

Adrian Parker
Adrian Parker

HAPAS ARE SUPERIOR TO WHITES

Asher Wright
Asher Wright

HAPAS ARE SUPERIOR TO WHITES

Robert Watson
Robert Watson

Yeah, fuck off boomer. Nobody cares.

Ayden Ward
Ayden Ward

tfw no qt black gf

Carson White
Carson White

Yeah, fuck off boomer. Nobody cares.