How long can you trust Kernel auditing?

[Arnardo]

Linux Foundation is these days cooperating with whatever evil bringing a bag of money and they do not approach Linux Foundation due to a wish to help nor contribute, but to infiltrate and control. A untold story about Microsoft in the early days is that a HIDDEN HAND assisted the success by buying their way into competitors and sabotaging them from the inside, pawing way for the worlds most advanced surveillance and control grid ever constructed by mankind.

Now Linux Foundation are selling out the trust like a spineless Judas...

It seems Linux users are not really up to date on whats going on with LF as they now cooperate with Google, Microsoft and most Big Tech companies that even the US Congress is warning about. The latest addition to this is Goldman Sachs, and that is the devil of devils, but yet LF takes their hands and as for me, I can see whats coming and that is the infiltration and then the control of the Kernel auditing and out the windows goes privacy and security.

Its my bet that Linux will be just as Big Tech controlled like Windows is and users in their right mind will jump the ship.

It might even be done already, and I have predicted like 20 years ago that UPDATES you receive from Microsoft will be PERSONALIZED in the sense of lets say your against Kamala Harris and your become a important voice, your update will have negative effects on your computer, the performance and real time surveillance.

Now it will start with injecting backdoors into users no matter what distro you use. The kernel is the central point to do just that.

I am so sorry to see NO debate on this and that the communities are not all up in arms.

Those in the LF gets rich and you sold... If you dig into LF, there is no way one can not understand what is going on.

https://linuxfoundation.org/en/press-re ... mate-data/

[April]

Interesting read .
I have noticed in Australia using an Opera browser which sets up a VPN (viirtual private network) that the loading speed of sites on my computer slows down to probably 10 seconds for Facebook ,Google,Utube,GitHub, or anything controlled by Google. Thats if I set the VPN to USA.
If I set it to Asia or Europe its a second or two .
I more though that was probably some Chinese intervention with the cable links being they are not real fond of the Yanks at this time..

[perdido]

"Today, Linux Foundation announced that Goldman Sachs has joined its cross-industry coalition seeking to shift global investment toward zero-carbon emissions through the development of comprehensive data sets and evaluation tools that are available to all. We expect Goldman Sachs to provide critical expertise in climate risk, product development, and financial reporting that will result in better tools to help all companies, asset managers, and investors more consistently and effectively evaluate progress against decarbonization goals.

“The world needs comprehensive data to meaningfully address climate change, and this diverse coalition is attacking a key shortcoming of so many efforts to make progress,” said Goldman Sachs Group CEO David Solomon."

[mikeslr]

Trust, but verify.png (353.06 KiB) Viewed 541 times

Perhaps I'm an optimist. But I think Goldman Sachs' involvement may be a hopeful sign or at least a realization that we, as a Global Community, have reached a consensus and Goldman Sachs has decided "if you can't beat them, join them".

Currently, Money is the 'life-blood' powering most Human activity. How Money is created, taxed and invested determines into what activity and to what extent it will flow. The Financial Industry --including Goldman Sachs-- can only power its own activity by siphoning off a portion of the Money it acquires from others (investors) or the profits made by investing that money into ventures which return more money than the amount invested. Goldman Sachs can be either a symbiot or a parasite: directing and influencing the flow of money in such a way as there will be profits to share; or just drawing down for its own purposes money which came under its control.
There is money to be made in any change. There will be a great deal of money to be made in 'Going Green': new industries to be created; maintained and managed; new infra-structure to be built, maintained and managed.
Goldman Sachs wants a part of that. It has a great deal of expertise when it comes to evaluating a project's potential. And there are many potential investors who place their trust in that expertise. So I'd rather have Goldman Sachs with us, than 'agin' us. But, like any good Bookie, it also has a great deal of expertise in being able to profit without regard for who else wins or looses.
Trust, but verify.

[mikewalsh]

My personal view is (and has been for long enough) that anybody who honestly believes that Linux can remain a solitary bastion of freedom in this globally-interlinked world for very much longer is doing one of two things. Either:-

• Viewing the world through heavily rose-tinted spectacles, or

• Living in "cloud cuckoo land".

In both cases they need to wake up, smell the roses (for real), and sense the way the wind is blowing....

(In all honesty, if we DID decide to 'jump ship', where the hell would we go? Not into Redmond's or Cupertino's arms, that's for sure. In the case of the former, I'm not daft enough, or desperate enough....and as for the latter, I'm not daft enough OR rich enough!!)

(*shrug*)

Mike.

[wiak]

Once Red Hat came along, Linux basically became a commercial product, and more so as Red Hat grew in prominence/influence such that many innovations in Linux come from Red Hat development engineers (hundreds of engineers and more...). That Linux development control is solidified via the Red Hat Certification programmes, which dominates Linux instruction in the tertiary education system around the world. Other Linux teaching programs and alternative Linux certifications are insignificant in comparison to the likes of "Red Hat Certified Engineer" (RHCE) and "Red Hat Certified System Administrator" (RHCSA): https://www.redhat.com/en/services/certifications

Red Hat sponsor community Fedora builds, but in reality they manage it and provide the engineers - who work alongside the community volunteer open source developers, but really it is still Red Hat creating that. Ubuntu is another commercial product - just uses a different strategy for its promotion and place on the various Linux development steering 'committees'. Debian is small fish in terms of Linux development really - it just implements its distributions with an eye on removing 'non-free' sources from its main repos. We all follow the upstream leaders, a process which is mainly steered by commercial Red Hat (and certainly not by GNU).

Yes, a few minor distro communities (such as Devuan) try to avoid systemd. Debian doesn't, which says it all really.

In Puppy land we live in a GNU dream world of believing we inhabit the moral high ground of open source freedom. The way it is imagined here has never existed or at least it has not existed for many many decades. Puppy itself primarily relies on upstream repos nowadays. Silly thing, in my opinion, is that it relies on these upstream repos but modified its earlier package manager to first transform the upstream package formats into PPM-compatible format prior to installation rather adopting both the repos and the appropriate package-manager that could already correctly use these repos. Unfortunately that means there have been constant Puppy PPM issues with correct dependency-resolution and compatibility more generally - upstream repo package managers had already been accurately designed for handling their repos (of course).

BarryK's original Puppy's had their own repos and thus it made sense (was necessary) back then to have own package manager - but once upstream repo(s) adopted it was surely a bit silly to not use the related carefully-designed-for-repo package manager(s)? Was that a 'pride' issue - where it was accepted that upstream repos needed to be adopted but worry that adopting the related package managers might make it obvious that Puppy was no longer really an independent distro either? Note that both tinycorelinux and Slitaz continue to use their own independent package managers, but that is because they maintain their own independent matching repos. Anyway, no Linux is independent - we all follow the upstream leaders and end up having to go with the flow, to a large part, since we cannot redesign Linux at this level.

There is a certain amount of flexibility however - choice of window manager and which upstream repo and so on... You can also write some of your own system-glue-it-all-together scripts and (if unwise) adopt somewhat different filesystem hierarchies - that latter can (easily) be unwise since it can create incompatibilities (with upstream repo package organisation) and side-effects that reduce stability and often simply doesn't work... Nevertheless there are some workable filesystem hierarchy alternatives - for a particular repo package organisation (such as the way Arch does it compared to how Debian used to - Debian seems more recently to be adopting Arch's approach however).

You couldn't trust any computer OS at all if that relied on believing in one man being the auditor. Believing Linus looks (looked) after such a complex system on his own was also just a dream.

[ozsouth]

@mikewalsh - if truly desperate, could try the BSD rabbit-hole: OSX is derived from FreeBSD. Netflix apparently uses that too. There is a more desktop-friendly derivative in GhostBSD. I ran another derivative (FreeNAS) for a while about 12 years ago. Is linux like, but should dedicate a separate machine to it to try it out.

[tony]

Hi Mike,

after using puppy linux for almost as long as Barry, I now feel that the era of open software is coming to an end.
I recently posted how I got my Laserjet P1102w to print.
I had to go to an un-certificated site for the information. Within a few hours the whole puppy site went down over certificate issues.
Perhaps pure coincidence, but are certificates being used to prevent linux going against the commercial interests of big players?

I use a Raspberry Pi4 running Raspup. This in itself is a threat to the big players.

Regards Tony.

[mikewalsh]

@wiak :-

You couldn't trust any computer OS at all if that relied on believing in one man being the auditor. Believing Linus looks (looked) after such a complex system on his own was also just a dream.

I think it's an indisputable fact that he DID write the very first Minix-based kernel all on his own. But look how small it was; how little hardware it supported.....and how little system 'integration' it possessed. I believe I read somewhere it was all of around 10,000 lines of code (even some of our Puppy coders have turned out bash scripts of well over 1000 lines of code. One I was looking at just the other day had around 1400 some-odd lines). What is it today.....greater than 30 million +?

I agree. No way could that be maintained by any one individual.

Mike.

[mikewalsh]

@ozsouth :-

Oz; I've considered BSD, on & off. I even downloaded an ISO of FreeBSD a few years back, and had a go at installing it. What put me off was the fact it was entirely text-based - like Clonezilla! - and very old-fashioned, at that.....

I might take a look at GhostBSD.....if I can ever summon up the enthusiasm.

Mike.

[mikewalsh]

@tony :-

Perhaps pure coincidence, but are certificates being used to prevent linux going against the commercial interests of big players?

Mm. It's possible, I suppose.....but it's an action that smacks of sheerest hypocrisy. Look how many of the buggers are using Linux to power their own 'back-end' operations.....

Mike.

[ozsouth]

@mikewalsh - I tried GhostBSD MATE live usb today - not bad, but 2.5Gb. They use the FreeBSD series 12 kernel, so may aid the OP's concern.

[user1111]

I use a Raspberry Pi4 running Raspup. This in itself is a threat to the big players.

https://www.jeffgeerling.com/blog/2020/ ... spberry-pi

What does Nvidia buying ARM mean for Raspberry Pi?
.
.
But it is a little sad to see a plucky British computer manufacturer, the Raspberry Pi Foundation, who used a CPU architecture built by another long-time British computer manufacturer, have to now say they're using tech licensed through a US company

[bigpup]

More important, every Raspberry Pi ever made is powered by a System on a Chip built by Broadcom, with ARM-licensed cores.

Maybe in the future.
A PI will use a ARM chip made by Nvidia, broadcom, Intel, whoever offers the lowest price for the chip.
I am sure Raspberry PI decided to use a Broadcom chip because it was the lowest priced. But is it the best featured one?
All Nvidia is really buying is the rights to the architecture ARM licensing and a lot of people, that have development knowledge.

[wiak]

What does Nvidia buying ARM mean for Raspberry Pi?
.
.
But it is a little sad to see a plucky British computer manufacturer, the Raspberry Pi Foundation, who used a CPU architecture built by another long-time British computer manufacturer, have to now say they're using tech licensed through a US company

ARM chips were designed in UK, but Softbank (Japanese conglomorate) bought over ARM albeit with promise to keep its base in the UK. I read that the Nvidia takeover is under threat anyway cos of UK and EU 'concerns' - China is even more concerned since if ARM becomes 'owned' by Nvidia, a US company, the likes of Huawei could face even more problems getting chips because Nvidia wouldn't be allowed to sell them to China if sanctions still in place.

[8Geee]

ARM/Pi4 has gone the way of 64-bit "Out-of-Order" execution to go faster. The old 32-bit Pi's use a chip with in-order execution. It seems that any 4-core+ chip is NOT in-order execution. BTW, my Atom cpu slows a bit and hesitates a bit more these days (32-bit in-order 1-core). Uploads/downloads OK, but webpages turtle.

Regards
8Geee