Closed Nurmagoz closed 5 years ago
dawidpotocki
commented
5 years ago What does it give that others don't? It still primarily uses linux-libre and there are already listed free OSes like Debian and Trisquel. Hurd will never get out of beta (they started development in 1990) and there are not a lof of benefits to running it. Guix package manager by itself from what I know can be installed on any distribution.
claudiojulioferraz
commented
5 years ago What does it give that others don't? It still primarily uses linux-libre and there are already listed free OSes like Debian and Trisquel. Hurd will never get out of beta (they started development in 1990) and there are not a lof of benefits to running it. Guix package manager by itself from what I know can be installed on any distribution.
"Guix System Distribution (abbreviated GuixSD) is a Linux distribution built around the GNU Guix package manager. It enables a declarative operating system configuration and allows reliable system upgrades that can easily be rolled back. It uses the Linux-libre kernel, with support for the GNU Hurd kernel under development" Wiki
"If you don't use GNU Guix as a standalone GNU/Linux distribution, you still can use it as a package manager on top of any GNU/Linux distribution. This way, you can benefit from all its conveniences. Guix won't interfere with the package manager that comes with your distribution. They can live together." Site Guix
blacklight447
commented
5 years ago My question is this, what does guix bring privacy wise over the already listed distros.
claudiojulioferraz
commented
5 years ago The Arch is full of blobs and is still listed. What exactly is in these firmwares? Nobody knows. It should be removed and replaced by GuixSD. In GuixSD you can install a lot of software as they get isolated. Debian and Tristel do not have this by default (without schroot ...).
"In Guix, the package build and installation process is seen as a function, in the mathematical sense. That function takes inputs, such as build scripts, a compiler, and libraries, and returns an installed package. As a pure function, its result depends solely on its inputs—for instance, it cannot refer to software or scripts that were not explicitly passed as inputs. A build function always produces the same result when passed a given set of inputs. It cannot alter the environment of the running system in any way; for instance, it cannot create, modify, or delete files outside of its build and installation directories. This is achieved by running build processes in isolated environments (or containers), where only their explicit inputs are visible." Guix doc
GuixSD is the most advanced stable operating system in existence. You can declare how you want the system to be, and the Guix package manager builds it for you. Enough of breaking the system and having to install and configure all over again. Embrace progress. Long live the GUIXSD.
blacklight447
commented
5 years ago If arch would be the problem, then we should perhaps list parabola. Also, we don't have a mandatory open source policy (but we do have a big preference for it).
claudiojulioferraz
commented
5 years ago I understand. I find it hard to have more privacy without open source. But I think your proposal to change Arch for Parabola is very correct. GuixSD could be included in place of OpenBSD, as its policy allows blobs.
How to have privacy if you do not know what runs on your machine? I doubt most users will configure their firewall to block unopened software. By the way, imagine a network firmware with closed source. Who guarantees without verifying that it is not violating privacy?
blacklight447
commented
5 years ago I'd first ask how far you would like to take it. Take libreboot for example, they go so far in their open sourceness that they don't include microcode updates, which means no security updates. Would it be a good plan to own the proprietary software industry and protect your privacy by forcing yourself to run outdated insecure code? Perhaps not. While its generally a good thing to know what your system runs, and it generally helps you enhance your privacy, just because code is closed source, doesn't always mean its bad for you.
Edit: about your suggestion on openbsd, we actually already have an open ticket to replace it with libertybsd, which is ticket #929
claudiojulioferraz
commented
5 years ago Right. In a perfect world everything would be open source. But unfortunately we do not live in one like this. Sometimes we have to be pragmatic. But if open source software won't cause a headache, why not switch to it? I see that this is the thinking of your team. Congratulations and thanks for your awareness efforts.
Edit: Do not worry. I just find GuixSD a good system and a great alternative.
dawidpotocki
commented
5 years ago If arch would be the problem, then we should perhaps list parabola. Also, we don't have a mandatory open source policy (but we do have a big preference for it).
It is already listed. Btw Parabola does not package some software that is free, like Chromium or qt5-webengine, because they believe it is not.
ghbjklhv1
commented
5 years ago My question is this, what does guix bring privacy wise over the already listed distros.
@blacklight447-ptio Many reasons:
https://www.wikipedia.org/wiki/GNU_Guix#Features
Reproducible Builds are an essential piece for this adding security.
Plus, as others have said it is Libre and has WIP support for GNU Hurd.
Also, we don't have a mandatory open source policy (but we do have a big preference for it).
Sort of, you do have some:
https://github.com/privacytoolsIO/privacytools.io/blob/master/.github/CONTRIBUTING.md
Because, although very few rules exist there are a few like Contrib OSes must be marked and whatnot. Saying no policy is a bit of an understatement.
Would it be a good plan to own the proprietary software industry and protect your privacy by forcing yourself to run outdated insecure code?
To most people? Yes.
To elaborate, when most people say bugs like these they mean something like outdated kernel. Outdated kernels aren't an issue in Linux Libre, as it is Linux-based and actively developed.
We do not know if it is more secure, so if I must run outdated code so be it. You can run your OS in a VM if you have to, this will fix some issues.
There really aren't very many system critical fixes not supported by Linux-libre.
Libreboot, is basically well documented Coreboot. Coreboot did have some issues, but is now safe to use for most systems (see system status): https://coreboot.org/status/board-status.html As I recall, AMD even officially supports them.
Drivers are the only other piece I can think of that might have a security benefit. Can you show me an example of where this was an issue?
ghbjklhv1
commented
5 years ago If arch would be the problem, then we should perhaps list parabola. Also, we don't have a mandatory open source policy (but we do have a big preference for it).
Parabola is listed:
https://www.privacytools.io/operating-systems/#os
As for Qubes OS: https://github.com/QubesOS/qubes-issues/issues/5163
dawidpotocki
commented
5 years ago
- GUIX Package Manager has a lot of cool features:
https://www.wikipedia.org/wiki/GNU_Guix#Features
Reporudcible Builds are an essential piece for this adding security.
It's not the only one trying to have builds reproducible.
https://wiki.debian.org/ReproducibleBuilds https://blog.netbsd.org/tnf/entry/netbsd_fully_reproducible_builds
Plus, as others have said it is Libre and has WIP support for GNU Hurd.
Sure, but Debian and Trisquel are already libre and support for Hurd is useless as I said above. Oh also there is Debian GNU/Hurd.
Also, we don't have a mandatory open source policy (but we do have a big preference for it).
Um, you may want to look more into this:
https://github.com/privacytoolsIO/privacytools.io/blob/master/.github/CONTRIBUTING.md
Because, although very few rules exist there are a few like Contrib OSes must be marked and whatnot. Saying no policy is a bit of an understatement.
No "mandatory open source policy". It is preferred, but not required.
We do not know if it is more secure, so if I must run outdated code so be it.
Well, yes, you can. If it is more secure, it means it is less vulnerable to attacks. You could check if they are possible with newer code compared to older code.
Nurmagoz
commented
5 years ago It's not the only one trying to have builds reproducible. https://wiki.debian.org/ReproducibleBuilds
Debian packages are reproducible builds but debian distro is not, mentioned in the same link:
Reproducible builds of Debian as a whole is still not a reality, though individual reproducible builds of packages are possible and being done. So while we are making very good progress, it is a stretch to say that Debian is reproducible.
Sure, but Debian and Trisquel are already libre and support for Hurd is useless as I said above. Oh also there is Debian GNU/Hurd
Useless ? lol. anyway im not gonna discuss that but the GuixSD is diff because of Guix package manager which is not presented in Debian , Trisquel ..etc. oh there is arch/hurd...
No "mandatory open source policy". It is preferred, but not required.
what do you mean not required ? do you mean nonfree software should be listed as a recommended software to use?
If the software is nonfree = not recommended simple as that.
dawidpotocki
commented
5 years ago No "mandatory open source policy". It is preferred, but not required.
what do you mean not required ? do you mean nonfree software should be listed as a recommended software to use?
If the software is nonfree = not recommended simple as that.
Yes and such software is already listed. Like VeraCrypt, it is source-available and websites with nonfree Javascript. You can't make everyone another Stallman, it is not possible. Thanks.
ghbjklhv1
commented
5 years ago Well, yes, you can. If it is more secure, it means it is less vulnerable to attacks. You could check if they are possible with newer code compared to older code.
@dawidpotocki Except, when it isn't. Many times bug fixes raise your attack surface. That bug may be fixed but it could create another one. But, yes that individual bug can be proven as fixed.
Thanks for helping me clarify! :)
WorldWideWebWizard
commented
5 years ago What does it give that others don't? It still primarily uses linux-libre and there are already listed free OSes like Debian and Trisquel. Hurd will never get out of beta (they started development in 1990) and there are not a lof of benefits to running it. Guix package manager by itself from what I know can be installed on any distribution.
Its usually better to have a micro-kernel then a monolithic kernel. Putting most of your code in kernel space was good for performance, but the continued development of the micro-kernel architecture has vastly improved. Which makes performance not much of a problem. I also can say that GNU Hurd has made great strides in becoming usable.
blacklight447
commented
5 years ago I think it is time we should come to an decision here, I still do not currently see where guixsd would have an advantage over the operating systems that we already list. If someone could give me a concrete list of arguments on this soon about why it should be listed, then we can consider it. Else I will close this issue as rejected.
Nurmagoz
commented
5 years ago For anyone who is interested in stateless systems advantages of Guix/NixOS designs:
https://www.whonix.org/wiki/Dev/Stateless
this is good collection of it.
(if some admins biased or blinds it doesnt matter, this post for readers to check and take advantages)
Basic Information
Name:
GuixSD
Category:
Operating Systems
URL:
https://guix.gnu.org/
Description
This is a full free software OS which doesnt contains any blobs , nor do they package any non-free software which makes it FSDG distro.
What is special about this OS?
Note: The distro is functioning at the moment with linux-libre , optionally with hurd.
Refs:
https://en.wikipedia.org/wiki/GNU_Guix#Guix_System_Distribution https://www.gnu.org/software/hurd/hurd/running/nix.html
More info to read:
https://guix.gnu.org/manual/en/guix.html
Note: prefer to flag the OS with Beta since it doesnt yet compatible with wide range of hardware. But on the same time it doesnt poses any insecurity or salamon wisdom to use it.