62f1c79af618526e0d69680bb8117366
Snappy FUD
Creative Commons Attribution-No Derivative Works 4.0
Summary: Fear, Uncertainty, and Doubt (FUD) attacks on "Linux" persist; now there's some not-too-alarming flaw in snap-confine and we're meant to think it's a very serious problem; in the real world, however, it's not used much on multi-user systems
THIS year started with exceptionally vicious Fear, Uncertainty, and Doubt (FUD) attacks on "Linux" -- mostly recycled from last year (trying to float or keep afloat something about a package of Apache). We perceived that to be a form of distraction from what had happened to VMware and Microsoft Windows. The White House was (mis)led to look at the wrong culprit, being advised by the actual culprits.
"The White House was (mis)led to look at the wrong culprit, being advised by the actual culprits."The general tactic seems to be information warfare. They want us to think or at least 'feel' like "everything is broken" or "Linux" is just as unsafe as Windows or other proprietary software. Since the Linux Foundation is nowadays a front for proprietary software companies we ought not expect it to say anything in Linux's defense. The same is true for media that it bribes for puff pieces. SJVN seems to have become a part-time FUD peddler. Follow the money... (salaries)
The video above is about this not-so-critical flaw in snap-confine. Typically you'd expect some advisory, a fix, and everyone to just move on, carrying on with patched systems. But not this time...
Last night we saw the headline "Multiple vulnerabilities put 40 million Ubuntu users at risk" from clickbait site TechRadar [1, 2], joined by a bunch of other scary-sounding "reports" from Microsoft-connected publishers. Of course they keep blaming "Linux" or insinuating it's an issue with Linux.
"Of course they keep blaming "Linux" or insinuating it's an issue with Linux."What is this really about? It's about snap-confine, which not so many GNU/Linux systems even have. About a month ago the media did something similar with polkit (part of systemd), wrongly attributing a similar bug to "Linux".
Well, in my personal experience, e.g. at work, Snap isn't widely used. It's especially ignored in multi-user server systems. It's used a lot to shoehorn proprietary software and even as a ramp for client-side DRM (things like Steam), not to mention pervasive eavesdropping (e.g. Skype, Microsoft Teams). In other words, if you install things using Snap, then it's the stuff you install that's by far greater a threat than Snap itself. Trojan horses with back doors, "telemetry" and even rootkits ("anti-cheat") are literally "malware", but we're meant to think those are honourable because there are large companies behind them.
Snap is "Linux" as much as Photoshop is "Windows". There are many other package management systems, even better ones and more widely used ones [1, 2, 3], not limited to Linux as a kernel [1, 2].
"So all this commotion in the media (over the past few days) might be motivated by an agenda other than a will to inform readers."From a technical point of view, Snap offers very bloated packages that are far too big and slow to install. Canonical has been trying to tackle this problem, which is very legitimate a complaint by the way, and meanwhile key staff from Snap has left. Snap/Snapcraft has not been going as well as initially hoped by Canonical, partly because IBM/Red Hat is pushing back with Flatpak and Linux Mint is trying to block what it rightly perceives/views as a potential vendor lock-in of little practical benefit to actual end users.
So all this commotion in the media (over the past few days) might be motivated by an agenda other than a will to inform readers. ⬆