The Straw That Broke The Penguin's Hat

Homer's picture

I've long been a critic of those sorts of "Linux" distributions that feverishly struggle to implement a very condescending type of simplicity, and forsake more fundamental qualities, such as security and freedom, in an oddly desperate but illogical attempt to attain some elusive mark of "popularity". Ubuntu is probably the most stereotypical example, but I'm sure there are others.

For years I'd clung to the hope that common sense would prevail over the propaganda-fuelled hysteria of the masses, and that distributions with more "traditional" values, like Red Hat (or it's non-commercial counterpart, Fedora) would lead by example, ultimately swaying the opinions of those masses towards common sense.

It seems my hope was in vain.

Fedora has just become another "buntu".

I'm sure many will rejoice at this prospect, as expected. The "Simplicity Über Alles" propaganda machine demands no less.

For me, it means something quite different.

In its tireless bid to become less "Linux" and more "Windows", it seems Fedora has succeeded, and in so doing, set back the clock on software security some 40 years.

For those who have no idea what I'm referring to, I encourage you to read this: https://bugzilla.redhat.com/show_bug.cgi?id=534047

The backlash, against this callous disregard for one of the most fundamental tenets of UNIX security, ultimately forced a resolution, but I'm less interested in the final outcome than the prevailing environment that spawned this sort of lax security doctrine, and the initial and highly revealing reactions of some of those who are pivotal to steering the future of Fedora. "I don't particularly care how UNIX has always worked," wrote Richard Hughes, PackageKit maintainer.

I find this deeply disturbing.

You can see Richard talking about PackageKit in this video at Red Hat. By all accounts he seems a perfectly nice and reasonable person, but on this occasion I think he's got it badly wrong. I find it all the more ironic that he should hold such lax opinions on software security, considering that he apparently works for a defence company.

Here he is again, chipping-in with his opinion on binary blobs in the Linux kernel: "Typically firmware is 20-30k in size and most of us are sitting on multi-gigabyte disks, so I really don't see the problem."

No, he really doesn't.

Now, before anyone accuses me of launching some kind of personal attack, I should point out that I am equally disturbed by comments made in that same thread by other central figures, such as the immortal classic "For Free read useless" by Alan Cox, combined with his persistent use of the word "extremists" to describe those who have the (apparently) unreasonable expectation of Freedom in a Free Software distribution.

Opinions are one thing, but when those opinions start having a tangible affect on one's life, with respect to the security and Freedom of the software one uses, it's time to take stock of the situation.

I've been loyal to Red Hat (and subsequently Fedora) for many years. I've become comfortable with the "Red Hat Linux" paradigm to the point of (perhaps unhealthy) dependency. I've criticised the distro on many occasions, because I cared passionately about it, and wanted it to be better. I've contributed much time and effort to improving the distro, even to the point of spending weeks of my free time chasing other people's bugs until I had a solution - with zero reward or benefit to myself. The satisfaction of using the world's best GNU/Linux distribution (IMHO), and being part of a technically impressive and passionate Free Software community was enough, it was its own reward.

But that has now all changed.

It wasn't a sudden change, it was more like a creeping illness, that's become more noticeable and debilitating over the years, until one day you look in the mirror, and no longer recognise what's staring back at you. I'm not exactly sure what Fedora is any more, but whatever it is, it's not GNU/Linux. GNU/Linux has this thing called security, an unimpeachable characteristic that sets it apart from complacent shovelware peddled in high volume by "IP" harvesters like Microsoft. It certainly isn't OpenBSD, since the maintainers of that operating system would never tolerate binary blobs in the kernel, much less Fedora's lax security attitude. Perhaps it's Windows, or the bastard son thereof, at any rate.

The Windows-isation of GNU/Linux is a creeping cancer that has mutated many popular distros, not just Fedora, into something ugly and alien, but until now I had rather apathetically accepted this sea-change, hoping that the natural evolution of Free Software would heal itself, as the tide of popular opinion ebbed back and forth.

That hope was dashed when Fedora dropped the software equivalent of the Atomic Bomb.

From release 12 onwards, Fedora will no longer support much of my hardware.

Fedora 11 has i586 as the base 32-bit x86 architecture.

For Fedora 12, we will switch to i686 as the base architecture (including CMOV), and optimize for Atom processors.

This means we will lose support for the following CPU families:

* Intel i586 (all)
* National Semiconductor Geode processors
* VIA C3 (Ezra and Samuel Cores)
* AMD Geode GX

AMD Geode LX (as used in the OLPC XO laptop) and later Geode NX processors should still work. Those interested are, of course, welcome to set up a secondary arch for older processors.

The justification for them committing genocide on several generations of hardware, is that it might yield a whopping 2% performance gain on some processors.

Meanwhile, I suffer a 100% loss, as do the rest of those users with similar hardware.

Issues of Freedom and security become rather moot, when the software won't even run.

So it seems I am no longer Welcome at Fedora, having been unceremoniously kicked out onto the street for owning the wrong hardware.

I wish I could say I feel sorry, but the truth is I'm relieved. It's as though a great and long-standing burdon has finally been lifted, and I finally have the motivation to do something I half-heartedly swore to do many times before.

I'm going to create my own distro.

Those who favour "convenience" and "simplicity" over security and Freedom, need not apply.

Like nearly every other distro out there, mine will be initially based off another. In this case, I'm going to start with the source RPMS from Fedora 12, rebuilt to be i386 compatible, and then it'll slowly diverge from there. Ultimately it will use Alexandre Oliva's linux-libre, the blob-free version of Linux, with the longer-term goal of possibly even moving to the GNU Hurd, at which point I'll take great pleasure in telling Linus "Microsoft hatred is a disease" Torvalds where to shove "his" kernel, along with those other things he endorses, like Tivoization. It'll have a strict "No Microsoft" policy, both in terms of the actual technology, and the paradigms which define the operating system and software.

Other features which will be depreciated include SELinux and PulseAudio, the bane of nearly every Fedora user's existence. These technologies are "solutions" to entirely fictitious problems, and the former in particular is closely related to the same issues surrounding the PackageKit scandal. If unprivileged users are never given elevated privileges in the first place, then there simply isn't any need for mandatory access controls - standard UNIX security methods are sufficient.

As for using SELinux as a kind of straitjacket to control the damaging affects of processes that go mental, through buffer overflows or any other anomalous conditions, that serves none but the lazy. We need to fix bugs, not put them in padded cells. The latter is the Windows way, not the Linux way. SELinux is an obscenely complicated and convoluted technology, that does nothing but annoy people, causing them to disable it entirely, much like Windows UAC "security" that Microsoft slapped-on to compensate for Windows fundamentally "single-user" design. Exactly the same can be said of this latest nonsense called PolicyKit. Linux does not need this bullshit.

I'd also have to question the trustworthiness of any technology emanating from the NSA, the core spy agency for the American Empire. Is this really something we want running on Free Software distributions? Think!

As much maligned as the GNU/Linux audio situation often is, the reality is that it mostly works, or at least it used to until PulseAudio. Let me be perfectly blunt ... PulseAudio is a total clusterfuck, which unavoidably introduces even more latency into a system that really needs much less ... not more. Oh yes, it offers some "convenience" in systems with multiple bits of audio hardware, when it works at all. As I said, this is a "solution" to an entirely non-existent problem.

And that seems to be the prevailing theme throughout Fedora these days, and many of the upstream technologies it's based on, like PackageKit, PolicyKit, and whatever buzzword du jour-Kit is being peddled that month. I don't need "kits", I need software that behaves predictably and acceptably.

I also need an operating system that doesn't arbitrarily drop support for hardware based on the fact that, according to the maintainers, it's "too old". Let me be the judge of whether or not my hardware is still useful. And for those who cry "hypocrite", and point out this is no different from (essentially) forcing people to avoid certain hardware which only works with proprietary "blobs", by only distributing a blob-free kernel, let me just say this: If Fedora had depreciated support for my hardware because of Freedom issues, I would have had absolutely no problem with that whatsoever, but that wasn't the reason. I am a man of principles. I don't condemn actions, I condemn motives.

I need software that upholds the principles of the UNIX security model, maintained by people who have a genuine respect and reverence for security principles ... not a bunch of kiddies vying for popularity, who think security is an inconvenience. I'm not a kiddie. I'm not playing. And again, there is no hypocrisy here with respect to my decision to depreciate SELinux. SELinux has nothing to do with the traditional UNIX security model, IMHO adds nothing useful to it, may even cause security problems by generating complacency, and is obscenely complex to the point of obfuscation, thus causing me to instinctively distrust it. My goal here is not "simplicity", it's the removal of something that was not, and will never be, necessary, and may actually be dangerous.

But most of all I need, in fact demand software that respects my Freedom, maintained by people who also respect that Freedom. This apparently does not include the members of Gnome, who recently considered voting on the subject of whether or not to leave the GNU Project, simply because it's founder, Richard Stallman, had the audacity to suggest a Free Software project like Gnome should perhaps not be promoting non-Free software (as Miguel de Icaza does constantly, in his capacity as Microsoft Evangelist). Now the members of Gnome have finally "outed" themselves as anti-Free Software fanatics, regardless of the outcome of this vote, whether or not it ever happens, I assure you that I will never use Gnome again, and it will be notably absent from my new distro.

Other culling targets include Mozilla, who abuse trademark law to circumvent full utilisation of their supposedly Free software. Again, this is what "popularity" is ... a curse that exposes the worst traits of humanity, selfishness and greed.

Needless to say, Microsoft technologies like Mono and Moonlight will never be part of this distro, along with anything else designed to interoperate with Microsoft technology, whether or not it is patented by Microsoft, or anyone else. That means Windows filesystems like FAT and NTFS, and networking protocols like SAMBA/CIFS will also be purged. Apologies to Jeremy Allison, it's nothing personal, I just happen to prefer doing things the "Linux" way, and promoting technology that doesn't benefit convicted monopolists like Microsoft, even indirectly through the continued use of their de facto "standards".

The way I see it, the only possible reason for someone to require Windows "standards" support in GNU/Linux, is if they are actually using Windows somewhere in their computing environment, and need to interoperate with it through their GNU/Linux system. That being the case, I'd much rather encourage them to wipe the infection of Windows from those affected systems, rather than continue to promote the use of Windows by providing an easy route to interoperability. But hey, that's just me. I promote Free Software and denounce non-Free Software. I guess that makes me one of the "extremists" Alan Cox alludes to (or "fundamentalists", if you prefer Mark Shuttleworth's description).

To get things started quickly, the first release of this distro will simply be a respin of Fedora 12, based on the proposed "Security Spin" kickstart (how apt), but with all packages rebuilt using the flags "--march=i386 --mtune=generic" to ensure they actually work on hardware not deemed cool enough for Fedora.

The build process is already under way.

Expect a release soon after the New Year.