I feel like my argument is not that hard to follow. I'm saying that just because machine-id makes fingerprinting easier, doesn't make it a bad decision because it could still lead to a net positive. In the Linux kernel's case, it might have been a simple solution to other problems, at a time when fingerprinting was not a concern. In systemd's case, it might have made it easier to accomodate legacy systems that depended on machine-id. Same with flatpak.
Linux, systemd, and flatpak are all fairly successful within their target markets. Clearly, you're going to need more evidence if you want to claim it's a bad decision.
In fact even if your goal is privacy and fingerprint resistance, just switching to another init system is not a panacea. First off, as mentioned in the flatpak github issue linked earlier, there are tons of other markers aside from machine-id that can be used for fingerprinting. And if you're using a mainstream distro, your new init system is likely less supported, meaning more bugs, worse security, and potentially a net loss in privacy.
Win the battle, lose the war. This is why I brought up compromise and strategy earlier.
In the end, it's hard to say how individual decisions like machine-id, contribute to the net result. There are pros and cons to each decision. Maybe if there was a competitor that didn't use machine-id and pulled ahead due to that decision, but I'm not seeing one.
My point is that your comment was dismissive and reductionist, and leads to mindless reactionary identity politics. Your comment basically sounds like "You make a good point but it supports the side that I don't like so I don't care what you say"
I wish there was a QEMU/KVM version of qubes. I feel like it would have better performance since a lot of virtualization work is done there (like virtio, virgl, etc). And also probably a lot more hackable
The article focuses on software engineering and internal collaboration, and you are focusing on large-scale societal power structures. These are completely different things. There's nothing wrong about the article choosing to focus on one particular perspective
Perhaps ask in the github issue I linked earlier why machine-id is necessary at all. They may have their reasons. My guess is that it makes it easier for devs to port their applications to flatpak, namely legacy apps that depended on machine-id.
I'm saying that if flatpak tried to implemenet machine-id obfuscation before releasing, they might not have ever released. By constraining their scope, they were able to focus on their other goals and release, and a lot of Linux users including me, are glad they did so. You can think of systemd's machine-id situation in the same way
I was agreeing with you. Systemd breaks unix philosophy. You know what else breaks unix philosophy? The Linux kernel. It's absolutely massive. If you want unix philosophy, switch to a microkernel.
Also another commenter in this discussion pointed out that flatpak does not actually obfuscate machine-id. You can read the issue tracker here: https://github.com/flatpak/flatpak/issues/4311
Basically comes down to a design decisions from 15+ years ago, in things that flatpak depends on. This is an open issue to this day. Would it have been better for flatpak to have delayed release until this was solved, possibly remaining unreleased to this day? Meanwhile everybody would have to use regular system packages, which not only have access to machine-id, but also the entire userspace, with zero sandboxing. I doubt that would be better.
This is easy to state but a lot less easy to solve.
Hiding /etc/machine-id isn't going to be a meaningful improvement if "other device identifiers" can't be hidden. The most obvious one is the MAC address of each network interface, which is globally unique and available to all processes that have network access.
To prevent access to the machine ID, xdg-dbus-proxy would have to block all org.freedesktop.DBus.Peer.GetMachineId() calls, which is an incompatible change. That method was intended as a way to determine whether two processes on the bus are running on the same machine; with hindsight, it would have been better as IsOnSameMachine(s: unique_name) -> b on the message bus, rather than GetMachineId() -> s on each peer, but running untrusted software was not really a thing when the Peer interface was designed 15+ years ago.
Just goes to show how much deeper these problems are than they appear on the surface. Design decisions from 15+ years ago haunting software of today
P.S. You can shorten your command to simply flatpak run --command=bash org.torproject.torbrowser-launcher -c "cat /etc/machine-id"
I use --command=bash a lot when I want to just enter a shell inside the flatpak environment
Saying Linus uses something is just appeal to authority by the way.
I was giving Linus as an example of a member of the Linux community, and a particularly prominent one at that. There are many indicators that Fedora is well regarded, and that is just one of them.
you either adopt them or it becomes increasingly difficult to run software on your distro.
Arguably, systemd made it easier to run software on Linux. The standardization made it easier for devs to write software that worked across distros. Devs didn't have to fight fragmentation in the lower levels and could focus on building platforms on top like Flatpak, which in turn led to even more software and apps available on Linux. It's way easier to find and run software than a few years ago.
I'm guessing what you were trying to say is that it's harder to find and run software on Linux that doesn't use systemd. That's fair. Just like it's hard to find apps nowadays that don't use web technology, and require something like Electron or Firefox to run. But if we think of systemd as a platform (though I think it's more complicated than that), does it go against the ideals of Linux?
The fundamental Unix principle is having small programs that do a single thing well and that can be composed together
First off, I know you didn't say this but I want to just clarify: software principles are different from community ideals. Software principles are a means to an end. And they are often broken. Modular design is hard to get right. Microservices often end up messier than the monolithic approach. Ultimately it's a balance. And strategy plays into this too. If monolithic design allows faster iteration, then even if it gets replaced with modular design later, you can use the lessons learned during those iterations to make the modular design.
It's possible that someday Redhat tries to weaponize systemd and it ends up holding Linux back until we can replace it. But I doubt it. If you look at the recent backlash that Fedora and Firefox has gotten for AI, you can see that the Linux community is pretty vocal and active about their ideals.
I'm not sure if the principles have been gutted like you say. Fedora, for example, uses systemd, and is supported by the commercial RedHat. And yet it is well regarded in the Linux community, and has firmly stuck to open source and pro-privacy principles. They foster diversity too, like the Fedora Atomic and Universal Blue projects, which make it easy to fork distros and create new ones. Not to mention, Linus Torvalds uses Fedora.
One could say that Linux is already growing at its own pace. There are some that wish it would move slower, some that wish it would move faster. systemd wasn't forced on distros. in fact Ubuntu fought it for years, since it was created by their competitor after all. Yet Ubuntu still adopted it in the end, so it must have been worth it.
The way I see it, back in the day, Linux was too fragmented in some areas, and at the same time lacking isolation in others. Systemd standardized and addressed the fragmentation, while containers introduced isolation where needed. The lines are being re-drawn. But I don't think the principles of Linux were compromised that much.
Well one reason why adoption matters is network effects. Increased Linux popularity, means that more developers will develop for Linux. At a broader level it means that the ideology and principles of the Linux community, like software freedom and privacy, can produce quality results and products for the masses. That brings more power for the Linux community, and more adoption of their principles.
On the flipside, if the base Linux experience is mediocre, then nobody will bother developing apps and extensions for it.
If you are completely happy with Linux the way it is now, then that adoption probably doesn't mean a lot. But I personally think there's a ton more that can be done in the Linux and privacy world
I can see that actually. I guess the post points out two things:
the dev being a a bit deceitful, downplaying their use of AI when clearly the project is like 90% AI
the community being frustrated by the lack of quality signals in the new world. Previously programming took a lot more effort, so just the existance of an app already meant that the dev was mildly competent. And at the very least it meant that the dev could fix and maintain the app when something broke. Now those trust signals are gone.
It's not just Windows tracking your web browsing history. GPU drivers do it too. Source: https://www.neowin.net/news/intel-windows-driver-to-now-collect-user-telemetry-data-like-website-categories-by-default/