SoylentNews is people
SoylentNews
from the "I've-got-that-'impending-doom'-feeling-again" dept.
Arthur T Knackerbracket has processed the following story:
The Linux ecosystem is buzzing with news of Amutable, a new company founded by some of the most influential figures in modern Linux development. Led by Lennart Poettering (creator of systemd), Christian Brauner (Linux VFS subsystem maintainer), and other prominent Linux kernel developers, Amutable aims to deliver "verifiable integrity to Linux workloads everywhere."
[...] Amutable's stated mission is ambitious: to build cryptographically verifiable integrity into Linux systems. Their approach focuses on three key areas:
Ensuring that software builds are verifiable and tamper-proof from the development stage through deployment.
Implementing secure boot processes that can cryptographically verify the integrity of the entire boot chain.
Maintaining verifiable system state throughout the operational lifecycle of Linux workloads.
The company's tagline, "Every system starts in a verified state and stays trusted over time," encapsulates their vision of comprehensive system integrity.
While Amutable has been relatively secretive about specific technical details, the company appears to be building on remote attestation technology. This involves using hardware security features (like TPMs - Trusted Platform Modules) to cryptographically prove the state of a system to remote parties.
The technology builds on existing standards and protocols but aims to make them more accessible and user-controlled in Linux environments. According to founding engineer Aleksa Sarai, the models they have in mind are "very much based on users having full control of their keys."
The announcement has generated significant discussion in the Linux community, with reactions ranging from excitement about improved security to deep concerns about potential implications for user freedom.
However, a significant portion of the Linux community has expressed serious reservations, drawing parallels to how similar technologies have been used to restrict user freedom on mobile platforms.
Remote attestation inherently involves revealing information about your system to third parties. Even with privacy-preserving protocols, concerns remain about:
One of the key technical challenges is providing attestation without compromising user privacy. While protocols like Direct Anonymous Attestation (DAA) exist, they often require trusted intermediaries and can still be vulnerable to correlation attacks.
[...] As one community member noted, attestation can only verify that known vulnerabilities are still present, not that a system is actually secure. With thousands of CVEs discovered in Linux annually, "verified" doesn't necessarily mean "safe."
Lennart Poettering's involvement adds another layer of complexity to the discussion. His previous work on systemd was similarly controversial.
Supporters counter that systemd solved real problems and modernized Linux system management. The parallel concerns about Amutable suggest the Linux community is wary of another potentially disruptive change from the same architect.
Amutable has been notably quiet about their business model, which has fueled speculation and concern. Possible approaches include:
The lack of clarity around monetization has led some to worry about potential future restrictions or lock-in mechanisms.
Amutable enters a space where several major players are already active:
A Linux-native solution could either complement these existing systems or compete directly with them.
Government regulations around cybersecurity are increasingly requiring organizations to demonstrate system integrity. Amutable's technology could help organizations meet these requirements, but it could also become a compliance requirement that effectively mandates its adoption.
[...] Amutable represents a significant moment for the Linux ecosystem. The company's success or failure could determine whether Linux develops robust, user-controlled security attestation or whether the platform remains vulnerable to the kind of lockdown that has characterized mobile computing.
The involvement of respected Linux developers like Poettering and Brauner lends credibility to the project, but their track record also shows they're willing to make controversial changes they believe are necessary for Linux's evolution.
The key question is whether Amutable can thread the needle between providing the security guarantees that enterprises need while preserving the freedom and openness that Linux users value. The answer will likely shape the future of Linux security for years to come.
For now, the Linux community watches and waits, hoping that this new venture will enhance rather than restrict the platform they've helped build. The stakes couldn't be higher: the future of open computing may well depend on getting this balance right.
(Score: 2) by SemperOSS on Thursday February 05, @06:52PM (2 children)
At least that is an easily avoidable Poettering product … for now.
I have so far managed to keep myself out of systemd-land on my desktop and my laptop. Slightly more difficult on the server side as I for simplicity use the images available from my VPS providers, and the only systemd-free product they seem to have is Windows 🙁
I do not know Poettering personally but I have met quite a few people that consider the KISS principle as only to be used by the less than averagely endowed — IQ-wise, that is.
Open Source Solutions and Digital Sovereignty is the new black
(Score: 5, Insightful) by Unixnut on Thursday February 05, @09:41PM
Funny, I usually find it it is the less than averagely endowed (IQ wise) that think complicating things makes them smart. It is easy to complicate things, to make them simple and elegant takes intelligence.
A famous man once said "Everything should be made as simple as possible, but no simpler" [socratic-method.com], I have a poster of this up in my office to remind me never to needlessly complicate anything, fitting from a man who became famous for simplifying reams of math into an elegant equation. Feels like some people could do with such a poster themselves, but no doubt their "superior intelligence" will cloud them from understanding it properly.
(Score: 5, Interesting) by Thexalon on Friday February 06, @02:19AM
I likewise don't know Lennart personally, but having read some of his writing, and seeing his code, he comes off an awful lot like guy I knew back in my college days: He proposed a very complicated solution to what was in fact a fairly simple problem, complete with a Three-Letter Acronym, but could neither explain the plan to anyone else nor actually make the damn thing work properly. The rest of us were successful in our ensuing group project because we simply ignored him and let him spend his time banging his head against the wall trying to make his thing work while the rest of us implemented the simple solution to the simple problem. And then he changed his major away from CS shortly after that.
The one thing he does seem to be good at though is convincing suits to go along with his harebrained schemes.
One reason I think he's butted heads with Linus on several occasions is that Linus has encountered similar sorts before.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin