Weakness Observatory

I do a lot of chest beating here which champions free software as amazing but let's take a look at some areas where free software is undeniably a weak bug.

Firewall:

The firewall situation on libre operating systems is bad. Right now, end users can opt for tools such as firewalld or (g)ufw, or directly through iptables or nftables. But these are what I call whack-a-mole firewalls. They only care about allowing connections by port or address and are completely application blind. This leaves users constantly having to play whack-a-mole to find which connections are trying to go outbound and then constantly open these ports, allthewhile praying that it is the only application that will use this port. Desktop users will have a multitude of applications which may be reaching out over the network, sometimes unsolicited or through dynamic port ranges. Opening port 443 for web browsers will also facilitate any other application to connect on this port with no way to discriminate between individual applications.

What a shame that free and open OSes often mired for their handling of security and privacy have only such ancient firewalling available. So what can be done? There are some projects in varying degrees of development:

  1. OpenSnitch: Was a one-man-show for some time until development halted. It has recently been picked back up by another author and has yet to reach maturity or to find its way into major distribution repositories. The project page even advises against relying on OpenSnitch in any serious manner as of yet.

  2. Douane: Seems further along than OpenSnitch, but still unavailable within repositories that I am aware of. One must build this themselves in order to install, run at your own risk.

  3. LAF, Linux Application Firewall: Started in May 2020, another one man show. Currently, its code of conduct contains more lines than the actual program.

God help us all.

HiDPI:

Resolutions exceeding full HD are actually not in terribly bad shape, as most desktop environments seem to have implmented DPI scaling. In my experiences, this scaling extends itself to anything using qt and gtk. Problems remain however for individual programs. Any fixed icon in an interface will be 1/3, 1/4, etc the size of what it was designed for. Form boxes and text on fields can sometimes be cut off or shifted out of view.

Games have also been slow on the uptake. In many free games it is possible to set the resolution to 2560x1440 or 3840x2560 but the actual FoV and in-game UI might remain below 1920x1080 scale. Despite the DE-wide scaling implementation, it is clear that the teams behind these individual projects would need to adjust their UI options for high resolution displays. This invariably means that some programs simply may never play nice on your new ultrawide or 4K monitor.

Video Conferencing:

2020 has drawn a lot of attention to this shortcoming, which may end up being a positive thing, as video chat/video conferencing has traditionally been a weak area for free software. The best contendors we seem to have at the moment are;

  1. Tox: Works well, I have actually not found any technical issues with it but good luck getting friends, acquaintances and family to try it. P2P may be a limiting factor in holding a video conference with many peers, depending on bandwidth.

  2. Jami: Formerly Ring. All users must be on the same release version, I have run into forward/backward compatibility problems in my testing. Otherwise it is fine execpt for the same potentiality of P2P scaling limitations mentioned above for Tox.

  3. Telegram: As of September 2020, they have implemented one to one video chat as an alpha feature. I have not tried it, Telegram demands a phone number and relies on a third party man in the middle. Telegram cannot be self hosted.

  4. Jitsi: Worked well once when I tried it in the past, it seems to have been removed from distribution repoistories (fell out of development?). The Jitsi site seems to indicate that it is now just a web application.

A weak offering, but these as well as others I did not name have been receiving some much needed development attention in response to the events of 2020.