OpenSnitch update: I disabled it on my Librem 5 because it kept a CPU pretty busy at all times, even when idle. I'll keep checking new releases as they come out for improvements. Until then I'll enable it opportunistically whenever I need to increase defenses.
@kyle I thought opensnitch was dead... I've been looking for a GNU/Linux alternative to LittleSnitch/Lulu for months and have come up with nothing
@unl0ckd I thought it was dead too, but I looked at it again recently and it turns out development has picked up: https://github.com/evilsocket/opensnitch/releases/
@kyle quick look at the source makes it look like it spawns quite a few ‘goroutines’ to inspect any and every process. Seems like that would keep a core or more busy on any modern *nix given all the various watchdogs and such.
@ajmartinez Hmm then it sounds like there may not be all that much room for further optimizations there. That matters less on, say, a Librem 14, but would have more of an impact on battery life on the Librem 5 I would *think* but I suppose I could test just how much of an impact.
@kyle I suspect that may be true. I’d considered firing up my vault dispvm and running it in there to see what kind of activity it generates on a system that doesn’t even have network access.
@kyle cool deal man
OpenSnitch update: I've re-enabled it by default. After chatting with one of the developers I realized I was weighting its load way too much because I measured it while the screen was off and RAM was clocked way down. The latest version doesn't seem to cause a significant load.