alt.hn

4/9/2026 at 4:36:56 PM

Little Snitch comes to Linux, but the core logic is closed source

https://the.unknown-universe.co.uk/privacy-security/little-snitch-linux/

by TheIPW

4/9/2026 at 6:35:56 PM

Glad you also talk about OpenSnitch. It is critical to have it installed.

OpenSnitch and PiHole are simply a must on every network.

by roscas

4/9/2026 at 7:27:06 PM

for folks on the mac, Lulu has been a great option too. https://github.com/objective-see/LuLu

by klueinc

4/9/2026 at 8:19:41 PM

objective-see is carrying an immense weight for Mac users

Security: BlockBlock, KnockKnock, RansomWhere...

System/Productivity: TaskExplorer...

Yes times 4

by Barbing

4/9/2026 at 9:18:51 PM

They really are… and it’s just one person too, right?

They’re doing the lord’s work.

by braingravy

4/9/2026 at 9:28:23 PM

What "lord" is that? A landlord?

I'm not a feudalist, nor a techno-feudalist.

by mystraline

4/10/2026 at 9:04:19 AM

You're apparently also not that well versed in English idioms given that "doing the Lord's work" is a well-known phrase which does not need explaining to the average speaker (native or not) of that language.

Doing the Lord’s Work

When someone handles a task that benefits everyone — especially something inconvenient, uncomfortable, or ignored by others. Often used humorously. Doesn’t always refer to religion. Can describe someone sacrificing time, energy, or sanity to improve a situation nobody else wanted to deal with.

“Whoever fixed the Wi-Fi before the meeting started is doing the Lord’s work.”

https://www.urbandictionary.com/define.php?term=Doing+the+Lo...

by hagbard_c

4/9/2026 at 6:56:51 PM

Can you elaborate on ideal pairing?

by benf76

4/9/2026 at 7:57:56 PM

[dead]

by TheIPW

4/9/2026 at 8:31:21 PM

I wrote GlowWorm ~20 years ago, duplicating much of the LittleSnitch functionality at the time.

I remember discovering remote kernel debugging across ethernet; it was magical.

https://glowworm.us

by senojsitruc

4/9/2026 at 8:34:22 PM

When I click on the “Download / Buy Now” link [1], Safari tries to download it instead of visiting the page. I tried with cURL and discovered that the page is returning a “content-type: application/octet-stream” header, which makes no sense because the page is just HTML. Also, I can see some portions of raw PHP code in the HTTP response, so I think your web server is not interpreting PHP as it is supposed to and instead returning the raw content from the PHP file.

edit: In fact, every PHP file is being leaked, for example, this file [2] contains a $hash_salt , which is supposedly being used to “prevent[s] users guessing filenames and make data more secure”

[1] https://glowworm.us/securimage/download.php

[2] https://glowworm.us/securimage/securimage.php

by guessmyname

4/9/2026 at 8:50:35 PM

The website is preserved for historical reasons. Nothing there has been active in a long, long time.

by senojsitruc

4/9/2026 at 8:49:05 PM

I’m as paranoid as the next person but what’s the purpose of this article?

If you don’t like closed source software and don’t trust the developer(s), then don’t use the software. Why waste time writing an article that all it does is critize the developer’s decision?

If you care so much about the software you run in your computer, then do what I do: open a disassembler and reverse engineer the code, inspect every single HTTP(S) call, every network packet, every system call, and then maybe you will feel at ease.

by guessmyname

4/9/2026 at 9:08:35 PM

I write these things because transparency is kind of the point of the platform. Most people don't have the time or the interest to open up a disassemble every time they want to try a new tool, they just want to know if it fits the FOSS ethos they moved to Linux for.

Pointing out that a "privacy" tool has a closed-source brain isn't an attack on the dev, it's just a heads-up for people who care about that sort of thing.

by TheIPW

4/9/2026 at 9:28:55 PM

The Linux Steam client is closed source.

Should we refuse to use Steam?

by GeekyBear

4/9/2026 at 9:35:44 PM

There’s a big difference between running a closed-source app to play games and trusting a closed-source app to protect your whole system.

by TheIPW

4/9/2026 at 11:01:19 PM

This is a strange (and strangely confident) rejoinder.

You should refuse to use Steam.

by cxr

4/9/2026 at 9:19:10 PM

If it is closed source then it does not fit the FOSS ethos. You don't have to disassemble it; you can just move on.

by nslsm

4/9/2026 at 9:01:11 PM

There's https://github.com/obdev/littlesnitch-linux, and https://github.com/evilsocket/opensnitch and probably many others.

by zahlman

4/9/2026 at 11:03:46 PM

The project in the very first link, which points to "Open Source components of Little Snitch for Linux", is what this article is about.

by cxr

4/9/2026 at 6:49:52 PM

See "Little Snitch for Linux" https://news.ycombinator.com/item?id=47697870

Also:

> Little Snitch is not there to replace OpenSnitch. It's just an additional option you can choose from. Some people might prefer it, others not.

https://news.ycombinator.com/item?id=47701918

> But I currently can't make the entire project Open Source. My other option would be to keep it completely private (wrote it mostly for myself in the first place).

> I think it's still better to make it public and only partially Open Source so that some people can benefit from it. If you don't trust us, that's completely reasonable, just don't install it.

https://news.ycombinator.com/item?id=47701740

by lapcat

4/9/2026 at 8:13:54 PM

last thing in the world i want is to install proprietary software on linux. even less so is something meant to be security software and interacting directly with my network stack.

by kelsey98765431

4/9/2026 at 8:23:34 PM

> ...my primary line of defence is AdGuard Home. By handling privacy at the DNS level...

To each their own, I guess, but that would be a hard pass from me. One example from mobile: FF on android keeps trying to connect to its various services (like firefox.settings.services.mozilla.net). For privacy reasons, I use NetGuard to block this and other similar domains. But there is a gotcha: there are sites (like seekingalpha.com) who refuse to load if access to these same domains is blocked - even on a completely different browser! With NetGuard I can still visit those sites in the secondary browser while blocking Mozilla tracking. With DNS blocking I wouldn't be able to do that.

by bornfreddy

4/9/2026 at 8:30:12 PM

NetGuard is a solid tool for Android, but managing a whole home lab is a different beast. I've got dozens of VMs and containers tucked away in Proxmox; if I tried to micro-manage per-app permissions for every single one of them, I’d never get anything else done.

I prefer to take the hit on those rare site-breaking edge cases if it means I have a single, transparent "source of truth" at the DNS level. It's definitely a trade-off, but I'd rather spend my time building things than perpetually tweaking firewall rules for every new service I spin up.

by TheIPW

4/9/2026 at 7:26:34 PM

One nice thing about LittleSnitch on linux is that it comes with a web UI by default. Is there anything like that for headless systems using OpenSnitch?

by knowaveragejoe

4/9/2026 at 7:58:41 PM

I get the appeal; the Little Snitch UI is undeniably shiny. But for the headless Linux nodes in my Proxmox setup, I’ve never really felt the need for a proprietary dashboard just to see my network state. I’d much rather export my logs to something like Grafana or just check my AdGuard dashboard at the edge. It feels more "Linux" to keep the tools transparent and open than to invite a mystery binary onto my system just for the sake of a pretty graph.

by TheIPW

4/10/2026 at 8:18:42 AM

[dead]

by TheIPW

4/9/2026 at 7:42:28 PM

How anyone could trust OpenSnitch is beyond me.

by melon_tusk

4/9/2026 at 7:58:19 PM

Please elaborate

by patrickdet