The D in SystemD stands for Danger, Will Robinson! Defanged exploit code for security holes now out in the wild Those who haven't already patched a trio of recent vulnerabilities in the Linux world's SystemD have an added incentive to do so: security biz Capsule8 has published exploit code for the holes. Don't panic, though: the exploit code has been defanged so that it is defeated by basic security measures, and thus shouldn't work in …
systemd is a philosophical wrong choice.
That is, I think, why it polarises people so much. Yep it has massive advantages. But convenience brings complexity, and opaque complexity at that.
If you look at how long posix compliant code has been around in major use you can see that there is a lot there that was just right.
Can you imagine where systemd will be in 10 years time? I shudder to think. Probably Oracle will somehow do a deal and buy the rights to it somehow.
But I won't say 'I told you so!''
I'll bloody well use frikkin lasers and write it on the moon.
@m0rt "systemd is a philosophical wrong choice."
I think there's also been a shift in influence in the opensource world. I started experimenting with Linux 20 years ago after my NT 4.0 workstation gave me one too many stop errors, and I remember encountering a mix of obsessive tinkerers, professional users (mostly in IT and academia) and passionate Microsoft-haters. There were lots of neat little programs and libraries being actively developed by individuals, and while they often lacked API level integration and couldn't easily be rolled into something like a Windows or Mac desktop, there was a lot of choice and decent data interoperability. Portability was hit-and-miss, but most people I talked to seemed to think that it was a good idea.
Poettering is a different breed. He seems to want social unity, and while I don't feel qualified to judge his technical arguments about the design of system level daemons, it seems odd that he (and some others*) want to remove abstractions that facilitate portability and compatibility while keeping lots of other cumbersome abstractions.
A modern OS is a matryoshka doll of abstractions. In hardware you have translation of instructions into micro-ops as well as execution-reording, At the top you have web applications written in interpreted languages (both client- and server-side) that use compiled languages to interact with a supervisor that lives inside a hypervisor. And you don't just have one stack, but many different interpreters and several compiled languages. And a few different hypervisors. And ARM support, and initial support for RiscV. So I'm not sure why Poettering thinks that POSIX compatibility is the biggest threat to the elegance and efficiency of a modern Linux server or desktop.
*I'm thinking of Jon McCann's argument back in 2011 that GNOME should depend on SystemD even if that meant nuking support for all non-Linux kernels. He also wanted to drop support for non-GNU core libraries even though they were useful on systems with limited memory or security requirements that made functions like strlcat/strlcpy advantageous.
"He seems to want social unity"
Isn't it odd, then, that he behaves in a way that guarantees the exact opposite of that?
"*I'm thinking of Jon McCann's argument back in 2011 that GNOME should depend on SystemD even if that meant nuking support for all non-Linux kernels."
I remember that. That statement is what changed my thinking about Gnome form being a DE that I dislike on aesthetic and usability grounds to one that I dislike because it represents an active threat.
is that you can put your money where your mouth is and write your own drop in replacement.
Except, unfortunately, that the systemd developers refuse to commit to a stable API contract against which a drop-in replacement could be written and tested for compliance with the reference implementation. This is what has stymied prior attempts to produce re-engineered versions like uselessd, or get it running on OSes other than Linux. The lack of such a contract, IMO, is one of the main reasons why systemd has become such a crawling horror in the first place.
They haven't just refused to commit to a stable API - they actively change it just to screw over any attempt to create a compatibility layer. If this were a company, they'd be under the magnifying glass for anticompetitive behavior; unfortunately, even Red Hat's control over the Linux landscape is unlikely to draw the attention of even the most ornery of regulators.
Right out of the M$ playbook from the DOS days. Remember the 'undocumented' system calls they used, to give their own applications the edge? You used them at your peril because as s soon as too many 3rd parties got comfortable with them, M$ would mutate them.
A lot more than 1000x more bugs.
A 10 line prog has 10 lines that each interact with 9 other lines, so 90 bug opportunities
a 10,000 prog has 10,000 lines that each interact with 9,999 other lines, so 99,990,000 bug opportunities. That increases the incidence of bugs by 1,111,000 times.
It does, which is why you limit the reach of software. You don't need to log with root level rights.
You get sent data by all and sundry, write it to disk.
Why does that need root privs? (ignore for the moment the perfectly good text based logging we used to have)
systemD might make sense in a few (mostly laptop related) cases, but it make serious compromises in terms of clarity and usability IMHO. No need for it on a vaguely stable system.
The whole systemD thing has always been an answer to a question that was never asked by people using Linux systems as a server.
It is nice that systemD might help laptops with their (de)hybernation issues.
They should start teaching in engineering school that simpler things are better, since they cost less to build and maintain, while being more robust at the same time. Nowadays everything is top-heavy from featuritis, costs a ton of money and is broken within 5 years.
People using Linux for serious stuff, are burdened with unnecessary complexity and the security risks implied by this very complexity.
Maybe mainstream distributors of Linux will start to learn that things which are not there, can't impose a security risk, and start publishing light-weight server versions of Linux. Really, nobody needs a windows Registry like start up system on Unix, the very idea should someone have banned from ever logging in on an Unix system.
the very idea should someone have banned from ever logging in on an Unix system.
That Poettering guy seems (at least to me) to be much like the Boss:
"Well years ago when I was a Unix Admin..."
I only just manage to suppress the cry that he wouldn't even qualify as a unix admin's ARSEHOLE, as he continues..
"..I used to just use strings to see if anything nefarious was going on" the Boss finishes, letting us in on a technical secret bound to take us to the top of our chosen field.
"Strings?"
- BOFH 2000 Episode 34
There were only 3 that contained "advertiser_tracking_enabled" as seen in the traffic during that 35C3 vid. One was APKPure, which pisses me right off because if I wanted to use an app store that tracked me, I'd have kept all the Google crap. Second was Firefox, which is not even reasonable-- I am assuming it got corrupted by none other than APKPure, with which I loaded it. Third was LingoDeer, which IIRC also came from APKPure if not some other random APK-slinging website. None of the kool kids-- that I originally got through Google Play, saved, and later "adb install"ed-- had obvious traces. So there's your wrap-up. APKPure is Orwellian BS if anything ever was.
"It is nice that systemD might help laptops with their (de)hybernation issues."
I've been using Linux on laptops from long before SystemD existed, and have never had problems with hibernation. I'm not saying other's didn't have issues, but I do think that this implies that such issues can be fixed without the likes of SystemD.
Wow AC, that's pretty hateful thing for you to say. I mean, wow
Don't forget that Trump haters still have to LIVE right next to Trump lovers all day every day until they can maybe rearrange their entire life and leave the country. Don't forget that nobody elected Poettering to be anything super-important and even though Debian elected to follow Redhat, and lots of distros are electing to follow suit, you can still elect to simply not install those, you can still make it Somebody Else's Problem. IMO there's just not that much of a comparison in your 'prime example' and IMO it's still a lot shittier for the USA than it is for the FOSS community.
gawsh you guys, you brownvote like I'm defending LP or something. I'm not saying it isn't shitty for the FOSS people-- it is shitty. I *am* saying that was a bad comparison; it is not accurate. It's a shitty metaphor, a shitty ANALogy, and a shitty thing to say. And WTF is 'bigly' anyway? Hugely, majorly, largely, predominantly, massively, overwhelmingly, phenomenally, sure... but bigly? Shirley something resembling an adjective in that position would have been much less ...aromatically unpleasant. It rather tidily betrays the shortage of critical thinking behind the shitty OP. But what do I know? I'm just a dumb bum Murkin anyway...
Highly unlikely Waseem. The SystemD folks are totally opposed to portability, while FreeBSD has a good alternative to SysV init already. As for glibc, it's written in a gibberish that relies on the C pre-processor and is a possibility poor implementation compared to the elegance of the BSD libcs.
By the way, if you do need to patch, you can find the perfect patch at freebsd.org
While I kinda* agree with the general sentiment, the reason why systemd became an issue at all is that it is backed by RedHat, the most trusted *NIX distro in the Big Biz world (unlikely to change since they were just gobbled by the most trusted Big Iron company in the Big Biz world...). That gives systemd considerable traction. I do currently work for Big Biz. Big Biz doesn't care for reliablity, stability or elegance terribly much, these are just bonusses. Big Biz cares for support contracts, monetary penalties, and above all, for "case open with the supplier so it's not our problem anymore" clauses.
Something is rotten in the State of IT. Goodpractices, I knew thee well, etc. But again, I'm old enough to remember that it's always been the case. Same general mindset, same errors, different offenders. The only difference is that some of us here were hoping for an improvement when Linux hit the limelight, and that's only a generation thing. Hope is a renewable resource, disappointment is a constant ;-)
Resistance is NOT futile though. The most efficient way of resistance IMHO is Devuan at this time, not *BSD, because of the trust built around Linux by now-traitors RHEL and Debian (to cite only 2). The path of least resistance is often the fastest. Not that I don't believe in unicorns, mind : I am myself eagerly waiting for -and occasionnally minutely contributing to- the Raise of the Mighty GNU HURD Complete With Its Own MACH Microkernel. Not holding my breath though (renewable resources, constants, etc).
*For personnal -and rather shallow- reasons I prefer dabbling with DragonFlyBSD myself, but that's besides the point
Why not BSD? I think both of those are equally effective choices.
Sure, but Joe Public -and non-technical management- has heard of Linux and even often tried it /deployed it in production, while *BSD is still confidential outside some IT circles. And Devuan benefits from the rather impressive hardware support and application base of Debian (and to some exxtent, of RedHat)
The way systemd has been pushed means that a lot of userland stuff now assumes it's there (even without explicitely depending on it, in some cases). To counter the trend, there needs to be enough systems out there that do not run systemd.
Also, many managers will be reluctant to switch production from RHEL to *BSD. The switch to Devuan is easier to promote.
That's screwed up more install's than I care to admit ....
I can understand the initial thought on making boot faster by threading (ALA: System 7 unix) but the whole FUCKING thing has gone down hill since ...
And boot times have gotten WAY faster since SSD's seem to be more and more deployed.
SO, why do we still need it ? Probably because some thought their DICK was bigger than everyone elses.....
... for a system not requiring security, stability or any serious control. Like gamer pc with steam / nvidia proprietary / graphics / media video, skype...
Now using it on a environment where security is critical, it is inconsistent. Working with a minimal distro, openrc, hardened kernel, strict rules MAC, permission... doesn't even guarantee a security breach, what more with systemd.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
