Slashdot Mirror
Ask Slashdot: Migrating a Router From Linux To *BSD?
An anonymous reader writes I'm in the camp that doesn't trust systemd. You can discuss the technical merits of all init solutions all you want, but if I wanted to run Windows NT I'd run Windows NT, not Linux. So I've decided to migrate my homebrew router/firewall/samba server to one of the BSDs. Question one is: which BSD? Question two: where's some good documentation regarding setting up a home router/firewall on your favorite BSD?
It's fine if the documentation is highly technical, I've written linux kernel drivers before :) (Got a question? You can Ask Slashdot, too.)
It's fine if the documentation is highly technical, I've written linux kernel drivers before :) (Got a question? You can Ask Slashdot, too.)
Experience usually leads to a realization that you don't know everything... Asking others is a good way to increase your available options from the few you are comfortable with to include ones you might not know exist.
I'm not sure why all you systemd haters feel the need to say "If I wanted Windows, I'd run Windows". I don't know the technical details, but I assume systemd as a Linux init system is nothing like Windows - except maybe for the fact that it's not based on a bunch of shell scripts. If you're a Linux fan, I'd be surprised if the only reason you like Linux is it's script-based init system.
Anyway, I assume the various distros that are switching to systemd are doing it for a reason - and that reason isn't to make it work more like Windows. I assume it's to make it work - i.e. resume from suspend reliably, etc. And if they find that necessary, what makes you think the maintainers of BSD aren't going to run into the same walls that the systemd approach circumvents? Then what are you gonna do?
So sure, if systemd doesn't need its 'tentacles' in an area, complain about that. Maybe your distro won't use that component. But as it stands the systemd flame wars are veering into conspiracy theory territory - and that's rarely a good thing.
Posted from my Android phone. Oh, I can change this? There, that's better...
PfSense is a must if you are running ESXi topologies.
SystemD hatred is pretty simple. A large amount of untested, potentially unsecure, unaudited code was placed at the core of Linux's userland, and forced on end users (enterprise IT shops) without any real testing or feedback by end users.
RedHat has bet the farm on SystemD... if/when it has security issues (it has network connections, so in theory, it can be remote rooted), it can cause a mass flight from RHEL and downstreams. The gain? Little to none, from the end user point of view.
I am keeping fingers crossed, and hoping someone forks the cash for an audit of the code... Oracle and Microsoft are waiting in the wings for mainstream Linux distros to fall on their face if something does break.
It's because the whole systemd thing is the latest in a line of trends where entire distros are being drastically changed rather than getting forked into something new. Ubuntu's Gnome thing caused a lot of people to basically write it off and move back to Debian, only to now find the same people responsible with the crappy Gnome changes have subverted the Debian core as well. Instead of forking Debian with the new systemd paradigm, Debian is rolling it in as the default. And since systemd touches so many different things, it's not really easy to get rid of.
One of the common defenses from systemd devs is something along the lines of "why are people so upset over it? SystemD is still new and they should give it time to play out before judging it." Which is exactly the kind of reason you *dont* put it in a live mainstream distro known for stability until after years of testing and positive results in a fork.
OpenBSD. Feel free to look at the others, just don't get distracted by shiny bells & whistles and GUIs and the like.
OpenBSD does what you want and does it very well.
Trolling is a art,
Becasue with pfSense (or m0n0wall) it is easy to do well. And this is a serious consideration. Doing a firewall "wrong" has some serious consiquenses, and pfSense or m0n0wall prevent you from making many common mistakes. (Actually, prevent is too strong... They just make it harder, but you can get access to anything you want if you try hard enough)
IMO the comparison comes about because the philosophies of the two (systemd and windows) are more related to one another than they are to Unix. Unix favors a collection of interacting tools that each do something (ideally, doing that something well). Windows is a giant monolithic shroud covering a multitude of interacting moving parts that you can't see, touch, or understand unless you spend the necessary years becoming an insider. Systemd seems to be leaning in that direction, hence the comparison. It's a big collection of "stuff" that refuses to be broken up into component functional bits.
It certainly doesn't help that the systemd authors seem to think so highly of themselves, that I feel no need to add to their aggrandizement by thinking highly of them myself.
Considering it's the third major Unix to try fixing this problem, I don't think the problem is nonexistent or invented. Solaris came up with SMF, and OSX came up with launchd, basically to fix the same problem, which is that tangles of shell scripts are unmaintainable, buggy shit.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
I don't understand the blatent systemd pushing. Reasons for disliking it vary but don't really matter, because its adoption will force a *lot* of people who don't want it to either suffer through it or suffer through migration to another OS. That is reason enough not to adopt it. Trying to discredit people's reasons for disliking it is presumptuous, pointless, and rather stupid.
Solaris lost favor due to crap like SMF because no one could really troubleshoot it when it broke as well, and OSX is no longer server friendly. If you want to talk about buggy shit, look at the two examples you just brought up. Systemd solves desktop problems, not server or embedded problems, it only causes problems in those realms.
Systemd is actually *really* easy to get rid of, you just have to be willing to do without Gnome and other packages that depend upon it.
Please provide a step-by-step list of the commands needed to remove systemd from CentOS 7 "minimal install", or a pointer to such a list.
I have now been told literally dozens of times that "you don't have to install systemd", but no one has yet to back that up with steps for an install without it, or how to remove it from an existing install.
Out of curiousity I decided to take a look at a typical init file on this machine, running Ubuntu 14.04 LTS.
I chose apache because it was at the top of the list. The file is 410 lines long. Within the first 5 lines of code, we're in to this cryptic, barely readable shit:
SCRIPTNAME="${0##*/}"
SCRIPTNAME="${SCRIPTNAME##[KS][0-9][0-9]}"
The file also appears to be sourcing variables left, right and centre. User-editable init config options have to be spun off into files their own directory (in this case /etc/defaults/apache2). They can't go in the init file itself because they evidently have to be updated by the package manager all the time. It's hardly any wonder with gems like SCRIPTNAME="${SCRIPTNAME##[KS][0-9][0-9]}" all over the place.
Then you've got the usual shitting of PID files out to persistent storage, and the same logic of checking them when starting or stopping the service - which is duplicated each time, in each init file for each service, along with the same basic shit each script has to do to determine it's environment.
I'd actually proved my suspicions within about 5 minutes of opening a few files.