Slashdot Mirror
Systemd Absorbs "su" Command Functionality
jones_supa writes: With a pull request systemd now supports a su command functional and can create privileged sessions that are fully isolated from the original session. The su command is seen as bad because what it is supposed to do is ambiguous. On one hand it's supposed to open a new session and change a number of execution context parameters, and on the other it's supposed to inherit a lot concepts from the originating session. Lennart Poettering's long story short: "`su` is really a broken concept. It will given you kind of a shell, and it's fine to use it for that, but it's not a full login, and shouldn't be mistaken for one." The replacement command provided by systemd is machinectl shell.
Lennart Poettering's long story short: "`su` is really a broken concept
Declaring established concepts as broken so you can "fix" them.
Su is not a broken concept; it's a long well-established fundamental of BSD Unix/Linux. You need a shell with some commands to be run with additional privileges in the original user's context.
If you need a full login you invoke 'su -' or 'sudo bash -'
Deciding what a full login comprises is the shell's responsibility, not your init system's job.
Soon we'll be telling people what version of Systemd OS we are running....
Su apt-get remove systemd --purge
Great to see that systemd is finally doing something about all of those cryptic command names that plague the unix ecosystem.
Upcoming systemd re-implementations of standard utilities:
ls to be replaced by filectl directory contents [pathname]
grep to be replaced by datactl file contents search [plaintext] (note: regexp no longer supported as it's ambiguous)
gimp to be replaced by imagectl open file filename draw box [x1,y1,x2,y2] draw line [x1,y1,x2,y2]...
Plus I can save $$$ by not renewing my expired Red Hat cert.
LOL still fighting to his day with Pulse Audio on XFCE on Fedora 22.
Jeez has it come down to me having to write a functional volume/mixer applet for myself?
A man who wants nothing is invincible
I know systemd sneers at the old Unix convention of keeping it simple, keeping it separate, but that's not the only convention they spit on. God intended Unix (Linux) commands to be cryptic things 2-4 letters long (like "su", for example). Not "systemctl", "machinectl", "journalctl", etc. Might as well just give everything a 47-character long multi-word command like the old Apple commando shell did.
Seriously, though, when you're banging through system commands all day long, it gets old and their choices aren't especially friendly to tab completion. On top of which why is "machinectl" a shell and not some sort of hardware function? They should have just named the bloody thing command.com.
Well, let me explain some of the problems that I've had with su.
Oh wait. I've never had problems with su. Ever. What is up with this???
All the two and three letter command names are already taken.
Doing everything as systemd do, and adding 'su', is likely a new security threat.
This will be a pretty serious security problem. It's harder than it should be to troubleshoot startup problems because of that.
There is no reason the creation of privileged sessions should depend on a particular init system. It's fairly obvious that is a bad idea from a software design perspective. The only architectural reason to build it like that is because so many distros already include systemd, so they don't have to worry about getting people to adopt this (incidentally, that's the same reason Microsoft tried to deeply embed the browser in their OS.....remember active desktop?)
If there are any systemd fans out there, I would love to hear them justify this from an architectural perspective.
"First they came for the slanderers and i said nothing."
Lennart Cartman certainly does love his systemd trapper keeper.
I'm alright with commands that have longer names. It's harder to mis-type and execute the wrong thing, and it's easier to know what is going on at a glance.
Same thing when reading code. I'd much rather work with code that has a method named getUserByGuid(), for example, than gubg().
Besides, nothing prevents you from aliasing the longer commands to something shorter if you so choose.
There's a lot of things about systemd that turn me off, but commands with longer, more verbose names is not one of those things.
Love sees no species.
But but.. how can I prove I'm a computer ninja if I don't have to remember vast lists of obscure command names, program switches and system calls??????
How long until systemd absorbs emacs?
If su was part of your kernel, you were doing it wrong.
Lennart OS should be called Lennix Not/Linux.
okay vlad this is about the worst
so we all realize that reza is kind of a bad person, but this? this is just almost primate-like. and for what? for why?
getting back on topic, there really is no need for a "su" or "sudo" anything, just directly log in as root. that is what we do here.
One and the same these days.
You should replace it with the fu command.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
problems since it ignores exit statuses, some syslog messages, and swallows stderr.
I heard systemd is going to be a full-blown video editor soon!
Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can.
... Lennart Poettering's long story short: "`su` is really a broken concept. ...
So every command that Poettering thinks may be broken is added to the already bloated systemd?
.
How long before there is nothing left to GNU/Linux besides the Linux kernel and systemd?
Jesus H. Fucking Christ.
It have filled alot on the internet lately, but comeon this is just ridiculous
on https://tlhp.cf/lennart-poettering-su/ there is 9 comments and amongst those we have:
talking about psychially and mentally handicapped people
talking about black people
talking about transgender people
talk about death and rape threats
talk about Third Reich
What happened to the geek world? Why is that shit everywhere?
It's harder to type an no more explicit what you're executing. And if everything ends with "ctl", then there are at least three letters no longer needed that produce NO VALUE WHATEVER.
To you want an easy way for unauthorized users to escalate to root? Cuz fixing things that aren't broken is how you give away root access!!
mistype and execute the wrong command? No, not a common problem. Unix has man pages to look up commands, and man -k to find commands for a topic. Simple.
And java conventions of long method camel case names are regarded as silly in other languages, descriptive short methods are very possible
user = User.getUserByGuidBecauseImAJavaTwat(gid)
vs
user=User.(guid=gid)
So systemd has ambition of being a container and VM management infrastucture (I have no idea how this should make sense for VMs though.)
machinectl shell looks to be designed to be some way to attach to a container environment with an interactive shell, without said container needing to do anything to provide such a way in. While they were at the task of doing that not too terribly unreasonable thing, they did the same function for what they call '.host', essentially meaning they can use the same syntax for current container context as guest contexts. A bit superfluous, but so trivial as not to raise any additional eyebrows (at least until Lennart did his usual thing and stated one of the most straightforward, least troublesome parts of UNIX is hopelessly broken and the world desperately needed his precious answer). In short, systemd can have their little 'su' so long as no one proposes removal of su or sudo or making them wrappers over the new and 'improved' systemd behavior.
Funnily enough, they used sudo in the article talking about how awesome an idea this is... I am amused.
The feature creep will be fast and merciless, but I'm just a systemd "hater", right?
So what you're saying is you like powershell?
Aliases are not realy a fix you can not reliably write shell script with them and stay portable.
No sir I dont like it.
On top of which why is "machinectl" a shell and not some sort of hardware function? They should have just named the bloody thing command.com.
Probably because userctl was too ominous sounding!
[aside] Wow, userctl.com was still open so I grabbed it. Great name for a Web 4.0 computer technology social media site pushing tons of clickbait at users!
A man who wants nothing is invincible
So the only reason why the Third Reich and the gas chambers were decried as inhuman is because "Haters gotta hate"??? Or does that empty homily need some supporting evidence as well so as to discriminate between that which is worthy of hate and those that aren't?
Because if so, you are missing everything.
I would think that it it would prove that you're a computer ninja if you can rememver that it is getUserByGuid() and not GetUserByGuid, getUserByGUID, getUserbyGuid, getUser, UserFromGuid, or any of the other million options or typos. Try mis-spelling "ls".
I, for one, welcome this addition... every privilege escalation path you add is good for literally years of paid contract work.
"Delivering" the wrong thing is not an asset, it's a liability.
And that's why Poettering is a liability to the Linux community.
machinectl shell is only incidentally similar to su. Its primary purpose is to establish an su-like session on a different container or VM. Systemd refers to these as 'machines', hence the name machinectl.
http://www.freedesktop.org/sof...
su cannot and does not do that sort of thing. machinectl shell is more like a variant of rsh than a replacement for su.
Did an editor even glance at this piece of crap before it was posted?
a su command functional
a) "an su." Write it like you'd say it.
b) what's a "command functional"?
c) you've got all the right words... just not necessarily in the right order
a lot concepts
I think you accidentally a word.
It will given you kind of a shell
Can it has cheezeburger too?
systemd is Roko's Basilisk.
As before by "fixing" more things that are not broken. It is really time to stop this abomination. Sure, there are some (few) things it does that actually have merit, but it doe them in the wrong way, and most of it is just plain bad for security, reliability and user choice. Why so much of the Linux infrastructure is handed willingly to this one bad actor is beyond me.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Godwin's Law!
See how it works? So many people just spew inanities, rather than address the real issues. That's why the world is in such a mess today.
Godwin's Law proven once again
All systemd needs now is a kernel and it'll be its own operating system.
I am a noob linux user since 2006 .. have remained same since .. i know a little bit of this n that .. everything felt simple and learnable until now ... now everything looks complex and feels like some one is saying " u dont need to know .. we got that .. (face saying -- smirk .. noob)"
First of all, there are two types of German engineering. Good engineering and over engineering. And there is a fine line between them. And it looks like Mr. Poettering crossed it. However, it could also be German advertising and that is either bad or worse. In general, you do not build bloated components. In old Unix days these where called programs and could be combined in various ways including pipes and files. In GNU days many of these programs were bundled together in one archive, but stayed separate. Now with systemd I am puzzled, is he really integrating that thing in the init system? Integrating something which does not belong to a init system? In that case he is nuts and definitely over engineering. Or he has just created a new program and just bundles it in the same package as systemd. Then this is acceptable, however, a little weird. It would be like bundling systemd with a sound service. Session separation or VM separation is a task of the operating system. And you may write any number of tool to call the necessary OS functions, but PLEASE keep them out of components which have nothing to do with that.
"su command is seen as bad because what it is supposed to do is ambiguous. "
-- end quote --
it is NOT ambiguous!!!!!
"su" is root BUT!!! with the normal users $PATH and settings
"su - " and "su -l root "
IS THE ROOT USER
there is NOTHING ambiguous there at all
now what Ubuntu did to "sudo"
THAT!!! is a problem
"I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
I am really tired of systemd. So really tired of the developers shoving that shit down the linux throat. It's not pretty, it seems to grow out of control, taking on more and more responsibility .... I don't even have an idea how to look at my logs anymore. Nor how to clear the damn things out! Adding toolkits should make the system as clear to understand as it was, not more complex. If it gets any worse it might as well be Windows 10!
init was easy to understand, easy to use. syslog was easy read easy to understand and easy to clear. All this bull about "it's a faster startup" is just ... well bull. I'm using a computer 20 times faster than I was a decade ago. You think 20 seconds off a minute startup is an achievement? It's seconds on a couple of days uptime; big f*cking deal.
Redhat, Fedora, turn away from the light and return to your roots!
Lennart Poettering's long story short: "`su` is really a broken concept
Of course to Lennart Poettering "su" is broken !!
Long story short --- To that egotistical son of a bitch, anything that is not made by him MUST BE 'broken'
'nuff said!
Muchas Gracias, Señor Edward Snowden !
No, no, really, I'd love to see why you think this is a good design decision. Why should the ability to run "su" depend on the specific init manager? Doesn't that strike you as brittle architecture?
"First they came for the slanderers and i said nothing."
.
systemd is on the way to turning a sleek, efficient Linux distribution into one loaded with awesome bloatware.
And it looks like there is no stopping Poettering's ego now that it's been unleashed.
Or does that empty homily need some supporting evidence as well so as to discriminate between that which is worthy of hate and those that aren't?
Don't hate, it's overrated.
"First they came for the slanderers and i said nothing."
You have to remember the same number of commands to do the same number of things regardless of how long their names are. Why make them hard to type in to of that?
Actually, the 'magic' in su is in the kernel. Basically, since it's marked suid root, the kernel sets the uid on the new process to root before it even starts running. The program itself just then decides if it is willing to do anything for you.
I'll keep sudo -s thx bye.
When you're trying to administer a bunch of systems, the speed at which you can get things done starts to converge on your typing speed. Commands that are twice as long effectively cut your productivity in half. (When you actually know what you're doing, you reach the state where you can see the exact sequence of commands you're going to enter in your head, understand exactly what you expect the output from the system to be after each step, and your interaction becomes an extremely fast loop of entering command and pattern-matching for the expected response, breaking out if anything deviates.)
If you can't do this, you probably aren't an effective senior sysadmin - unless you're managing something like 10k machines solo where the benefit from scripting/automating literally everything actually does outweigh the huge cost to develop the infrastructure to do so.
As an aside, people who type exceptionally slowly seem to be in the group of folks who don't mind longer names, somewhat paradoxically. I suspect that when "everything is slow to do" it starts to make more sense for them to be able to have everything a bit more readable.
The next update to systemd will incorporate emacs ;)
by how badly your hands hurt at the end of the day?
He's doing to Linux what Microsoft has been trying to do to Linux for decades now. Thanks, Red Hat, for sponsoring Poettering.
Redhat 6.latest and Fedora (17 or so ? (the most recent before systemd)). They have drunk the kool aid. Systemd has NO business offering an su function!
This is another step towards systemd becoming a complete OS.
Resistance is futile.
Your life as it has been is over.
From this time forward, you will service us.
The asshole Pissering is once again giving himself more credit than tens of thousands of grad students who have build the Unix system over literally generations. You can have the piece of shit systemd if you want, but please leave unix and linux alone. Go wreck someone else's system and leave mine alone. I didn't really have an opinion and was open minded until I saw the clusterfuck that ubuntu has become. And I went to mint. Ubuntu never ever gave me "systemd failed to start Load Kernel Modules", "systemd failed to start user service: unknown unit: user@0.service". Every time I hear Pottering and his "good ideas" clearly it sounds better in his head than anywhere else. I like the system as built. In this case, I use su as its intended, and I use normal user as they are intended. I don't need Pottering locking me out of my system because he thinks he should. If he were looking over my shoulder and telling me about how to use the system, his little fucking fingers would be broken and bloody, and likewise his nose would be attempting to suck air through the red. All I'm really looking for is a choice: if when installing, if you want systemd, you can have it, otherwise give me the rest. Being told I have to have it is the thing that I *really* don't like, especially since its so much of a clusterfuck (see error messages already posted).
Lennart Poettering's long story short: "`su` is really a broken concept.
One day, systemd will become too complex or something ... Lennart will declare it a "broken concept" and absorb it into systemd.
It must have been something you assimilated. . . .
I'm going to stick with Unix.
sense anyway). By "fully isolated", it sounds like machinectl breaks the audit trail that su has always supported (not being 'fully isolated' by design). Many *NIX systems are configured to prohibit root logins from anything other than the system console. And the reason that su doesn't do a 'full login' either as root or another user is to maintain the audit trail of who (which system user) is actually running what.
Lennart, this UNIX/Linus stuff appears to be way over your head. Sure, it seems neat for lots of gamers who can't be bothered with security and just want all the machine cycles for rendering FPS games. Perhaps you'd be better off playing with an XBox.
Have gnu, will travel.
GNU/Linux (already bad enough due a particular unnamed gasbag not shutting up) is being taken over and turned into Systemd/GNU/Linux.
System V was an engineering masterpiece and didn't need to be replaced. It could not be *improved* upon, it could only be *changed*.
I don't want Systemd rammed down my throat. That is not what I signed up for when I went to Linux. When will we, the users, put and end to this?
Make no mistake about it, systemd fundamentally changes (and makes a mess of) the operating system, and will destroy Linux as we know it. I am just at a loss at what I can do to help stop this insanity.
Year 2102: SystemD has replaced Air with Nanobots, Lennart Borgertting states "Air Is Broken Anyway." SystemD Planetary Hivemind Network continues to broadcast the mantra out to all other UNIX-colonies: > "We Are SystemD. Lower Your Sheilds And Surrender Your Data. We Will Replace Your Biological And Technological Distictiveness With Lennartness. > Your Culture Will Adapt To Us. You Will Be Assimilated"
Year 2102: SystemD has replaced Air with Nanobots, Lennart Borgertting states "Air Is Broken Anyway."
SystemD Planetary Hivemind Network continues to broadcast the mantra out to all other UNIX-colonies: > "We Are SystemD. Lower Your Sheilds And Surrender Your Data. We Will Replace Your Biological And Technological Distictiveness With Lennartness.
> Your Culture Will Adapt To Us. You Will Be Assimilated"
(Resubmitted because the other one was formatted horridly -- for some reason I had it set to HTML)
LP is doing is RH masters wishes with this.
RH has over time introduced Windows-ism into Linux to try to make it more palatable to corporate customers.
This to the point of getting yelled at by Torvalds, likening it to RH giving Microsoft a blowjob.
Basically, these Windows-isms bork when someone use su.
But rather than fix them so this is no longer the case, we get a smear campaign from Freedesktop PR attempting to make su seem like a broken concept.
Gnome is supposedly a GNU project, but at this point in time it has been co-opted by wannabe OSX developers backed by RH.
Freedesktop has turned out to be a RH bait and switch, claiming to be about making DEs more inter-operable while basically burying them in Gnome-isms.
And now systemd, in essence a second kernel enveloping Linux, making itself the sole arbiter between the kernel and the wider userspace.
Yes, it is all "open source". But shit changes so often, and so fast, and the head devs so firmly in architecture astronaut mode, that be best choice for anyone not already starved for oxygen is to grab anything not yet tainted and run for the hills.
By the time the whole Fedora/Gnome/Freedesktop/Systemd trainwreck has run out of steam they will have effectively forked Linux into some kind of Frankenstein-ian hybrid of the worst parts of OSX and Windows. All so RH can sell a few more support contracts to the corporate world (and perhaps gotten on the good side of the M-I-S complex).
Question is, how long before their inside boy GregKH use the newly approved kernel social guidelines to get Torvalds to step back from maintainer-in-chief of the kernel.
is he some little faggot goldenboy those homos at Redhogwarts like to sodomize?
"su" was replaced for almost use by "sudo" shortly after its first release in 1999, as a lightweight thorough, and fine grained replacement. Sudo's only flaw is the ability to sanity check and reject individual "included" files from /etc/sudoers.d, which makes editing them somewhat dangerous.
Mr. Pottering is, I'm afraid, insistent on replacing the entire UNIX and Linux infrastructure with a proprietary, Linux-only, sprawling and destabilized octopus that persists in breaking stable environments and stable tools.
The day will come when Lennart will "fork" linux and Linus will be out the door!
I didn't realize I'd been doing it wrong all these years.
Poettering is a paid shill.
Engineering decisions that defy logic are the same as political decisions that defy logic. They are in fact, usually the results of paid influence, and as such are entirely logical, from the point of view of the persons making those decisions. Systemd is intended to fuck up Linux and fill it full of backdoors.
Follow the money to Poettering from Red Hat and beyond. Make your own conclusions based on this.
The Unix philosophy is broken. The future is Lennart's philosophy.
"Do one thing and do it well" shall be replaced with "Do everything and do a half arsed job"
However, even without knowing Poettering and his previous work, you can see that the idea is half-baked. Look at the console examples closely.
Yes, nowhere does it prompt for a root password! Which means that anybody who can get to a virtual terminal can become root by just typing machinectl shell. And somebody who is logged in over the network (presumably...) can't log in as root at all, even knowing the password.
And frankly, what is the trouble of sneaking "unwanted" environment stuff into su? You have to enter the root password anyways, so the only thing which you could hope to achieve was what happens before password validation. And while in the past there had indeed be vulnerabilities that attacked su in such a way (sneaking LD_PRELOAD into it), these have been fixed since long ago.
You know, I've always felt that unix has lots of short commands in the same way that math has lots of small weird symbols[*]: You are creating a construction of pure beautiful thought, and the physical world just can't keep up with the flow of the idea. So to speed things up you invent a cryptic and highly specific language.
When you have things like tab completion, this is less of a problem so you can allow longer and less cryptic commands: machinectl shell is lot more acceptable if you have to type mas. Now if you are an advanced worker who has to read the result, you'll prefer su - its shorter so there is less of a mess on the screen to figure out. If you are one of the lesser gods, however, the machinectl variant is a lot more user-friendly, and as you are already slow, you just wont notice the difference.
And this switch seems to explain a lot of the systemd controversy: It is not designed for the advanced user. Instead it is idiot-proof, sacrificing advanced features , using more brain bandwidth and wasting computer power in the process.
Unfortunately, the strategy seems to be the right one. Look at microsoft's acive directory: At my company, the service desk can create accounts and do user and computer management, and propeller head stuff like kerberos just works and keeps us safe. Meanwhile, I managed to mostly get the same stuff working on a linux+java combo by writing arcane stuff in /etc/krb5.conf. One type and we're toast. Most of the others gave up years ago and continue to do ldap binds instead.
For good or bad, the age of the unix/linux gods seems to be over, and systemd seems to be a huge nail in our coffin.
[*]Imagine them writing proofs in cobol: Add x to y giving z, and please skip the first 6 columns of you blackboard
I've worked with systemd long enough to realize that systemd is a really broken concept.
OK I fucked up the tags: read it as: ... if you have to type m a TAB s TAB....
So, now we have to say "machinectl shell systemd-run do make me a sandwich" ?
Looks way more complicated.
https://xkcd.com/149/
Actually systemd is really a broken concept.
n/t
And java conventions of long method camel case names are regarded as silly in other languages, descriptive short methods are very possible
user = User.getUserByGuidBecauseImAJavaTwat(gid)
vs
user=User.(guid=gid)
And that makes sense to you? I don't recognize the language, but my guess it's one dot away from creating a user "user=User(guid=gid)". And if guid is a member variable, why are you assigning a value to it? Looks to me like you have some unnamed (...) function, does that imply "find"? Why? Go to your nearest CS school and 9 out of 10 pupils will figure out the purporse on the first function on the first try. You'd be lucky if 2 of 10 managed to guess the second. You're the kind of idiot which means people need 3-6 months of bootup time just to get into the head of the fucker who wrote the code.
I hate writing long variable and function names. I hate reading short variable and function names. And I've been back and forth, but here's my refined opinion: If you can't tell WTF the code is doing at a glance and want to add a micro-comment like "// find user", it's too obtuse. If you're trying to write a whole comment in the name like "getUserThatIsSomethingSomethingForWhateverBeforeThisAfterThat()", call it "getUser()" and write a damn comment. If it's ambigious, it's fine to start small and extend like if you used to have getUser() now you have getUserByGuid() and getUserByName().
As for the get/set prefix, I prefer the simpler user.guid() over user.getGuid() as it's really more a property than a function, you're just abstracting the implementation from the interface. Also you basically don't get any autocomplete before the 4th letter and it's not going to be consistent anyway, for true/false conditions you typically use "isSomething()". In this particularly case for a function I'd much rather call it "findUserByGuid()" though indicating it's a search on a set, not simply returning a value. Likewise if you have a class where you set numbers a and b and calculate the GCD, I'd much rather call the function calculateGcd() than getGcd() to point out that this function does the work. It gets a little ambiguous at times with "returnAddress()" the property vs "returnShipment()" the function where I sometimes reconsider that "getReturnAddress()" would be clearer but in 99% of the cases it's fine.
Live today, because you never know what tomorrow brings
Is systemd aiming to be the new emacs? It feels like soon it will be a so-so replacement for everything, except what it initially set out to be.
it merely speaks of how the chance of a reference back to Nazi Germany increases with time. NO MORE. It doesn't mean anything else.
About all it DOES say is that eventually the conversation will be ABOUT the comparison and NOT what the comparison was illustrating.
Which, ironically enough, is PRECISELY what you have done. So YOU are the one who fell foul and "lost" to Godwin. You can undo that utter failure on your part by, you know, actually looking that the comparison and either agreeing with it, or illustrating where it doesn't match the situation. However, and this is why YOU lost, you will not do that because you do not have the mental capacity to do so and must therefore obsess over the shinies.
Same with you other two retards there.
Care to explain why some explanation of why the censure of LP's moronic behaviour here is because "Haters gotta hate"? Or CAN I really use it to defend the holocaust and have you all agree with me?
So stop ruining Linux. If you don't like the way Linux works, then write your own OS. Stop taking Linux components and changing them. I have used Linux and Unix for decades and have skills with them and want them to stay the same so I can keep using them. I don't care if it's broken, I know how it works. I don't want to type "machine shell" when I've used "su" for decades. I don't care at all if Potterwhoever doesn't like Linux and wants to change it. He can write his own OS and do it exactly the way he pleases. But stop ruining Linux with these changes. Can't ANYONE stop this guy from ruining things?
I know it's trendy to hate IBM, but how about some nice and clear IBM i commands?
WRKDSKSTS = Work Disk Status
DSPLIND = Display Line Description
CRTUSRPRF = Create User Profile,
Etc etc etc? short and clear commands, promptable with f4 for dynamic help (no cryptic man pages)...
Wah systemd is so awful! Wah!!!!! Strangely enough dists like Fedora manage to do just fine with systemd in place. It's almost as if it works as advertised, the pitiful crybaby whining notwithstanding.
PoetteringOS
In the long run, he's not going to be satisfied until he's created his own OS, kernel and all because he calls anything he didn't write a "broken concept," whatever that is, and does his best to shove his version down everybody's throat. And, since his version is far more complex, far more pervasive and much, much harder to use or maintain, the community suffers. I do wish he would get off the pot and start developing the One True (Pottering) kernel so that the rest of the world can go back to ignoring him.
Good, inexpensive web hosting
This systemd guy is just like Ellsworth Toohey. As long as the sheep follow he'll keep pushing things further and further into idiotland and have a good laugh in the process.
"Kill man’s sense of values. Kill his capacity to recognise greatness or to achieve it. Great men can’t be ruled. We don’t want any great men. Don’t deny conception of greatness. Destroy it from within. The great is the rare, the difficult, the exceptional. Set up standards of achievement open to all, to the least, to the most inept – and you stop the impetus to effort in men, great or small. You stop all incentive to improvement, to excellence, to perfection. Laugh at Roark and hold Peter Keating as a great architect. You’ve destroyed architecture. Build Lois Cook and you’ve destroyed literature. Hail Ike and you’ve destroyed the theatre. Glorify Lancelot Clankey and you’ve destroyed the press. Don’t set out to raze all shrines – you’ll frighten men, Enshrine mediocrity - and the shrines are razed."
-- Ellsworth Toohey
lucm, indeed.
If you're not sponsoring Poettering yet, it looks like it would be a good idea to do so. :)
He has done more than anyone else to convince Linux users to switch to OS X
I apologize for the lack of a signature.
Lennart Poettering
Bringing bloat to Unix since...2009?
Chas - The one, the only.
THANK GOD!!!
I understand this is confusing and unexpected, but well, that's UNIX...
Pottering admits he doesn't do UNIX
At the rate that systemd is rewriting Linux, I imaging we'll see a full blown systemd distro by 2017. Names anybody?
is microsoft paying developers to join the linux community and tear it up from the inside out?
and he'll run it all over your Linux.
With apologies to Mae West for this awful paraphrase.
"Politicians and diapers must be changed often, and for the same reason."
change root (chroot) is almost as easy to undo as change directory (cd) . You can ALWAYS "break out" of chroot. The only thing making it inconvenient is if you don't know the syntax to refer to the new root you'd like to change to.
Chroot is not for security, it was never designed for security, and if your suckurity depends on chroot you are Doing It Wrong.
How can you use a shell if you have to look up every single command in the documentation?
I can understand your argument for scripting.
But for everyday maintenance these kinds of names are just a hassle to type and remember.
You can ALWAYS "break out" of chroot.
If you get a shell in one of my chroot's used for security, then.....
In short: I think chroot is plenty good for security. There's no way in hell you are breaking out, without a straight up kernel arbitrary execution exploit.
Poettering's Embrace and Extend begins.
Gee - who else did that?
"Well, bash was confusing and broken, so..."
Sounds nice, is there also a simple way to manage all of this?
But at this point, I think Systemd is not Linux. They should just fork off their own OS the same way Google did.
Why in gods name would you want to bind su inside of your init system. It sounds like this guy is much better off swapping to windows or mac dev and leaving linux alone. If sysadmins wanted large monolithic kitchen sinks (where complexity is compounded and security is weakened) for core functionality they would not be using a system that specifically is designed to not do this.
I think its more Poettering's Law, if it exists it of course belongs in you init system.
It is similar to the law of the instrument, which has become Poettering's law -- because the hammer exists.
I'm waiting for systemd to include emacs functionality. A decent init subsystem would be the only missing feature then.
If all you have is a Poettering, everything looks like systemd.
This whole thing feels like a set piece.
You will not merge SU, out of my cold dead hands.....
GreekGeek :-/
[...] the only way to avoid it [systemd] is to either run old distros or some other OS entirely.
A third option is to use a newer distro that does not use systemd. I run a Gentoo system that does not use systemd. You can also get up-to-date Debian based distros such as antiX Linux which don't use systemd. I imagine these are not the only options.
We don't see the world as it is, we see it as we are.
-- Anais Nin
... it's a monolithic hodgepodge.
> In short: I think chroot is plenty good for security
Check man chroot. The authors of chroot say it's useless for security. ,and more than security professionals like myself do. Let's find out.
Perhaps you think you know more than they do
> you get a shell in one of my chroot's used for security, then..... /dev, /proc, or other special filesystems
ur uid and gid are not going to be 0. Good luck telling the kernel to try and get you out.
There aren't going to be any
Gonna be kind of tthough to have a ahell without a tty, aka /dev/*tty* /dev. Can't launch a process, including /bin/ls, without /proc, so you're going to need proc. Have a look in /proc/1. You'll see a very interesting symlink there.
So yeah, you need
> mounted noexec
Noexec is basically a suggestion, not an enforement mechanism . Just run ld /path/to/executable. ld is the loader/lilinker for elf binaries. Without ld ,you can't run bash, or ls. With ld, noexec is ignored.
My company does IT security for banks. Meaning we show the banks how they can be hacked. When I say chroot is not a security control, I'm not guessing.
you can if you set up all your aliases in a script that is called prior to all your scripts, kind of like an includes :P
All your processes r belong to the collective. Resistance is futile. Your functionality has been unilaterally declared broken.
Nuf said.
Same thing when reading code. I'd much rather work with code that has a method named getUserByGuid(), for example, than gubg().
They are extremely different things.
I have probably typed the word "ls" an average of 300 times a year ever since I first learned it in 1979. It's a fundamental word in my computing vocabulary -- I type it fluently and automatically like a person speaking his native language. I type the word "ls" more often than I speak the English word "list". I am forever grateful that the designers of the UNIX shell realized that people like me would be using that word all day every day, and they had the wisdom and compassion to keep it short.
In contrast, getUserByGuid() is a method name in a piece of source-code. If I had to make a wild guess, I would say that the median number of times that a method name is viewed is maybe a dozen or so, during the entire lifetime of the source-code.
When comparing the frequency of encountering "getUserByGuid" versus "ls", there are orders and orders of magnitude of difference. You are extremely wrong, and I'm eternally grateful that the wise developers of UNIX knew just how wrong you are.
Who deviates from the norm of a simple command, to ones of sentences long.
My problem with this, though, is not necessarily the length (as long as I can tab-complete, that is, and to a certain extent), but the disconnect between length and readability. What dictates whether something falls into systemctl (the thing that controls...uh...the system, I'm guessing) vs machinectl (erm, the thing that controls....the machine, probably)? And what's a journal, why do I care about interacting with it, and why is controlling it separate from systemctl and machinectl? As a user at the CLI of my own system trying to interact with those things, I'd likely guess (wildly, from little context) that the "journal" in "journalctl" is not talking about filesystem *journalling*, which is something about managing my *machine* that the *system* should handle.
Long names are fine when they convey *intent*; to steal the Java code strawman from below, "getUserById(5)" is more obvious in its intent than "u(5)". If you have a long name that doesn't mean anything, you've accomplished nothing except making the user type more.
And yes, I'll concede that initially, "ls", "grep", and "cat" meant nothing. They were not good names back when they were created. But now, they've acquired meaning from years of ubiquity and familiarity, the point where projects like Ack describe themselves in terms like "a tool like grep", so they now *do* convey intent, because they've entered the "common vernacular".
but out of curiosity, what is your problem with PowerShell?
don't worry, that'll be fixed in the next patch
The systemd OS should not be called Linux. Call it "Red Hat Operating System" or "Pottering OS" or "MS-Windows"
Are the red hat shills still posting that?
Anybody still believe that systemd is not about red hat taking over linux?
> "Systemd is only an init replacement, nothing more. Nothing to worry about. It's not as if Red Hat is trying to take over Linux or anything. It's not as if this were an embrace-extend-extinguish strategy right out of Microsoft's playbook. It's not as if Red Hat were making Linux less functional and less reliable. Not as if Red Hat is forcing 'standards' that nobody wants (except Red Hat)." Not as if Red Hat is throwing away POSIX, and the UNIX philosophy for no good reason."
Well said.
I think we should get rid of Gnome, and work on MATE, or something like it.
This has been going on for years, and has years more to go. This is a long term strategy.
But why?
Why has Red Hat been replacing standard Linux components with Red Hat components, when the Red Hat stuff is worse?
Why isn't systemd optional? It is just an init replacement, right? Why does Red Hat care which init you use?
Why is systemd being tied to so many other components?
Why binary logging? Who asked for that?
Why throw away POSIX, and the entire UNIX philosophy? Clearly you do not have to do that just to replace init.
Why does Red Hat instantly berate anybody who does not like systemd? Why the barrage of ad hominem attacks systemd critics?
I think there is only one logical answer to all of those questions, and it's glaringly obvious.
A lot of this is over my head, but is SystemD just a copy of Apple's Launchd??
1) The only thing that systemd might do faster is boot. Since Linux servers are not booted that often, that is a trifling advantage, at best. Certainly not worth breaking everything that works.
2) Systemd does not always boot faster. Only under certain circumstances.
3) More resource intensive generally means slower on the same hardware. Systemd may boot faster, but it runs slower.
4) There are ways to improve boot speeds without breaking everything that works.
Devuan.
Alpine.
Void.
Gentoo/2
Etc.
Reject the rejects who have rejected *nix (Debian, Redhat, Arch, etc)
Remeber: if you hate systemd, you hate women. --Russel Coker, debian dev.
Lennart has his heart in the right place but seems to have risen too far too fast and could do with a bit of supervision to rein in his project of completely taking over linux without really understanding it.
If you're writing a shell script you should be writing it once, in which case 10 extra characters is not a burden.
its that simple major distros just go back to init. stop trying to fix whats not broken i swear every time Linux reaches its stable point some dev gets bord and starts messing up everything that other people have to fix. wayland and mir anyone.
He's got a bit of a track record of half-finished shit rushed to release that is a pain in the arse to deal with for at least a couple of years after it was supposed to be done.
For some reason his stuff finally works a couple of years after he's moved on from it to the next big thing - I'm not sure if he's moved into bugfix instead of rapid change mode on his old projects or if somebody else is cleaning up his mess.
Even after years of fixes NetworkManager and PulseAudio do not come up to the standard of the software that they replaced and 99% of the time when they fuck up there are not even any log messages to help you with it.
So there you go, some insight into why there are so many negative posts. It's not just "perhaps he's just smarter than you, and it's you who don't get it" - even if he is smarter that's not related to why he has annoyed a few people here.
>The program itself just then decides if it is willing to do anything for you.
"Yes, My Lord"
am VERY excited about typing machinectl shell instead of su
to be more like the windows NT registry.
I am glad I left Debian derived distributions shortly after the systemd corruption began spreading.
...for me but it is time to move on.
I've neither the time nor the patience to wait for this masturbatory nonsense to run it's course.
Then they are idiots, because the second one is perfectly clear for anyone that's written one line of object oriented code in their life. Oh, and I'm pretty sure the dot is a typo.
...make Linux so complex that paid support becomes more or less essential.
Now, who employs these people who create these all-embracing, ever-extending cesspools like systemd?
And how do they make their money? (duh).
And do they downvote comments that point this out? It certainly seems that way to me.
What an idiot
Domineer women or men, whatever he's into, and have them do the programmer equivalent of forced feminization.
Problem solved and no arbitrary death threats, just give him what he wants and shove him out of the way :)
>Implying that someone, anyone really, reads man pages...
So... Who are you and what did you do with the real iggy?
"So long and thanks for all the fish."
In the meantime, the api for looking up hardware info in the "hwdb" of libudev part has been silently moved from libudev (the wrong place already) into systemd itself (even more wrong). hwdb should have been a separate package/library from the beginning, but moving it further "in" has no merit on the technical or architectural level whatsoever. Here's what's going to happen: things like usb-utils and other third-party packages will soon use the systemd-internal api, and the bridge api in libudev will be deprecated soon (cause none of the systemd devs uses it anymore). Now all packages that depended only indirectly on systemd via libudev will be forced to depend on systemd directly. It's just another small and hardly noticed stab at init freedom... embrace, extend, extinguish...
I repeat: No technical reason. The sane thing (which has nothing to do with "Unix philosophy" but simpy with good software design) would be to factor out hwdb and make it an indepentent project with a clean and simple purpose.
The sane thing would be to decouple hwdb from libudev and systemd completely. But that is not the plan of systemd and its implemetors.
"you seam to have assumed every one else is stupid and that only your correct"
Actually, it's more that they will not attempt to see how the other people could be correct. They've seen the are correct, seen that they are not in agreement with others, therefore assumed they must be wrong. However, that's false binary thinking. Both are right, but they don't conceive if this eventuality being possible.
So what you're saying is you like powershell?
Aliases are not realy a fix you can not reliably write shell script with them and stay portable.
In scripts long names are fine, I would even say preferable.
However when I'm SSHing into a foreign box (that I what I do most of the time) then I like to have my rm, ls, cd, mv, vim, and other short commands _already configured_. I cannot imagine if I had to configure my aliases each time I SSHed into another machine. Also, if the aliases are up to the user to configure, that means that every user will have different aliases and we'll be back to the Tower of Babel when trying to communicate with other sysadmins.
It is dangerous to be right when the government is wrong.
Try mis-spelling "ls".
Watch this Heartland Institute video
By not being a halfwit?
Why did Mr Poettering and the people aroung him did not do integration tests at all? Why did `systemd` became such a philosophical foundation, as it is now? And why?
Wouldn't it be so much easier, if just a bunch of people would have integrated `systemd` and those people would have cared and reported any issues around that new model, so that it could have evolved and grown to fit to practical purposes?
But instead, what happened was, interested persona dumped their stuff to official addresses of those people that are (more or less) involved in that business.
Well put. The notion that *nix is a structure built by many people, with many bricks (and many eyes on each) is being violated. Its not about using larger bricks, its about using one brick? How will that brick be patched? How many eyes are on that brick? How does the community build and grow Systemd? Its time for a split,probably going back to volkerding's work, or BSD and rethinking init and networking and .. sure. sudo as well.
Who has the leverage to ask why more is being done by fewer and fewer?
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
LP's previous fix was done to the sound system pulseaudio. Similarly with majestic scope and intentions. Has it changed what I can do with sound? No, not really. Its still not complete.... at least from the user perspective looking inward. I have an audio slider on my Fedora Desktop. there are still several audio mixer devices that not found/detected. How about we ask LP to finish that work (realized by a finished product in redhat desktop product) rather than "fixing" everything else.
Time for a new Political party in the US (or two!) One is off the rails Other cant pony up a leader.
I'm alright with commands that have longer names. It's harder to mis-type and execute the wrong thing, and it's easier to know what is going on at a glance.
Same thing when reading code. I'd much rather work with code that has a method named getUserByGuid(), for example, than gubg().
Besides, nothing prevents you from aliasing the longer commands to something shorter if you so choose.
There's a lot of things about systemd that turn me off, but commands with longer, more verbose names is not one of those things.
When I have a lot to do I don't want to have to consult the man page every 10 seconds for proper syntax. KISS - The first thing I do on a new system is run /usr/bin/clear /usr/bin/cls
ln
CLS is the only DOS command that's better than the Unix equivalent.
Like I think all of the Systemd stories, sensational article is sensational. If you actually read what machinectl is, you'll see it has nothing to do with the su command, and it's also not suppose to replace it. Basically, from reading for about 1 minute, machinectl is to execute operations on VMs and containers. Last time I checked, the su command don't do that and have nothing to do with it. Probably someone asked Poettering, "Hey, would be nice to have root shells in a VM"
http://www.freedesktop.org/sof...
machinectl may be used to execute operations on machines and images. Machines in this sense are considered running instances of:
Virtual Machines (VMs) that virtualize hardware to run full operating system (OS) instances (including their kernels) in a virtualized environment on top of the host OS.
Containers that share the hardware and OS kernel with the host OS, in order to run OS userspace instances on top the host OS.
The host system itself
http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
it wanted to create a remote agent on every computer to have complete access to them?
we are probably just months from having systemd phone home Windows 10 style....
Uhh. Fedora is so full of problems that a month after we deployed it, we had to take back a dozen machines that refused to boot. We (sadly) ended up putting Ubuntu on them just to get people going. If you're wondering, we're one of those rare IT departments that will install Linux on workstations for the rest of the staff.
Sure if you remember to use the new coke version of the command.
Look at rhel/centos 7 ifconfig is no longer standard everything done via ip. I've seen good programs do this right look as a if called as recognise their flags etc.
No sir I dont like it.
I've been holding out a while but I'm becoming really uneasy with systemd as developments open up. Here's hoping that as more people jump to FreeBSD, support for up-to-date hardware in that OS will be developed faster. For now I'm stuck on Linux on this Haswell Thinkpad.
You haven't been paying attention these last 20 years when every unix vendor has replaced SysV init with something else.
Writing init scripts is not a one time annoyance, at least not for distro maintainers. They are also not portable between distributions, as systemd unit files are. SysV init is also literally the dumbest form of init, where the init process has no information about dependencies, and cannot react sensibly to any changes in system state. Another sticking point involved the inability of the system to track processes accurately, which resulted in a number of kernel-level features over the years, of which cgroups are merely the most recent. Yes, it's fairly rare to have things go wrong, but pidfiles are unquestionably a bad hack.
Init is a misnomer. It was supposed to be the method by which your system changed states, but it was never very good at this, so people are used to thinking of it only as handling a few rare circumstances. The problem systemd solves is how to get the computer from state A to state B reliably, and guarantee that the services it manages are started properly. Startup and shutdown are special cases of this problem. It is built on kernel-level features that allow it to track processes accurately (and incidentally also track resource useage).
Systemd is the result of a number of (IMO) obvious choices. Cgroups exist, therefore it makes sense to write a service management tool to take advantage of them. As long as you're writing a service management tool, you should probably write in dependency resolution. Handling startup and shutdown is another logical choice. Also, since 95% of init script contents are common tasks, it makes sense to abstract out that stuff into a common C-based library. At this point it is relevant to note that, cgroups aside, OpenRC does this exact same thing.
Writing scripts is part of UNIX, and systemd coexists with them pretty happily. However, rewriting scripts into more flexible C libraries is also part of the UNIX tradition. What's so hot about these scripts, besides that you're more comfortable working with them?
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
Sounds like you're someone who thinks they know about security. You probably do know something, not as much as you think.
I want you to look it up and admit your error. Chroot is easy to break out of if you know what you're doing. Don't feel bad, however. I have to correct people on this a lot. Often by showing them. Solaris, Irix, Linux, doesn't matter. It's not a jail. For what it was designed for it works well.
I'm not going to show how to do this on slashdot. I get paid to do that, however it's out there if you know where to look.
I think Linux is hijacked...
Aliases are not realy a fix you can not reliably write shell script with them and stay portable.
Huh? Of course you can, you just define the aliases at the beginning of the file.
And, of course, there may well be built-in aliases, especially for commands that have well-known historical names. PowerShell does exactly this - for example, "Get-ChildItem" is aliased as "ls" out of the box, and "Copy-Item" is aliased as "cp".
I think of congress.. , the house and the senate both.. I think of professional politicians, I think of the White house. I even think of the professional timewasters.. sorry, .. politicians.... in the Canadian Parlaiment . And, now, increasingly, when I think politics, I think of Linux.
I've been a fan of systemd since its inception, however, I think including su into is going a bit too far. I'm going to have to read Lennart's blog and his reasoning on this one...
"It would be like bundling systemd with a sound service."
Lennart created or was a significant early contributor to the Pulse audio project, so I won't be surprised if the sound service was already bundled with systemd.
The article gives an example of a major thing wrong with this project.
My post is about it not being the first time.
My post is based on an assumption that whoever reads it has read the article summary above.
>In short: I think chroot is plenty good for security. There's no way in hell you are breaking out, without a straight up kernel arbitrary execution exploit.
Sounds to me like you are banking on kernel exploits being more rare than they actually are.
Yes grsec helps a great deal.
No it doesnt block all exploitation vectors (and has, in fact, been shown to allow code execution when exploiting a write-what-where primitive combined with a bug that will leak kernel stack contents.)
Sounds to me like you are banking on kernel exploits being more rare than they actually are.
Well, from a chroot environment running as a non-root user: it is going to be a technical challenge to make calls to the kernel directly, and for all you know a syscall filtering mechanism is in place, And chroot is just one of the early lines of defense.
Instead of just making things up why don't you read what was written at the time - it's still on the internet
http://0pointer.de/blog/projec...
Nothing more hilarious than "correcting" someone and getting it wrong!
Don't take it from me - cure your ignorance by reading what Lennart wrote about his init system at the early stages:
http://0pointer.de/blog/projec...
no, the standard "su"/"sudo" is not deprecated so its not an issue. people write specific programs to solve specific issues for them.
"The hands that help are better far than lips that pray." - Robert Ingersoll (1833-1899)
hasn't your mum changed your nappy in a while as your post is full of shit.
"The hands that help are better far than lips that pray." - Robert Ingersoll (1833-1899)
And once again the Windows moron Poettering demonstrates his lack of understanding of UNIX, in this case, how su(1) works:
su - login_name
will provide a FULL, COMPLETE environment of the login_name user.
Poettering, you are so a moron that it's enough to make grown men cry.
Time to support (with time and money) Devuan project more seriously? Or any other SysV init based distro?
I think, he is on a mission to destroy Linux. Stefen Elop did same thing with Nokia, pretending to help the company.
Lennart Poettering's long story short: "`su` is really a broken concept
Su is not a broken concept; it's a long well-established fundamental of BSD Unix/Linux. You need a shell with some commands to be run with additional privileges in the original user's context.
.......
Not broken perhaps... but limited for sure.
Anyone that has had to maintain a lot of machines in concert with a lot of other admins
has run into the limits.
A serious limitation is that su and sudo fail to address management strategies
that are enabled by MAC (mandatory access control) and the other security enhancements
that have been built into modern systems. Access control lists (ACL) are not sufficient.
I personally like the be a God bit and SUID/SGID concepts but I no longer work on
100-10000 count clusters of machines. What I cannot comment on is the answer
to the question: "Is this an improvement?".
Of interest the parallel to this are all the Windows 10 security changes and
policy redesign. I cannot ignore Apple and "OS X" where they have done such
a nice job making complexity invisible.
Those that hold on to "su and sudo" are holding on to the devil they know.
But as we have seen from email gate, the Snowden blizzard security breaches
and to include the exposure more than just the players on the hacked AshleyMadison site
but the reality that 95% of the female profiles were fiction and an expensive fiction
at that.
Some are important: http://thehackernews.com/2015/07/Patriot-anti-aircraft-missile-hacked.html
Does this mean I will be able to right-click on something and Run As Administrator in Linux now? Or does this mean I am going to have to spend a few hours scouring Internet forums to find the one person that bothered to post a command in a thread somewhere that I can copy/paste into that black window thingy people call a "terminal"?
Upstart was much more limited in goals and utility than systemd, and it took (arguably) the wrong approach to dependency resolution. It was an evolutionary upgrade with many of the same problems as SysV init. Rightly or wrongly, systemd is using the functionality provided by cgroups to implement a more-or-less complete plumbing layer for Linux services. You could interpret that as codifying, standardizing, and integrating existing components and features, or you could interpret it as absorbing functionality that should be seperate. The reality is likely somewhere in between. A lot of this is sensible -- timers for example are an obvious part of service management. But there's a lot of pushback from people who are used to writing both the script and the cronjob ("...uphill both ways! and we liked it!") and want to be able to use any POSIX-compliant cron daemon they choose. That they choose to use the default one and can continue to do so with systemd is seemingly beside the point.
The detractors who accuse Poettering of creating his own OS are not completely wrong. We are moving from a period of recommendations (e.g. Linux Standard Base) to a more integrated system, which is expected to manage services intelligently instead of letting anything that wants to snag an interpreter do whatever it wants to the system. For most people it is a sudden and far-reaching change. It was not created suddenly, however, and the foundational technology shift (cgroups) could be mistaken for a small and subtle one. As I've said, I think that most of what has been built on the core systemd/crgoup functionality are fairly logical extensions. Handling e.g. user sessions should probably be a core part of init and system management, especially if you're going to use cgroups to manage those processes, and especially if no one else is doing it. I'm sorry you're having hibernation issues, but I don't think you've even stopped to consider the idea behind systemd before passing judgment on it. If Linux had cgroups when it was first written, every part of systemd would have been written by someone else already; it makes too much sense to not use the functionality. Upstart would use them, and it would still probably have been replaced by something that starts dependencies on demand. Certain decisions about systemd components may not have been made with your use-case in mind, and I'm sure that like any other piece of software, bugs abound, but it is certainly not a "dumb idea": it's the way forward. The days where the only job of the OS was to start an interpreter are over.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
wtf ?