Slashdot Mirror
Security Updates Released for Debian 8 and 7 (debian.org)
An anonymous reader writes: The Debian Project just released Debian 8.5, which adds 65 security updates to the stable release. They're also releasing the final update to Debian 7 (codenamed 'wheezy'), which includes "all other security updates released during the lifetime of 'wheezy' that have not previously been part of a point release."
They're emphasizing that each of the new updates "does not constitute a new version...but only updates some of the packages included. There is no need to throw away old...CDs or DVDs but only to update via an up-to-date Debian mirror after an installation to cause any out of date packages to be updated."
They're emphasizing that each of the new updates "does not constitute a new version...but only updates some of the packages included. There is no need to throw away old...CDs or DVDs but only to update via an up-to-date Debian mirror after an installation to cause any out of date packages to be updated."
A heart-felt Thank You to all contribuitors of the Debian project - your work is driving many platforms all across the world.
If this is the final update to Debian 7, then it's just about time for the FreeBSD migration to begin.
It's no secret that many Debian users have experienced significant problems with systemd since it became the default in Debian 8 "jessie".
These problems include Linux installations which no longer boot properly due to various problems with systemd.
So some Debian users have chosen to remain on Debian 7 as long as possible in order to avoid systemd.
Now that the days of Debian 7 appear to be coming to an end, these people will have to make a big decision.
They can't keep using Debian 7 if it's not receiving bug fixes, and they can't use Debian 8 if it includes systemd.
Obviously those who need to keep using Linux will have to move to another Linux distribution, although this is problematic because almost all of the major Linux distros now use systemd by default and require awkward hacks and workarounds to run without systemd.
There is the Devuan fork of Debian, but it's still a small, immature, niche Linux distro.
Those who aren't tied to Linux are seriously considering alternatives.
PC-BSD is becoming known as one of the best options for desktop/workstation Debian users seeking refuge from systemd.
Others are switching to OS X, and a minority have even chosen to use Windows 10.
Those running servers are tending to choose FreeBSD.
Some others are choosing OpenBSD, especially those running servers that must be highly secure.
systemd has proven itself not only to be the worst thing that has happened to Linux, but it has actually turned out to be one of the best things that has happened to the *BSDs.
systemd has effectively forced many of the best Linux users away form Linux to the *BSDs and other OSes.
When computing historians look back on this period of time, they'll note that systemd was more harmful to the Linux community and its existence than anything else, including SCO and Microsoft.
Distrowatch.org is the site for distro update news.
Hi mania guy, how are you? APK wants to form a group for people with extreme OCD and related disorders, why don't you go join him?
Is not really useless, I just use it without systemd.
Does this come with the Debian Subsystem for Windows and the Subsystem for Windows Applications so I can run real software on it?
As I write this, this story has been on the front page for nearly and hour, and there are 13 comments to this story, but none are being shown by default. I thought it was a bug with Slashdot at first. But after changing the threshold to -1, I see that there are in fact 13 comments, it's just that they're all at 0 or lower!
While some are obviously useless comments [like that one] that were rightfully modded down, at least two civilized/on-topic/relevant/informative/insightful comments [that one and that one] have been modded down to -1 for some unknown reason.
Something is clearly wrong when a story has 10+ comments, yet none are shown by default, and the ones that should be shown were inexplicably modded down to -1 for some reason. It bugs me that I now have to browse at -1 to see any comments at all, especially good ones that should have been modded up! The whole point of me coming to Slashdot is to see the comments!
How's that "Post Anonymously" button working out for you?
Debian point releases merge all security update up to that point and integrate them into the main archive. So if there was a security update 2 months ago, that will now be part of this point release. (That way, if you download the newer installer, you don't have to install all of these security updates after the initial installation.) But point releases don't consist of just merging previous security updates, but also include bug fixes that weren't handled by the security team. That can mean low-impact security issues (where the security team felt that an out of band update was not warranted), but it can also mean just plain bug fixes that aren't security related.
So yes, the point releases do contain security updates, but if you have the security archive enabled (and you should!), you won't get 65 new security fixes with this point release, because you probably had already installed those updates.
One major bug affecting Debian 8 is how systemd is the default init system,
You might not like it, you might think it's a stupid decision, you might call it a misfeature, but it's not a bug.
and it's not at all easy to switch to another init system (like sysvinit, or OpenRC, or one of the many other alternatives).
Switching to sysvinit is very easy: apt-get install sysvinit-core and reboot. While I personally use systemd and am quite happy with it, I've done this many times to test stuff.
OpenRC was never really supported in Debian (also not previous versions), because nobody did the work to get it there. They can still do so for Stretch btw., if they are really interested. Nobody has stepped up enough yet, though. Only switching to Upstart is non-trivial, but that's mainly the fault of the Upstart maintainers in Debian not caring about it anymore. (And that doesn't surprise me: as much criticism as systemd gets, there are quite a few people that actually like it; and I have yet to meet a single person that likes upstart, save for its developers.)
There have been many serious problems affecting systemd.
Like many other core pieces of software, any problem in there will have serious consequences. I've had far more trouble with the kernel and Xorg than with systemd, and I still use those.
For example, about a week ago we learned how a systemd change broke critical programs like screen and tmux.
Which will never affect Debian stable, because Debian stable will keep the systemd version with which it was first released, with potential bugfixes backported - like any other package in Debian stable.
That said, the example you chose is not really clear-cut: I really want there to be a mechanism to clean up after user sessions (I've had enough software misbehave in stupid ways and leaving processes running around that caused trouble), so the change in systemd there is not a bad thing in and by itself. The problem here is that you should be able to explicitly leave some processes running in the background. But any solution to that (regardless of whether it has to do with systemd or not) would mean that you'd need to modify the legitimate use cases to use some hook to say "yeah, I need to stay around", whereas all the other programs should then be killed. (Alternatively, you can stick your head in the sand and pretend that left-over processes aren't a legitimate problem, which is what I've seen a lot of people do, because they reflexively react to the name "systemd".) Btw. just because systemd upstream changed a default setting, doesn't mean distributions have to follow. (And I'm not saying that systemd upstream is necessarily right here; it might have been better to first get support for this into screen, tmux etc. and then switch the default.) The current systemd package in Debian unstable doesn't change the default, btw.
Clearly a large segment of the Debian community is troubled enough by systemd and its implications, given how the Devuan distribution was forked from Debian.
To me that looks more like a small, but very vocal, minority. I had the impression that most Debian users just don't care that much about the init system. But perceptions can vary, obviously.
If other Linux distros, like Gentoo, can easily support multiple non-systemd init systems, then why doesn't Debian?
You're shifting the goal post: first you complain that systemd is the default, then you complain that Debian doesn't support alternatives? By virtue of definition something that is the defau
Something like systemd that has repeatedly prevented numerous Debian installations from booting properly isn't a "misfeature". It's a bug, plain and simple.
The saddest thing about systemd is not systemd itself, but rather how it highlights the big problems of the Linux "community". People, init systems were a solved problem more than a decade ago. Can we spend all this wasted time and effort on something that actually does need major improvement and that a significant amount of users actually care about instead? Pretty please?
People, init systems were a solved problem more than a decade ago.
Really? Best I can tell people have been spending the best part of several decades attempting to fix systemd, from the numerous programs to combat the fact that it was missing functionality, to the many groundup re-writes. It is only 2015 when people finally standardised on one of the very VERY many replacements that have been attempted.
People who say the problem was "solved" long ago, don't understand the problem, don't understand the context of the requirement, or just plain want to stick their fingers in their ears and shout la la la.
systemvinit is far from perfect, especially from the point of view of many maintainers, so it can equally be called a bug plan and simple.
"Everybody" ? It's your personal nickname ?
As pretty much an end user and small time admin of two or three boxes, I don't care what init system my distro of choice (Debian for servers, Mint for desktop/laptop fwiw) cares to use, as long as a proper job is done of configuring it so it actually works.
My only concern was for the binary logging, simply because that seems so "un-linux-like" but since Debian ships things to be dual logged or have the logs redirected to their traditional plain text locations/format it is really a non-issue. At least for me.
Don't blame me, I voted for Kodos
And I've had numerous cases in the past where due to the fact that the bunch of scripts that come with sysvinit don't have any kind of limits behind them (especially time limits), a system (headless, to make it worse) would get stuck during shutdown and never properly reboot.
At least from my experience, booting has been much more consistently reliable with systemd than without. I used to dread having to reboot headless servers before systemd, just because I was never quite sure whether they'd come up again. (And I had numerous cases where they didn't, because of some weird race condition that would be triggered only every now and then in the init scripts.) And if I think about it, I can't remember the last time when I worried that whether a given would boot again.
I get that this isn't the experience everyone has had; but at least from my perspective, if there are problems with systemd, they are far easier to debug (if you know how by reading the appropriate docs) and are far more consistent - so that if something doesn't boot, it will reliably not boot until you fix it, instead of having something that sometimes might boot and sometimes not, and other times get stuck half-way in between.
Is systemd perfect? No. Have there been cases where bugs in systemd or at least the integration of systemd with the rest of the OS have caused serious issues? Sure. Does systemd have bugs? Sure. (As does any piece of software except for the most trivial programs.) But that doesn't mean it makes sense to call the decision to make systemd the default init system a bug. (Which is what I responded to.)
I have zero love for systemd, but I'd say a bigger problem facing Windows refugees is GNOME. But then again, who knows? Maybe ex-Windows users would feel more at home with opinionated software breaking user and dev control when it feels they go against its "brand." Maybe they're used to some idiot breaking everything and blaming everyone else, because the sane, functioning-for-decades way goes against the way they think it should be.
Hello Allan Jude, Brandon Mercer or Joshua Stein!
I know of no one but *BSD users that hate systemd so much. None of them have RTFM.
Want your syslog back? Set ForwardToSyslog=true in /etc/systemd/journald.conf. There, solved!
That issue seems to be one of the top complaints from *BSD users.
Sorry.. that reply was meant for the troll at the top not the anonymous coward I replied to.
honest question, what's wrong with sysvinit?
I could agree with this, but my problem is upstream. The systemd folks keep breaking or changing things that were once standard, documented and could be counted on. Most recent on slashdot was breaking the backgrounding of processes. Given the creation of an 'su' function I'm waiting for su, sudo and the like to be declared broken and for the accompanying posix calls to be superseded by function in libsystemd.
My product had our (once) portable init script broken in RHEL7.2 by a systemd change that now declares that the init.d script cannot be a symlink to the product installation area. This worked in RHEL 7.1 with systemd and with prior releases and other (pre-systemd) distributions. Yet another gentle nudge to doing things the systemd way, or else.
If I trusted upstream to maintain a interface that could be made portable I'd be less resistive to systemd. It provides some good features, even if the architecture is awful. A sane, portable re-implementation for be made once the current architecture shows its problems. But a re-implementation won't be possible with an upstream that breaks compatibility without a second thought.
The fact that the community has accepted this so willingly makes me dread the day that Linus gives up the reigns of the kernel. It's not unlikely that we'll wind up with the kernel being led by a twit, a push over or a committee.
Can we spend all this wasted time and effort on something that actually does need major improvement
But the wheel, the wheel! It's not round enough. BIG enough. Wrong color spokes. It's not square enough. It's too big, too fat, too thin, too small, too big... Why did you do it this way, you moron?
It's easier to solve a already-solved problem, that way you can "prove" to your elders (or yourself) that you're smarter than they are. "Look at all the silly things you did wrong", as I conveniently have 20-years of hindsight and improvements to build upon.
Like somebody below: I don't really care about systemD one way or the other, except that it fails in odd situations and configurations, something i seem to specialize at. If a system won't boot and i can't easily fix it, it's broken -- and not just because it won't start, either.
One major bug affecting Debian 8 is how systemd is the default init system, and it's not at all easy to switch to another init system (like sysvinit, or OpenRC, or one of the many other alternatives).
Its very easy to remove systemd from Debian 8
http://without-systemd.org/wik...
I do this ALL the time, never have problems.
In the free world the media isn't government run; the government is media run.
systemvinit is far from perfect, especially from the point of view of many maintainers, so it can equally be called a bug plan and simple.
But its imperfections are very well understood. That counts for a LOT.
In the free world the media isn't government run; the government is media run.
honest question, what's wrong with sysvinit?
Its a bunch of unstructured shell scripts with little in the way of dependency management.
its a bit like the Debian pre-inst/post-inst system used in the dpkg packages, which are very primitive compared to the rpm format. For example, in rpm you can get a list of all the permissions and ownerships of the files installed, what they are supposed to be and this comes from the package management system itself, 'for free'. To figure this out in dpkg its a shell script debugging problem. I imagine that the systemd people see sysvinit in a similar way and that they believe they can do better. Time will tell.
In the free world the media isn't government run; the government is media run.
Maybe you have the ability to understand all the imperfections of all the systemvinit packages scripts across all the distribution. Kudo to you, because very clearly the vast part of the packages maintainers have given up with systemvinit and applause loudly the huge architectural progress that systemd bring on the table.
As a user and as a embedded system designed I also found systemd far more in line with my expectation about how a system should work. In fact I have see for more than 10 years different embedded systems projects trying to code some features of systemd because systemvinit is basically just a convention that bring almost no feature to manage a system: With systemvinit everything are into the packages scripts and there are not normalized and bring no global nor coherent view of the system.
Most recent on slashdot was breaking the backgrounding of processes.
Which is disabled by a simple option in the config file. Which Debian has done, btw.
My product had our (once) portable init script broken in RHEL7.2 by a systemd change that now declares that the init.d script cannot be a symlink to the product installation area
Really? Are you sure? I just tried that and it works.
My product had our (once) portable init script broken in RHEL7.2 by a systemd change that now declares that the init.d script cannot be a symlink to the product installation area.
This was a bug that had been fixed: https://github.com/systemd/sys...
I can see how if you are supporting/developing a package for internal or public use that dealing with that type of change would be problematic.
But it is also the same situation hardware manufacturers who don't provide completely open (or do, but don't maintain) code are in regarding Linux kernel code and having a standard ABI to work against. For an example of this look at NVidia proprietary drivers. And sure, you can argue that they are proprietary drivers, but as a non-Stallmanite I'm OK with a closed driver/binary blob if it means I have well supported 3d acceleration...
Don't blame me, I voted for Kodos
Most recent on slashdot was breaking the backgrounding of processes.
Which is disabled by a simple option in the config file. Which Debian has done, btw.
Yes, but I won't how long until this non-default config breaks something else. I don't trust them.
My product had our (once) portable init script broken in RHEL7.2 by a systemd change that now declares that the init.d script cannot be a symlink to the product installation area
Really? Are you sure? I just tried that and it works.
Yes. From https://bugzilla.redhat.com/sh...
"Note that the real location of the init script must be on the partition that is mounted in the initial ramdisk (initrd)"
I guess I've always assumed the bar for maintaining interface stability for users space was much higher. The interface line has always been between kernel and users space. I'm not ready to give that line up to the systemd team. But we have to support our users so we don't get to choose. So I try to make sure lapses don't go unnoticed in the hopes that systemd culture might change with enough "gentle nudging" from the community.
And I've never been what I would call a Stallmanite either, but seeing where all the concerns are with mobile and IoT devices not getting updates, I can see that we are about to find Richard was right, yet again.
Nobody can even criticise constructively systemd without being dismissed, insulted or called lunatic. There is absolutely 0 patience for the Poettering cult.
It counts much more that they have been well understood for decades.
Would you care to elaborate on there? I have seen proponents of systemd extolling the properties of systemd and the cloud. Now why an embedded proponent would prefer a more complicated system somewhat escapes my understanding.
I fixed it far better installing pinning systemd to -1.
The problem is not as so much as systemd being the "default". The problem is in upgrades or installations, being forcefully "upgraded" or having systemd installed without recourse or choice. Lets see if pinning will keep on working in Debian 10...
Usually ro mounts are not a good sign....Corruption and/or hard disk failure. Google a little around how to optimize Linux and FreeBSD for virtual environments.
When your design a embedded system you will be more than happy to have a standard file format to manage all the applications that the system run, including the application provided by the distribution, the applications you code, and the application provided by others parties. This not only make a common language but allow to manage globally all the applications with a simple and powerful tool. Because systemd take care of the dependencies, the reliability is far better and if something go wrong there it's easy to spot the problem by query systemd. I like to emphasis that the most enjoyable aspect is the normalization of the management interface that make all operations independent of the nature of the application to be managed. With systemd you can query the status of everything at once and the report is crystal clear. There no more PID file of lock file insanity. No more abject cron file format that is unable to manage subtle time dependencies. No more abstract number for runlevel with different purpose between distributions. Systemd provides very reliable start, stop, and restart operation because it monitor the application while the vast majority of systemvinit basically only count on assumptions and luck. It's very easy to modify an application to make it able to at least notify systemd about his state and this allow systemd to be far more reliable and efficient.
I was building Linux embedded systemd since near 20 years now, and I have experimented virtually every major way to build them, from custom build scripts, scratchbox 1 and 2, buildroot, openembedded and the like, openwrt, and some commercial solutions too. I now have replaced all of that crap by a standard Debian distribution and this absolutely rock. It's far more easy to manage, to develop, to deploy and it's also more documented, tested and secured. Really it's time to throw away the venerable old school recipes, even if there was good for several previous decades, and to concentrate to the new age of computing where even a watch is incredibly more powerful than the monsters systems that bring life to UNIX near a half century ago. Systemd is part of that change. Wayland too.
What's count even more against systevinit is there total inability to understand and fix there decades long imperfections even when users and maintainers have loudly complained about since so many years !
Even the creation of upstart was not taken seriously by systemvinit fans. It was a full red master alarm: if systemvinit don't move it will be dead in a few years. Systemvinit hasn't moved at all. Enjoy systemvinit death, at least on major Linux distributions.
I think the main issue is that there are people like ruir that write garbage, like for example here in this thread. They basically don't want any discussion, just trolling.
For example, about a week ago we learned how a systemd change broke critical programs like screen and tmux [slashdot.org]. ...due to a poorly chosen config default in Debian *which was then reverted within a few days* but will now be referenced in every anti-systemd rant from now until the end of eternity.
The problem is not as so much as systemd being the "default". The problem is in upgrades or installations, being forcefully "upgraded" or having systemd installed without recourse or choice. Lets see if pinning will keep on working in Debian 10...
I haven't seen any problems with things getting 'unpinned' so far, it works fine. It is possible Debian 10 may have no sysvinit at all but hey by that time I hope my network will be mainly docker containers and I won't have to worry about the hosts so much.
In the free world the media isn't government run; the government is media run.