Systemd Named 'Lamest Vendor' At Pwnie Security Awards

Long-time Slashdot reader darkpixel2k shares a highlight from the Black Hat USA security conference. The Register reports: The annual Pwnie Awards for serious security screw-ups saw hardly anyone collecting their prize at this year's ceremony in Las Vegas... The gongs are divided into categories, and nominations in each section are voted on by the hacker community... The award for best server-side bug went to the NSA's Equation Group, whose Windows SMB exploits were stolen and leaked online this year by the Shadow Brokers...

And finally, the lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement: 5998, 6225, 6214, 5144, and 6237... "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message," reads the Pwnie nomination for Systemd, referring to the open-source project's allergy to assigning CVE numbers. "But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"
CSO has more coverage -- and presumably there will eventually be an official announcement up at Pwnies.com.

Already been closed

[NoNonAlphaCharsHere]

Marked NOTLAME, WONTACCEPT, closed.

Also, lameness filter.

Re:Already been closed

[AmiMoJo]

I know I've defended Poettering in the past, but lately I've come to think that he is a right pillock. systemd badly needs somehow who understands security and who can get these issues the attention they deserve.

Re:Already been closed

Too bad there isn't some other init system that has been tested for decades and is rock solid we could use instead... Wait! there is!

Re:Already been closed

Seriously though, why the Debian tag? Surely Redhat would be more appropriate in the circumstances?

Re:Already been closed

[TemporalBeing]

OpenRC has only been around for ten years, not decades. Sorry if you've confused sysvinit for something other than an unmaintained pile of trash. It's been dumped by every commercial Unix and the vast majority of all others. You don't understand where service management has been heading for the last thirty years, nor why.

that's still longer than the crapshoot that is systemd

Re:Already been closed

[arglebargle_xiv]

Too bad there isn't some other init system that has been tested for decades and is rock solid we could use instead... Wait! there is!

smss.exe? Will that run under Linux?

Re:Already been closed

[gweihir]

Excellent! Perfectly right on the mark.

Re:Already been closed

[gweihir]

Well, if systemd had somebody with the experience, insight and personality needed for such a job, there would be very little resistance to it. It would stay an init-system and not try to assimilate everything else. Security and reliability would be taken seriously. IT would make things less complex instead of more so. But unfortunately, what we have is Poettering with just enough smarts to do real damage, a hugely inflated ego and zero capability to learn or listen to advice.

I think there is no hope for systemd. It needs to die before this mess can be fixed. While that takes place I will stay away from it. At the moment, Debian still works nicely with sysVinit, and I expect that will not change.

Re:Already been closed

[gweihir]

Surprisingly, SMF, for example, can still work perfectly fine with classical init scripts. I think you mistake badly what is happening.

Re:Already been closed

[gweihir]

They are the traitors that fell to Red Hat infiltration.

Re:Already been closed

[AmiMoJo]

systemd does have many benefits. What is needed is a fork, that by virtue of being so much better eventually becomes the primary version.

Re:Already been closed

Let me tell you the story about our township. It's a farming community started by some crazy Finnish guy, who got a bunch of folk together and layed out all the irrigation. In the early days there were some farms run by all sorts - a Chinese guy, a Canadian, a Californian with a thing for Norse mythology, you name it, we had it. Everyone helped each other out and shared their produce. Sure we had our differences, but everything worked out and before long there were a whole lot of farms each run by a whole bunch of people.

Now, it wasn't too long after this that some flash guy sporting a Red fedora came into town. Said he wanted to be as successful as the big corporate types up in Redmond. He hired a load of workers and set up his own farm, and we all got along. At first.

He started fencing off a couple of his small fields, it was fine because he'd cleared that land himself. Nobody was interested in what he had growing there, which he sent out of state. Then he started paying workers from other farms to come work for him. Well, everyone needs to live, and they carried on working their own steads, so nobody paid any attention.

Before long his workers ended up farming most of the land in town. One of his workers got into a fight with our founder when they broke some of the irrigation streams feeding the town, but that blew over quickly.

Let me tell you about that. We all used to use these hand pumps to pump the irrigation water into the fields. Some of us had various new electric pumps, but for the most part we used the hand pumps as we swapped spare parts with each other if they went wrong and hell replacement parts were easy enough to make.

Then one of his German workers comes up with this new pump. It's a sealed black electric pump with "no user serviceable parts inside" printed on it, and it was when they were setting up one of these that the stream broke.

And then a surprising thing happened, all the big farms started using that pump at once.

It turns out some of the Red fedora guys workers had stopped working for him a while back and went to work for one of the few remaining big farms across the way. It wasn't long before they were in the meetings helping to make decisions. They were the ones that decided that they were going to use this new fangled German pump, too.

It didn't always work right, sometimes it broke down, or spewed engine oil into the field, or pumped in reverse, but they claimed it was much faster and less effort than using the old hand pumps. But you had to get it off one of the big farms, and you couldn't fix it yourself. It limited what you could grow, and it all came from the Red hat guy's farm.

Before long most of the work we were doing wasn't on what our community needed, but stuff that got sent out of state. We never saw any money for it, but there were fences everywhere, and most everyone worked for the Red fedora guy, who payed the normal workers rate to people who used to have their own farms.

Can you guess how the story ends?

Re:Already been closed

[Sarten-X]

Oh good... It's been days since I got involved in a holy war.

The problem with the inferred reference to sysvinit is that sysvinit is very labor-intensive for development. It's perfectly fine if all of your other software and systems are also rock-solid, but its simplicity puts a lot of work on the init script's author to not just define, but actively check prerequisites for service availability. The onus is also on the software author to handle service crashes and restarts gracefully, unless the inittab is used - but that doesn't have the flexibility of scripts.

Yes, sysvinit has been around for decades and is good enough for people who've spent decades getting used to its quirks, and running software where someone else has already put in the effort to make it work. Unfortunately, in environments like my company's product, where our software has to run different services based on what network resources are available, that architecture leads to a lot of complicated scripting and dependencies on other tools.

Back when a Unix system only needed a few services, and they were expected to run constantly in a controlled environment, sysvinit was fine. Now that Linux runs in practically every environment imaginable, the whole system needs to be designed with flexibility in mind. Systemd certainly isn't the only solution, but it's still better than what we had.

Re:Already been closed

It would be difficult to remove the dependency on D-Bus, which is systemd's biggest mistake. Simpler to start from one of the alternatives.

Re:Already been closed

[nnet]

Mrs. Douglas flees back to NYC and leaves Mr. Douglas alone to tend the farm. Soon, Arnold the pig moves into the Douglas homestead and they lived happily ever after.

Re:Already been closed

[ebvwfbw]

Only defend someone worth defending. They're right, he's lame. The whole default to root thing on boot, and his attitude towards that. And so on.

Some people think he's just crazy. Not in a good way.

Re:Already been closed

[chihowa]

Systemd, the init system, is workable and has welcome improvements over sysvinit scripts. (Along with the other replacement init systems, even though I'm partial to the init scripts myself.)

Systemd, the ever growing cancer that seeks to subsume the entire linux userland, is a clusterfuck and the source of almost all of these security issues. Init system have no place enforcing arbitrary username restrictions, handling domain name resolution, or making network time calls. Having the entire thing depend on a system-wide, constantly changing, the-implementation-is-the-documentation protocol is not a welcome improvement to the state of things.

Re:Already been closed

systemd badly needs binning

FTFY.

Re:Already been closed

systemd does have many benefits.

Such as? Seriously, beside abstract and subjective benefits like "easier to maintain" and "unit files are easier", I have yet to see which real benefits systemd brings.

What is needed is a fork, that by virtue of being so much better eventually becomes the primary version.

I think there are two main classes of problems with systemd:

- its devs being obnoxious to say the least.
- its architecture.

Forking could solve the first problem. Solving the second would require to start over, and OpenRC and upstart and others show distributions won't support it.

Re:Already been closed

[next_ghost]

systemd badly needs somehow who understands security and who can get these issues the attention they deserve.

Anyone who fits that description already knows that systemd is an overengineered clusterfuck that should be avoided like the plague.

Re:Already been closed

Exactly. I'm so disappointed in debian for doing it. Supporting systemd is ok, making is default is questionable, dropping support for the rest was treason.

This is so obvious that red hat's objective is to unify the linux ecosystem and that they won't stop until every big distro is a copy of rhel, using red hat controled technologies: systemd, flatpak, wayland, dbus, gnome, etc.

At least gnome failed.

Re:Already been closed

Your analogy isn't accurate.

The German pumps aren't black boxes, actually, the designs are available for everyone to see or modify. The problem is that every single part is custom made in crazy shapes that won't be useful in other pumps nor can be replaced by a normal part from another pump.

Also, the pipes have been replaced by newer pipes with dual tubes because the German pumps have crazy star shaped connectors that require two tubes and that aren't compatible with normal pipes. And the reservoirs have been replaced too with compatible ones.

And when crticized, the fedora wearing guy and his fanboys will happily claim his design are available and than anyone can modify them and create their own pumps, knowing full well that in practice, he's the only one with tools to manufacture pumps based on his designs, and that since all the pipes and reservoirs have been replaced, none of the old pumps will work anymore.

looking up lamity on alphabet.com

they are not #1 by any means.. cease fire stand down,, kindness is contagious so is violence deception dishonor.. spiritual bankruptcy can be fatal..

If only...

If security were the only lameness of systemd... It's horrible on every single front. I pretty much have removed any trace of it on any system associated with me. The way it handles logs drove me mad.

how rust could replace the sea if we fail our kids

it won't evaporate but if we keep putting metal in it... just like us... just don't call it death by aerosol tankers.. sounds like bad sci-fi...

Re:Should systemd be rewritten in Rust?

Changing languages isn't the answer. Security bugs can happen in any language. The design of systemd and the way they handle development is the problem. It's a bad architecture. The Linux user community is screaming this at the top of their lungs yet systemd is infecting almost every major distro.

Misleading title

[markdavis]

>"Systemd Named 'Lamest Vendor' At Pwnie Security Awards"

I have no great love of Systemd, but that headline is misleading. The award was the "lamest vendor RESPONSE." But, you know, it is all the rage to have intentionally misleading headlines to grab even more attention than deserved.

Re: Misleading title

[whitlocktj]

To be honest, not much of a difference in this case. When someone epically falls on multiple accounts with their response to horrendous bugs, I'd consider them to be the 'lamest vendor' Your post is overrated in that you're distinguish between something that has very little difference in this case.

Re: Misleading title

[Zero__Kelvin]

You should have followed the links and informed yourself. You would have seen that each bug was properly addressed, and that this is about some disagreements about how to classify them, if CVEs should be filed, and when that happens how to document that a fix is related to a CVE. There is nothing about this that amounts to "There are serious bugs, and they won't fix them!" Also, none of these bugs were "horrendous", but your understanding of them as well as what a normal development process looks like might be. I guess we'll find out if you follow the links and try to understand what you read. This does however get some press for the Pwnies, and that is all it does.

Re: Misleading title

Remote root compromise isn't serious? I have never, I mean ever, seen anyone hunker down and suck so quickly and enthusiastically as Zero__ does on Poettering, and I'm homosexual.

And yes, that is one of the four bugs listed. Any confusion in linking the bugs to the appropriate CVE is, again, entirely Poetterings fault and part of the reason he got the award.

Re: Misleading title

At no point did anyone suggest it wasn't a bug, nor did anyone suggest it shouldn't be fixed

Ah, you mean like this one?. You're sounding kinda muffled down there.

Re: Misleading title

Also, none of these bugs were "horrendous"

Is what you claimed. You were shown to be wrong, and shifted the goalpost to your statement prior to that, which is also wrong.

Re: Misleading title

[Zero__Kelvin]

No, not like that one at all. Are you stupid? In that one the severity of the bug was minimal, but it also got fixed anyway. Care to try again?

Re: Misleading title

[Zero__Kelvin]

No. A remote exploit can be found in a lot of software. It would be horrendous if it was obvious or they refused to fix it, but neither of those things are true.

Re: Misleading title

Fucking branding-bitch Poettering reflects not just superior evil , but also tasty usrland crap ! PtRing and GNOME pals wants usrs to eat-shit like a dog ... and then vomit up praise. What is just reward for the bastard ? Do you need a postcard palsy ??

Re: Misleading title

The one defending the systemd project is Zero__Kelvin. I wonder if he has any connection with the owner of the domain 0pointer.de. That would account for his explaining away all the problems.

captcha: pompous

Re: Misleading title

[Barsteward]

I would have thought the best way for the those that didn't like/understand systemd to make their point would have been to produce an exploit related to the "init" function of systemd.

Re: Misleading title

[Barsteward]

Perhaps you should read all the way down to the bottom of that link, it might more sense to you.

Re: Misleading title

Wrong. A remote exploit, maybe - but a remote root exploit is exceedingly rare and is the worst possible scenario, by definition. Nobody runs network servives as root for this very reason. Doing so is an architectural flaw, not a simple bug - systemd is misarchitected, and has been criticised long and hard about doing this long before the exploit was sighted. In addition, the remote root was present for over a year before it was spotted by someone good enough to report it. Seriously, you don't have a leg to stand on here. Any attempt to wriggle out of it just strengthens the view that the small systemd clique is an isolated group of egotists that refuse to listen to reasonable criticism.

Re: Misleading title

[Zero__Kelvin]

It isn't a root exploit.

Re: Misleading title

Except that the severity of the bug is NOT minimal whereas the github issue is labelled as "not a bug".

Re: Misleading title

[Zero__Kelvin]

You don't understand the bug at all do you. You have to be root to get the process to run as root. You also have to create a user that doesn't exist and an invalid username. Off you go now ...

Re: Misleading title

Not only is the bug downplayed, the initial response-stroke-deflection ("Usernames starting with a number don't work!") was proven wrong, and then the goalposts were shifted.

Re: Misleading title

mmmmmmmm ingrischen.

Re: Misleading title

You don't understand the bug at all do you.

You don't see the scores do you? Why should people trust you, a systemd fanboy, instead of NVD?

Re: Misleading title

[Zero__Kelvin]

I see the idiots who haven't read the bug, or who read it and don't undèstand it, and the trolls with sock puppet accounts, yes.

Re: Misleading title

And I see one idiot who keeps erupting shit from his mouth.

Re: Misleading title

[Zero__Kelvin]

Stop looking in the mirror. Problem solved.

Re: Misleading title

Absolutely fair enough, you are correct there.

Re: Misleading title

[DamnOregonian]

I knew as soon as I saw this thread, I would hear the sound furious slurping coming from you in desperate attempt at defense of your pet project's great leader.

Of course someone who disagrees that a bug is a bug disagrees about whether or not it should be called a bug, and treated as such outside of his control.
Unfortunately for him, and his favorite fellatrix, he's wrong. His bugs are bugs, whether or not he marks them WONTFIX or NOTABUG or otherwise.

Have you noticed that you attack every single disagreement with your assertions that are never backed up with any facts whatsoever with, "read the link stupid!"
And then you ignore when someone jumps up and informs you that you're illiterate, or didn't read the link yourself.
Every time. Tell me, is it pathological?

2 post so far marked Troll. Carry on, soldier. Poettering will never tire of your services.

Re: Misleading title

[DamnOregonian]

A fascinating claim from the only person in this thread morderated as a troll... much less morderated twice as a troll.
The dripping irony. Can trolls not see their reflection in mirrors?

Re: Misleading title

Yes, if the idiot had read the github issue, he would definitely notice the corresponding developer response resulting in the label "not-a-bug"; but instead he denies "they won't fix them"; the idiot also says the severity of a bug with CVE score 9.8/5.9/3.9 is "minimal".

Re: Misleading title

And more interestingly, the same idiot would say "you don't understand it" with absolutely no proof that he himself understands it.

Re: Misleading title

[Zero__Kelvin]

Dude, we get it. You are a troll who doesn't understand that it was a theoretical problem with no chance of happening in production, that required a completely incompetent sysadmin to create a custom unit file with a service owner starting with a digit, which no distribution has ever done in the history of Linux. You don't have to keep stressing your incompetence. We figured that out when you couldn't create a Slashdot account. Thanks for the Lulz though!

Re: Misleading title

[Zero__Kelvin]

Hi same guy posting again to try to make it sound like he isn't a lone troll!

Re: Misleading title

In addition to someone repeatedly flagged as "troll"?

Re: Misleading title

Wow, you really are stupid.

Re: Misleading title

And you are trolls who don't understand that an issue that can result in an stressed administrator surrendering root privilege, like a PATH ending with '.', or this bug, is still severe. Congratulations to you all, who are evidently less competent than the stressed administrator :-)

Re: Misleading title

[Zero__Kelvin]

Yes, he might surrender root privilege to a *service*. He would then have to not notice a *digit*, not a period. Now all the hacker has to do is find that one system on the internet, with no way to probe for it, and target it, find the root exploit, and use it. Tell me you really aren't as stupid as you appear.

Re: Misleading title

Yes, he might surrender root privilege to a *service*. He would then have to not notice a *digit*, not a period.

Exactly, especially when the username is perfectly legitimate.

Now all the hacker has to do is find that one system on the internet, with no way to probe for it, and target it, find the root exploit, and use it.

Yes, the same as the PATH attack.

Tell me you really aren't as stupid as you appear.

Clearly not as stupid as you :-)

Re: Misleading title

[Zero__Kelvin]

Find me one example of a service owner in any distribution that begins with a number. Now seriously, you are too fucking stupid to be on Slashdot. Go back to 4chan.

Re: Misleading title

Find me one example of a service owner in any distribution that begins with a number.

Find one example of any specification that say "0day" is an illegal Linux username.

Now seriously, you are too fucking stupid to be on Slashdot. Go back to 4chan.

Instead, you are too stupid to understand what "specification" means. Please try something other than computer programming, since your brain does not deserve it.

Re: Misleading title

You have to be the most stupid fuck on Slashdot. This is, as ZK proved, a PURELY theoretical vulnerability. There is LITERALLY not a single actual computer that has the issue that isn't owned by a researcher creating the problem to prove it could, in theory, exist.

Re: Misleading title

[Zero__Kelvin]

Yes genius.You have enlightened me. I just found a vulnerability in every program written in C! A user could add vulnerable code and recompile and a hacker could then, if he just knew that was done and to which one of the millions of systems it was done, exploit it!

Re: Misleading title

Yes, as purely theoretical as the PATH attack ;-)

Re: Misleading title

Yes, A severe local vulnerability is not a severe vulnerability!

Re: Misleading title

To whom dumbfuck? What vulnerability.? The PURELY theoretical one that doesn't exist in the real world? Just admit you are the dumbest motherfucker on the planet and move on with your pathetic life.

Re: Misleading title

An issue as severe as PATH ending in '.', which you eyes seemingly can not see?
And pretending to be AC does not hide the fact you are brain-damaged (perhaps in addition to being blind?), Zero__Kelvin ;-)

Re: Misleading title

[Zero__Kelvin]

BTW - I have known what you were doing the whole time. You have mod points and have been trolling so you can mod me down each time, thinking that will shut me down. I was letting you screw yourself over, as Slashdot has heuristics to detect that. I wouldn't expect to get mod points for a LONG time :^)

Re: Misleading title

Well, sometimes the barking dog doesn't know it can be funny for men to taunt it :-)

Re: Misleading title

Go murder a reporter.

Re: Misleading title

Actually it's very easy to get away with.

You're so full of shit, so arrogant, and still haven't got a fucking clue.

Re: Misleading title

There's more than one of us because you'd be hard pressed to find anyone on Slashdot who appreciates your excessive trolling. Slashdot doesn't detect shit. If it did, your ass would have been shitcanned a long time ago.

Fuck linux and systemd

Use FreeBSD, no systemd and technically a truer Unix than linux anyways.

Re:Fuck linux and systemd

FreeBSD is superior in many other ways too: Performance, ZFS (a category of its own), packaging, stability, kernel code quality. I only use Linux now when I have to (like some SoC vendor with piles of Linux only drivers).

Re:Fuck linux and systemd

[ArchieBunker]

Sadly nobody can write clean code anymore. I come across plenty of stuff that gives tons of errors when compiled on *BSD or even AIX (with GNU tools in both cases) that compiles without issue in Linux. I'm not a comp.sci major so I have no clues as to why it never works.

Re:Fuck linux and systemd

[Aighearach]

You have to install 27 different libraries that don't come with *BSD. Only a small package of code is included. It is all the stuff needed by the other packages that are included. If you're trying to compile something outside of what is included, it is expected that you first compiled the entire list of dependencies.

Basically, all of your software is compiled by the user, other than the basic tools. Welcome to *NIX.

(Often you're going to need a newer version of autotools, too, before you can even really think about trying to compile)

Re:Fuck linux and systemd

[aardvarkjoe]

Sadly nobody can write clean code anymore. I come across plenty of stuff that gives tons of errors when compiled on *BSD or even AIX (with GNU tools in both cases) that compiles without issue in Linux.

"Write once, run everywhere" is not as easy as you might think to accomplish in C for complicated software. If the developer is targeting Linux systems, and it works without problems on Linux, then you can't really fault the developer if it doesn't work without changes on another OS.

Re:Fuck linux and systemd

Look up the pkg command. Everything in the ports tree precompiled. There is no need to compile anything in FreeBSD unless you feel like wasting your time, or there is some compile time option you need to set.

Re:Fuck linux and systemd

Or if you are one of those anal freaks that somehow feels safer compiling everything themselves. I'm sorry there is probably no single person that can go over every damn line of code for the kernel and packages you are running to truly determine how safe it is. It's just a waste of time.

Re: Fuck linux and systemd

...assumes that ports tree has all Linux software

Re:Fuck linux and systemd

[fnj]

What the fuck are you babbling about, schmuck? FreeBSD has an excellent binary package system with automatic dependency resolution: pkg. The user doesn't need to compile source from ports except if he wants something to be built with unusual options (same as linux, incidentally). All you need is "pkg install foo" and it will fetch the package foo and all its dependencies from the repo and install it.

Re:Fuck linux and systemd

[unixisc]

And that's made even better by TrueOS's PBI utility

Re:Fuck linux and systemd

[gweihir]

Oh, quite a few people can still write clean code. It is just that the FOSS community had a large influx of people with huge egos and small skills in the last decade or so. Many of them learned their trade on Windows and they think what they do is professional and normal.

Re:Fuck linux and systemd

[Aighearach]

If everything they needed is in ports, are you sure they even needed a computer?

Re:Fuck linux and systemd

[fnj]

PBI packaging was sent to that happy packaging ground in the sky some time ago. Before PC-BSD was renamed TrueOS, IIRC. BTW, warden has been canned, too.

Re:Fuck linux and systemd

[fnj]

Have some more pot and go back to sleep.

Re: Fuck linux and systemd

[rl117]

As of today, there are 26816 ports. It's up there with Debian in terms of the quantity of source packages and has contained pretty much everything I use in a Debian/Ubuntu installation.

Re:Fuck linux and systemd

Sadly not true, though it may be the fault of the packagers rather than the system, but I have installed stuff and upon trying to run said package discovered that all the dependencies were not automatically installed.

There is also the problem of just grabbing binaries of open source software and wrapping it up in a package with no clue as to what is going on.

Re:Fuck linux and systemd

[Aighearach]

If the only work you can think of that uses software outside of ports is smoking pot, that says a lot about you and nothing about the subject at hand.

Re:Fuck linux and systemd

Ah yeah, broken ports, ports that cant be built because fbsd group has decided your ver of fbsd is too old. Then lets talk about those binary pkgs. Not updated very often. Its not recommended to mix binary pkgs and pkgs built in ports tree locally. Don't brag about total number of ports available as a LOT of them barely build, or are not updated/maintained. I gave up on fbsd after running it for 5 years, too much effort to maintain, this is not what enterprise server OSs should be like.

Re:Fuck linux and systemd

Probably need a POSIX lint (if you know of one, please suggest).

I've written code on both BSD and Linux that won't build on the other until I've jumped platform and noticed the error. A build platform or source filter that is strictly POSIX and nothing but the POSIX would really help out here. POSIX code runs everywhere, and where it doesn't it is an implementation error in the platform that claims conformance, but writing code that is strictly POSIX can be a bit of an exercise in bureaucracy without any kind of automatic testing. The nearest suggestion I have is using pkgsrc and pushing your pkg through the gauntlet of a buildfarm consisting of Linux, *BSD, OSX, SunOS etc and seeing what smokes.

-puddingpimp

No words.

[0100010001010011]

You have got to be fucking kidding me: systemd can't handle the process previlege that belongs to user name startswith number, such as 0day #6237

And what's worse is Pottering's complete lack of UNIX awareness.

Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create it in the first place. Note that not permitting numeric first characters is done on purpose: to avoid ambiguities between numeric UID and textual user names.

Somehow FreeBSD doesn't have an issue:

[root@freenas2 ~]# adduser
Username: 0day
Full name: 0 Day
Uid (Leave empty for default):
Login group [0day]:
Login group is 0day. Invite 0day into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash git-shell netcli.sh ksh93 mksh zsh rzsh scponly nologin) [sh]: bash
Home directory [/home/0day]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]: no
Username : 0day
Password :
Full Name : 0 Day
Uid : 8001
Class :
Groups : 0day
Home : /home/0day
Home Mode :
Shell : /usr/local/bin/bash
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (0day) to the user database.
Add another user? (yes/no): no
Goodbye!
[root@freenas2 ~]# su - 0day
[0day@freenas2 ~]$ id 0day
uid=8001(0day) gid=8001(0day) groups=8001(0day)

His failure to understand POSIX has shown up in the past as well: tmpfiles: R! /dir/.* destroys root #5644 with Pottering's amazing comment of:

I am not sure I'd consider this much of a problem. Yeah, it's a UNIX pitfall, but "rm -rf /foo/.*" will work the exact same way, no?

It's not like you couldn't take 5 seconds to test that:

root@m6700:~# mkdir /foo
root@m6700:~# touch /foo/.test
root@m6700:~# mkdir /foo/.test2
root@m6700:~# ls -lah /foo/
total 12K
drwxr-xr-x 3 root root 4.0K Jul 29 14:04 .
drwxr-xr-x 25 root root 4.0K Jul 29 14:04 ..
-rw-r--r-- 1 root root 0 Jul 29 14:04 .test
drwxr-xr-x 2 root root 4.0K Jul 29 14:04 .test2
root@m6700:~# rm -rf /foo/.*
rm: refusing to remove '.' or '..' directory: skipping '/foo/.'
rm: refusing to remove '.' or '..' directory: skipping '/foo/..'
root@m6700:~# ls -lah /foo/
total 8.0K
drwxr-xr-x 2 root root 4.0K Jul 29 14:04 .
drwxr-xr-x 25 root root 4.0K Jul 29 14:04 ..

Re:No words.

It is almost as if the concept of "be conservative in what you do, be liberal in what you accept" is useful in graceful handling of errors. I mean, not as if someone said it in the past who had any importance.

Re:No words.

[Bearhouse]

From one BSD neckbeard to another; well played sir

Re:No words.

Linux is not POSIX compliant; and never will be. So, more than half of your rant is irrelevant.

Re:No words.

[Moridineas]

From the github link for the deletion problem:

poettering locked and limited conversation to collaborators on Apr 17

Hahahaha

Re:No words.

POSIX compliance is all that stands between Linux becoming like Windows, a stale homogeneous platform.

Re:No words.

[ArchieBunker]

POSIX compliance aside, there is no reason why having a username starting with a number should cause issues with ANY operating system.

Re:No words.

Thanks... just tried that on a test.. I mean production machine, looks like Red Hat hasn't patched that yet. #ihaveworktodoonmonday

Re:No words.

[aardvarkjoe]

Linux is not POSIX compliant; and never will be. So, more than half of your rant is irrelevant.

Where Linux distributions (sans systemd) are not POSIX compliant, there's generally a stronger reason than "Poettering can't get his head around the standards."

The differences between the LSB and POSIX are pretty minor compared to the things that Poettering is ignoring.

Re:No words.

[angel'o'sphere]

I just created a random binary digit user on my Mac. Starting with a 0 ... no problem.
AFAIK user names only need to be type able on a keyboard ...

Re: No words.

Except of course that this very bug has been fixed for weeks now, as havevall tje other bugs listed. The award was for their initial reply, not because they where not ultimatily fixed.

Re:No words.

Oh, the irony.

Re: No words.

[aardvarkjoe]

Except of course that this very bug has been fixed for weeks now, as havevall tje other bugs listed.

Yes and no. They did fix the security problem by having the unit file error out if the username starts with a digit. So at least they're no longer randomly running things as root.

But they still haven't fixed the problem that systemd won't accept valid usernames. As far as I can tell, that is 100% an ego thing -- they won't admit that having systemd have its own username validation rules is a mistake.

Re:No words.

[CanadianMacFan]

The computer doesn't give a damn what the user name is. From a user friendliness point of view it certainly helps things if you can't create user names that don't start with a number. I'm sure that there other reasons but I can see some idiot doing the following.

Person creates an account with the user name "501" that gets assigned the user id 506. Sometime later on the account associated with the user id 501 is deleted. When you do an `ls -l` in a directory that contains files from both users the output is going to show the username 501 and the user id 501 because it won't know what user name to display. So how is the user going to know which files belong to who at a quick glance. Of course you use the `ls -n` command but the idiot who creates an account with a user name that could be confused with a user id won't know that.

Re:No words.

[khz6955]

"rm -rf /foo/.*"
"rm: refusing to remove '.' or '..' directory: skipping '/foo/.'"

Unfortunately if you pass .* to 'chmod -R', and run it as root, it will walk up the directory tree and mangle all the system directories. not the behavior I was expecting :)

Re:No words.

[aardvarkjoe]

That is, at best, an argument for not allowing all-numeric usernames. It's not a valid argument against usernames like "0day", which can't be misinterpreted as a user id.

Re:No words.

Never mind that systemd has no mandate to second guess the validity of a user.

But then that seems to be a ongoing thing with systemd, it second guesses everything.

Re:No words.

[thegarbz]

It's not like you couldn't take 5 seconds to test that:

Yes because the very first thing you should do if you're certain a command will screw up your system is to run said command to double check...

Re:No words.

Absolutely correct. All systemd had to do was call getpwnam_r() or getpwuid_r() for all-numeric or (ideally) numerics preceded by a '+'. Unfortunately that wasn't enough for Poettering, who had to invent his own overly restrictive user naming convention on the fly when there was absolutely no need to. His argument? That adduser/useradd, which actually add accounts to the system enforce conventions, no duh, really?

On a more serious note, this cannot have been accidental. It is blindingly obvious that this is a power grab for control over Linux driven by Redhat. Existing members of the Linux community trying to report bugs or get features added or changed in systemd are frequently told "talk to your distro, systemd is for distro maintainers, not for you" - turning the bazaar into a cathedral with them at the top.

Re: No words.

[aardvarkjoe]

What the FUCK are you talking about? Never mind, you made it pretty clear you don't know.

Another quality post from our resident Poettering fanboy!

You want to enlighten us as to what part of my post you think is wrong, so I can correct you?

Re: No words.

[aardvarkjoe]

I'll just pick the obvious one: systemd accepts valid usernames.

Apparently you seem to think that repeating a falsehood over and over makes it true. Are you actually Donald Trump?

Re: No words.

[Zero__Kelvin]

You spelled fact wrong

Re: No words.

[0100010001010011]

It is dangerous to allow them to start with digits as we have seen

Systemd aside is there any danger? Or is the danger in using usernames that start with a digit systemd?

Most distributions follow this safe rule.

Who is 'most'? On Ubuntu 16.04:

root@m6700:~# useradd 1day
root@m6700:~# id 1day
uid=1003(1day) gid=1003(1day) groups=1003(1day)
root@m6700:~# id 0day
uid=1002(0day) gid=1002(0day) groups=1002(0day)
root@m6700:~# useradd -u 2002 2001

That works just fine.

Re:No words.

[TheSunborn]

Well, Systemd did exactly that, which is the problem. It kept the part of the input which was valid(The 0, thus running with pid=0) and then ignored the rest of the invalid input.

"be liberal in what you accept" is a horrible concept, because it makes it impossible to ever have a standard, without breaking half of the current uses, because they then depend on undocumented implementation specific error handling which is impossible to implement for others.

Just look at ns4 and internet explorer 5/6. Because they accepted anything with tags as some kind of valid html, all other browsers had to implement the same rules for handling tag soup,
For example: Did you know that chuck norris is a color code? (Google it :)

Re: No words.

[Zero__Kelvin]

Did you try adduser? Ubuntu is not known for an emphasis on security for the record, but if you read the bug you would already know that adduser and useradd disagree on the acceptability of said username. The reason it isn't just a systemd danger is that other people write software that can also fall victim to the same bug. Again, systemd does the safe and sane thing here. You can read my other responses in this thread and the links, as well as the bug link from the summary to learn more. And bear in mind this was never an attack vector, as one already needs root access to create the unit file that "exploits" the bug. (The classic "I can hack root ... I just need root access to do it" scenario)

Re:No words.

Um, apropos of little - have you heard the crackpot theory that GNU is a recursive acronym?...

Re: No words.

You make it obvious you lost the argument when you make lame diversionary statements like that rather than offering some kind of proof that a falsehood was stated. Most of us here are smart enough to know that, in case you think it is some clever way to appear to win an argument in which you just had your ass handed to you.

Re: No words.

[aardvarkjoe]

Again, systemd does the safe and sane thing here.

Let's see -- systemd's incorrect username validation caused a privilege escalation here. Yeah, real safe and sane, guys.

The actual correct implementation -- permit any username that the system allows to be created -- suffers from no such problems. As such, it is the safe and sane thing.

Re: No words.

[dbIII]

With respect you can even use a text editor to add a user or change the username, it's introduction to *nix territory. There's no point quibbling and Lennart is now checking for valid inputs instead of just blaming the "tool" that creates inputs he did not expect.

Re: No words.

[0100010001010011]

I tried CentOS. I went to the source.

I downloaded the latest ISO they had. I did a fresh clean install.

It let me use 0day as the install user.

http://imgur.com/a/8PZcS

It then allowed me to login with it. With zero problems.

It then allowed me to do this:

[root@centos ~]# cd
[root@centos ~]# adduser 1day
[root@centos ~]# adduser 2day
[root@centos ~]# useradd 3day
[root@centos ~]# useradd 4day
[root@centos ~]# id 1day
uid=1001(1day) gid=1001(1day) groups=1001(1day)
[root@centos ~]# id 2day
uid=1002(2day) gid=1002(2day) groups=1002(2day)
[root@centos ~]# id 3day
uid=1003(3day) gid=1003(3day) groups=1003(3day)
[root@centos ~]# id 4day
uid=1004(4day) gid=1004(4day) groups=1004(4day)
[root@centos ~]# uname -a
Linux centos 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[root@centos ~]#

So now I know you're full of shit. Name one distribution that does that, let alone a 'most'. Fuck at this point take a screenshot of any OS throwing an error trying to add a 0day user. You piqued my interest enough to download OpenIndiana and see what Solaris thinks.

but if you read the bug you would already know that adduser and useradd disagree on the acceptability of said username

No, I read what Pottering said. But time and time and time again his actual knowledge of how things work is completely wrong (See the rm -rf /foo/.*).

Systemd is turning out to be the Theranos of Linux with Pottering at the helm sounding more and more like Elizabeth Holmes every day. It's like he makes it up as he goes.

Re: No words.

[somenickname]

The adduser tool uses a regex to screen valid user names. It's a configuration variable called NAME_REGEX. If you try to add a user that doesn't conform to that regex, you'll get an error like:

adduser: Please enter a username matching the regular expression configured
via the NAME_REGEX configuration variable. Use the `--force-badname'
option to relax this check or reconfigure NAME_REGEX.

However, the useradd utility has no such restrictions and will happily create just about any user name. Various tools may use adduser or useradd and different sysadmins may also be more familiar with one tool or the other. If a user puts in a request to have his username be 0day, it's a coin toss as to whether or not it will be an acceptable username. This is not a "you need root to gain root" kind of bug, this is a "you need to fool a human/script into doing something that you know will compromise the system" kind of bug.

I understand the systemd is bug is "fixed" now but, Lennarts response to it certainly warrants the award he received.

Re: No words.

[somenickname]

Actually, on Debian 9, "adduser 0day" will fail with an error that it doesn't match the NAME_REGEX in /etc/adduser.conf. The useradd utility has no such restrictions though. It wouldn't surprise me if the NAME_REGEX in Debian 9 was specifically crafted to avoid systemd misery. Fool me once and all...

Re: No words.

[0100010001010011]

I'll be damned. Is it commented out by default?

It looks like NAME_REGEX is an optional check and commented out by default on my 16.04 install. CentOS doesn't even have one installed.

I pulled it's from the source: https://alioth.debian.org/anon... and it's commented out.

cb2d8d3 (Jörg Hoh 2007-06-27 21:12:38 +0000 84) # check user and group names also against this regular expression.
b2b6460e (Jörg Hoh 2009-09-07 21:20:22 +0000 85) #NAME_REGEX="^[a-z][-a-z0-9_]*\$"

And appears to have been added as a thing of convenience, not a hard rule:

commit b2b6460eab2b2bc514ffe45f5b8abca32b47fafc
Author: Jörg Hoh

        fix 520586: allow underscores again in usernames

diff --git a/adduser.conf b/adduser.conf
--- a/adduser.conf
+++ b/adduser.conf
@@ -84,2 +84,2 @@
  # check user and group names also against this regular expression.
-#NAME_REGEX="^[a-z][-a-z0-9]*\$"
+#NAME_REGEX="^[a-z][-a-z0-9_]*\$"

commit ccb2d8d37f6a09e0958a0e8b5bc8bc36372078a4
Author: Jörg Hoh

        Adjusted documentation to NAME_REGEX
          * added default value to /etc/adduser.conf
          * NAME_REGEX also applies to group names

diff --git a/adduser.conf b/adduser.conf
--- a/adduser.conf
+++ b/adduser.conf
@@ -82,0 +84,2 @@
+# check user and group names also against this regular expression.
+#NAME_REGEX="^[a-z][-a-z0-9]*\$"

Re: No words.

[somenickname]

It's commented out by default on Debian but, in a way that leads me to believe the commented out value is the default value:

$ grep NAME_REGEX /etc/adduser.conf
#NAME_REGEX="^[a-z][-a-z0-9_]*\$"
$ sudo adduser 0day
adduser: Please enter a username matching the regular expression configured
via the NAME_REGEX configuration variable. Use the `--force-badname'
option to relax this check or reconfigure NAME_REGEX.

Re:No words.

Yes, because there's no such thing as keeping a VM or two around just for such testing, and it doesn't take 30 seconds to replace a mangled image from backup.

Re: No words.

Yep, systemd did a real good job of making sure that all the doors were locked, but then they never bothered to consider the windows might be open and wonder how the terrorists got it--because obviously doors are the only way inside. Oh, right, not their responsibility--that's the owner's job. So, why did they issue a fix, then?

Seriously, yet another example of systemd designers presuming how the world does or should work and wanting everyone to change to suit them until their stupidity is so blazen that eventually they relent and change a little without really apologizing or even accepting that the problem was on their end for making absurd assumptions. They don't even bother to test a lot of their own code because, you know, why bother to test something that you assume works?

This doesn't doesn't even get into the whole "our way is the right way" which is at least something that one could respectfully disagree about. I honestly wonder how long until systemd developers end up bricking their own systems from their own stupidity.

Re:No words.

[TCM]

You completely misunderstand what "be liberal in what you accept" means.

It doesn't mean to take any input and cherrypick single bits that you understand and ignore the rest. You rather try to parse inputs liberally, while making sure it's unambiguous in its meaning. For example, when parsing a config file, there could be more whitespace than necessary. As long as you find valid keywords in that extra whitespace, you're good to parse it liberally. When writing a config file, however, you're supposed to trim all that whitespace to a uniform scheme.

You would also be free to ignore invalid keywords to support forward compatibility.

What you shouldn't do and what being liberal doesn't mean is saying "this input would be correct to me if I threw away these letters in the keyword". That's just retarded.

Re:No words.

[gweihir]

The problem is that Poettering has reached a level of arrogance that he is unable to learn and unable to recognize anything others have done has merit. Dunning-Kruger far left side, a.k.a. "insight resistant". The technological issues resulting from that are a mere symptom. The UNIX philosophy has stood the test of time and it is a result of a myriad of failures, some of them quite like systemd in nature. Anybody dismissing it or ignoring it is not competent to build a major piece of infrastructure. The only sane way to deal with this is to stay away from the abomination he is creating. It will collapse sooner or later and at that time only those that did not go with will not suffer.

Funny thing, SMF, while hated by many Solaris admins, does this better: You can still write conventional init-scripts and hence you can easily write services that are not dependent on the init system being SMF. Because of his ignorance, Poettering is re-inventing the wheel and doing it badly.

Re:No words.

[gweihir]

I am with you here. Most websites are broken these days, because browsers will accept any crap that they can still somehow interpret. This is bad for compatibility (if the other browser has a somewhat different definition of "crap"), bad for reliability and security. It makes filtering and scanning web-pages far more complicated. It makes things not quite mainstream far harder get working. And it causes web-"developers" to mistake what a specific browser accepts for what is actually fine and correct. When you then tell them that no, their stuff is broken, they become offended because they have no clue what you are talking about.

This way, a huge mountain of technological debt has been piling up in many corporate infrastructures and in the web in general, and it becomes harder and harder to fix things, because every time you try to, some other broken things come to the surface. The only way to deal with that is to enforce the standards. Only that way can you depend on things working sanely and retain your capability to act on issues.

Re:No words.

[gweihir]

The way of the autocrat: Silence dissenting voices. He has obviously been creating his own filter-bubble for some time now.

Re:No words.

No, that's not at all what systemd did. If it were true, "1day" would run as UID 1 but it still runs as root.

systemd is very conservative in what it accepts, so a username it doesn't consider valid (starts with a digit, contains a unicode codepoint, etc.) is discarded. It then proceeds by printing a warning in the logs and executing the daemon as the currently running user (which is root, since it's at system startup). A proper response would of course be to bail out and print an error, but Poettering thought forward-compatibility was a good idea and implemented it by having systemd ignore everything it doesn't understand and start anyway.

Why this is a terrible idea is left as an exercise for the reader. Note this applies to more things than just privilege dropping and more CVEs will very likely be found in this area in the future since this is a conscious design decision.

Re:No words.

Many systemd bug reports are locked by Poettering ... he likes to deride bug reporters and then close them basically stating "I reject your reality and substitute my own". Systemd has had very serious security issues, some of which he has downplayed a lot and refused to fix (e.g. the "0day" user issue) because fixing the issue means admitting he made the wrong design decision in the first place.

Re: No words.

[phorm]

REALLY?

linux ~ # useradd 0intelligence
linux ~ #

Uh, nope, that works fine.

Man page:

It is usually RECOMMENDED to only use usernames that begin with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes

Emphasis mine, RECOMMENDED is NOT insists.
I recommend you learn how to read, and insist you remove your head from your ass.

Re: No words.

So, Zero__Kelvin.

I actually like systemd, for the most part.

What I don't like is your incessant white-washing of serious issues with how it is designed, developed and maintained. You are doing yourself and the systemd project a disservice.

I'll just pick the obvious one: systemd accepts valid usernames.

To be precise, it accepts a self-selected subset of valid usernames.

If you look at the useradd (8) man page you will see that it is distribution dependent what constitutes a valid username.

Correct. And systemd should follow that instead of making its own arbitrary decisions.

In general they insist on an underscore or letter as the first character.

False. In general they do no such thing. Go ahead, actually test it out.

It is dangerous to allow them to start with digits as we have seen.

It is not dangerous, unless code in systemd does the wrong thing, which is what happened in that case. Put the blame where it belongs.

Most distributions follow this safe rule.

False. Again, go ahead, actually test it out.

Complaining that system does proper input validation is the real gaffe in your rant that is icing on the cake of your lack of understanding of both Linux usernames and secure programming in general though.

That is a straw-man, and you know it. False premise: systemd does proper input validation. Reality: It does not. False premise: The person doing the complaining lacks understanding of Linux usernames and secure programming in general. Reality: The person does understand both topics.

In short: False.

Your apology is accepted.

You have received no apology, nor will you receive one, since you are the one being wrong here. Repeatedly.

At this stage, you should man up and issue an apology of your own.

Re: No words.

[rl117]

What useradd does or does not do is an irrelevance; there are many tools to create user accounts. Many of us deal with large LDAP/AD setups where the usernames don't even get created by Linux tools. So long as getpwnam[_r] return nonzero, that username is valid from the point of view of the system.

Username validation is way, way outside systemd's remit.

Re: No words.

[Zero__Kelvin]

You didn't even read the bug did you. If you did you would realize how stupid you sound.

Re: No words.

[Zero__Kelvin]

Yes, because your useradd is guaranteed to be the same as mine. You are so fucking stupid you think every users is the same. Holy shit. You would only have had to have actually read the bug to see that they specifically talk about when a particular patch changes the behaviour. You might have just won "most incompetent post".

Re: No words.

[Zero__Kelvin]

Yes, because nobody here seems to be smart enough to understand all of this AFTER it has been explained to them, but HE should know everything about everything. Newsflash: 99.9% of people didn't know or care about how this works until it became an opportunity to criticize a guy they have an irrational hatred for because he didn't know it either.

Re: No words.

[Zero__Kelvin]

I am sure, now that you have learned more as seen below, you will be apologizing to me any time now, right?

Re: No words.

erlangen:~ # adduser 0day
If 'adduser' is not a typo you can use command-not-found to lookup the package that contains it, like this:
        cnf adduser
erlangen:~ # useradd 0day
useradd: invalid user name '0day'
erlangen:~ #

So the issue isn't relevant for most people. Where it matters:
- running restricted processes with root permission in case of error is bad
- systemd not allowing user names which are used deliberately by the system is bad

Re: No words.

[Zero__Kelvin]

It isn't a privilege escalation exploit dumbfuck. You need to already have root access to create the malformed unit file. Are you really so stupid, or are you hoping to misinform others who aren't paying attention?

Re: No words.

Dummy question: why the init system should handle user creation?

Re: No words.

[0100010001010011]

Where is it reading that default value from?

I annotated up adduser but I can't seem to find where that value is set. I even deleted the whole line from the config and it's still getting it set somewhere.

Re: No words.

[somenickname]

$ sudo apt-get source adduser
$ tar xvf adduser_3.115.tar.xz
$ cd adduser
$ grep -r -i "NAME_REGEX.*="
examples/adduser.local.conf.examples/adduser.conf:#NAME_REGEX="^[a-z][-a-z0-9_]*\$"
adduser.conf:#NAME_REGEX="^[a-z][-a-z0-9_]*\$"
AdduserCommon.pm: $configref->{"name_regex"} = "^[a-z][-a-z0-9_]*\$";

So, it has a default value in AdduserCommon.pm that can be overridden by the conf file.

Re: No words.

No. The problem is that the systemd idiots, including you, think "0day" is an invalid username just because adduser might reject it (which can also be opted out), totally ignoring the fact that more than 100 tools can manipulate /etc/passwd.

Re: No words.

No, here the only stupid person is you.

Re: No words.

It does not matter whether the unit file had names following the useradd(8) man page or not. Making some kind of quibble over the name is to miss the point. This is what matters: on rejecting the name, systemd should refuse to start the daemon in question because of the error.

Let me present some other error cases to make this more clear:

1. A syntax error in the unit file.
2. The login ID specified in the unit file consists only of ASCII letters but cannot be dereferenced because it is not present in the system.
3. The pathname of the daemon to start is in error and does not point to an executable file.

What does systemd do in these cases? What should happen, if it is sane, is to raise an error condition and not try to start running something in error.

Re: No words.

[Zero__Kelvin]

You can read the bug to see that you are all upset because it does what you are saying it should do.

Re: No words.

It isn't a privilege escalation exploit dumbfuck.

It's an exploit that results in running a process as root when a limited-privilege user is expected. How is that not privilege escalation? Why bother having the option to run as a user if accidentally granting root privileges is just fine and dandy?

Re: No words.

[Zero__Kelvin]

It isn't an *exploit*, and it was never going to happen in the real world, but has been fixed anyway. You can keep playing chicken little if you want, but the sky was never falling.

Re: No words.

[phorm]

No, MY useradd is the same as all the other people who use one of the MOST POPULAR fucking Linux distributions out there. It's absolutely not stupid to work towards supporting such, unless you're a systemdickhead....

Re: No words.

[Zero__Kelvin]

Your version of useradd behaves the same as every other version of useradd that is the same exact version of the useradd you are using? Wow, you are a genius for being able to advance that little tautology!

Re: No words.

Neither systemd, nor any other admin tool "supports useradd", and some tools (like adduser) behave differently. You aren't educated enough on how all this works to be making assertions or judgements about any of this, and should simply remain silent on this issue. Admitting you use Ubuntu isn't helping your case either.

Re: No words.

Windows is more popular than Linux. Following your (lack of) logic, systemd should follow the rules enforced by Windows for user names.

Re:No words.

[nnet]

Says the guy with the sig:

I usually ignore AC's. There are too many self-important cretins hiding behind it.

If you're going to pass judgement, at least get rid of the sig.

Re: No words.

[nnet]

I haven't been paying too much attention to all this drivel, but did Lennart apologize for the mistakes he made in ignorance?
You're alleging the reason for criticism is that '99.9% of people didn't know or care about how this works', and of course Lennart is included.
So, did he apologize?

-Genuinely Curious

Re: No words.

[Zero__Kelvin]

DId he apologize? To whom? Did you read the issue linked to in the summary? Now *I* am genuinely curious.

Re: No words.

[Zero__Kelvin]

I missed one thing earlier. This is indeed a "root escalation requires root" bug. You must be root to create the unit file. People can create crazy user names all day. This *only* happens when a custom service script is created using the crazy user name as the owner of the process as described in a Unit file. It is as close to a non-issue as you can get. People are trying to make it sound like commands you run from BASH will execute as the root user. This is NOT the case.

Re:No words.

On a more serious note, this cannot have been accidental. It is blindingly obvious that this is a power grab for control over Linux driven by Redhat. Existing members of the Linux community trying to report bugs or get features added or changed in systemd are frequently told "talk to your distro, systemd is for distro maintainers, not for you" - turning the bazaar into a cathedral with them at the top.

Exactly, yet nobody seems to care, or dismiss it with "it's free software, they can't control it, you can fork or do your own stuff", willfully ignoring that in practice, they do control it and that noone has the resources to fork their projects, and that even if you do or if you provide something else (upstart, openRC, etc.), no big distro will support it anyway.

Wayland and flatpak are other parts of that power grab, and I bet you all distros will jump to it, until the day the linux ecosystem is reduced to rhel and all the other distros are just pale copies of it.

Re: No words.

It does not. Yet. The day it does may not be that off, considering systemd's feature creeping.

What it does if check if a user in a unit file rule "User=whatever" is correct.
If systemd deems the username invalid, it will ignore the whole rule and run the unit file as root (the default user) with a warning.
Not that if systemd deems the user valid but that the user doesn't exist, it will stop with an error.

There are several problems here:
- not stoping when there is an error in a unit file (reason being "we want to be able tu run new unit files that may contain new rules on older systemd that don't know those new rules")
- checking itself whether the username is valid or not.

The check that systemd performs is too restrictive and refuses some perfectly valid usernames. The sad part is that systemd should not perform any check by itself. It should check by calling getpwnam() and let every program handle what it should.

This is just a bug like every program has, but it is once again made bad by the fact the poettering is a critic-immune ass with an over inflated ego who won't admit any wrongdoing and thus won't correct it.

Re: No words.

I think by this point its fair to assume that either Zero__ is Lennart, or has crawled so far up his butt he has vanished entirely and has effectively become Lennart.

Re: No words.

Ok, Mr. Zero, I did go back to read the bug report.

In the comment in which the esteemed L.P. closed the item as "not a bug", he wrote "systemd will validate all configuration data you drop at it, making it hard to generate invalid configuration. Hence, yes, it's a feature that we don't permit invalid user names..." Leaving aside the issue of what constitutes a valid user name, let's consider what that bug report had to say about what to do with invalid user names.

A couple of days later (July 1), divVerent asked the very reasonable question "Wouldn't it make sense to refuse User=0day then?"

The same day, RealDolos referenced the part of L.P.'s quote that I highlighted, saying "Even if you assume leading numbers are not allowed, systemd running the unit under root is a bug too. It should refuse to run the unit... This is clearly not the case, User=0day is clearly not properly validated and silently ignored and it's still a bug."

Debian developer julian-klode noted a bit later that "I'm not sure it makes sense to start a service if the specified user is invalid, though.", to which RealDolos promptly replied, "That one is easy, in my humble opinion: Same as systemd should not pick and run some random binary when the specified ExecStart is invalid, it shouldn't run a service under a random uid if it cannot find the specified user."

So as for my specific points:

1. (syntax errors) L.P. says that systemd logs them but otherwise ignores them. "We do the same for User= here as for all other options" (his comment on July 2.) That may be the policy, but for cases in which the key of the key/value pair is valid, there ought to be a stronger response.

2. (well-formed user name not in use) In the very next comment, martinpitt disagreed with Poettering on this point, noting that "[s]etting User=nonexistinguser is syntactically correct, just not semantically. ... a unit with User=nonexistinguser should fail instead of silently running as root."

3. (incorrect path name) This is the point that RealDolos made July 1.

You said that I should be content because systemd was now doing what I said it ought to do. No it does not. Only at point 3 (where the path name is incorrect) does it do what it ought to do. In all the other circumstances, it does something hare-brained and dangerous.

At this point in the comments to the bug report, Poettering went off on tangent about utilities that create user names and other things that miss the point. Here is the point: users, even system administrators, can make mistakes. Sometimes random characters get into files because of some odd thing that happened that made the user bump the keyboard. For a maintainer who insists "we should enforce a stricter regime about system users than regular users", he is mightly lax about enforcement of his own inputs.

Re: No words.

[Zero__Kelvin]

I am sorry you were unable to understand what you read, or way it behaves correctly, but that's on you I'm afraid.

Re:No words.

[gweihir]

Ignoring ACs is not a "filter bubble". ACs cannot be identified and are sniping from the shadows, like, you know, cowards. Slashdot has pseudonymity, unless you do something stupid, you cannot be identified. That means many (not all) ACs are in it purely for the trolling.

Re:No words.

So, you acknowledge that systemd is an operating system?

Re: No words.

I'm even more sorry that you do not even dare to explain what you think is the correct way to understand it.

Re: No words.

I can help you. According to the troll above, lennart is god and systemd is perfect. What you perceive as bug in systemd are actually bugs in other programs. They do not behave as systemd expect, so they are buggy.

You will not have answer from that guy, he's simply there to derail the threads, insult people, and stir the conversation away from real issues.

A classic troll strategy, which sadly works. The amazing thing though is how much energy that troll puts in its trolling, which makes me think the troll is either paid to do it, or is lennart himself or a close friend or relative. If it isn't and really believes what it writes, then it has a huge problem.

Re: No words.

[Zero__Kelvin]

Really dude ....

Re: No words.

[Zero__Kelvin]

.. you are even too stupid to break your pattern of replying as AC twice days after nobody is reading the thread. You are "The stupidest trol".

Re: No words.

You are not the intended recipient of my posts. I have zero interest in trying to even begin to maybe attempt to convince you of anything. You have proven to be at least as impervious to facts as your idol.

Savor this post as it will be the only one I'll ever address to you.

Re: No words.

Shut the fuck up you ignorant douche. Go back to fantasizing about sucking Trump's tiny "finger".

Re: No words.

"It's not fair Mr. Kelvin! I'z tryin' ta gets da peoplez ta thinks I ain't da idiot, and you iz provin I iz!!"

Re: No words.

[phorm]

No, it behaves the exact same as any other machine running the same OS Distro as me, with versions ranging back several years. Thus far distributions I have tested this includes:
Ubuntu/Mint (Current versions as I don't have any older ones kicking around)
CentOS 7
RedHat 6/7

Oh, and who does Lennart Poettering work for, well it's REDHAT, and yeah their OS happily allows me to create a username with a leading number. In fact, the only Linux OS I've been able to test that doesn't without some extra flags has thus far been (recent versions of) Debian.

But - barring some massive cranial-rectal inversion - you already knew what I was talking about behavior of useradd in various Distros and not specific binary versions, so you just want to be a prick about that. That's fine :-)

Re: No words.

[Zero__Kelvin]

That is good that you have those distros at your disposal. Now, go through them and find all the ones that have services owned by users that have a digit as the first character, or any character for that matter. Count them and write the number on a piece of paper. That number is the severity of the issue.

Re: No words.

[phorm]

Ah yes, the old "why fix this security/integrity issue, it's not that it's likely to happen" defense :-)

Re: No words.

[Zero__Kelvin]

It is already fixed. I am starting to think you aren't a troll, but just really have no idea what the situition is ATM.

Re: No words.

[phorm]

Last I read (and perhaps that has changed, but I've seen nothing to indicate thus in either the github thread nor the CVE) the "fix" was to have it error out on the username should it start with a digit, even though it was a valid user on the system. Still, killing it is DEFINITELY better than the original behavior of running as root (or most simply failing to adequately drop privileges).

Now the argument has been given (github) that privilege-dropping could be done by the application rather than systemD or that the unit files should never start with a numeric in order to be os-portable. Simply validating the existence of the user would seem to make it plenty portable, as if left-side-numeric usernames are not permitted they should not otherwise exist. POSIX (which about as close to a standard as you'll get) also seems like the standard allows for usernames starting with a numeric:

3.437 User Name

A string that is used to identify a user; see also User Database. To be portable across systems conforming to POSIX.1-2008, the value is composed of characters from the portable filename character set. The character should not be used as the first character of a portable user name.

It specifically calls out usage of a hyphen as the start of a username (likely to avoid conflicts with a flag), but nowhere limits an initial numerical character that I can see.

Now don't get me wrong, there are some things I do like about systemD - in particular the ability to create nested unit files to build derivative/custom configs without breaking the main script - but it's not just the error but the *REACTION* to the error that's sometimes quite maddening. Maybe it's just that team's way of doing things, and certainly Poettering isn't a stranger to controversial modules/changes (though I quite like Pulseaudio these days), but for F*** sakes at least own up rather than hands-up.

The first comment from P on this was essentially "oh, well this isn't a valid username dumbass" rather than "shit, our code allows stealthy privilege escalation, let's fix it".

Re: No words.

[Zero__Kelvin]

If you can tell me a single reason why you have to have a service owner by a user with a name beginning with a digit than you have an argument that the fix is bad. Given that there is NO reason for it, and NO distribution even tries to do this then you have an argument. Sure they *could* allow it, but there is no need or benefit to it. They made a good decision. You might prefer that they support the leading digit option, but not doing so is NOT a major issue,or an issue at all really.

Re: No words.

[Zero__Kelvin]

We don't disagree. To take it a step further one can use a hex editor to create *invalid* user names. I am the one pointing out that the tool used may or may not allow certain names. It is the trolls trying to say that if you can create the user name with a tool it is by definition valid. As you said, and I have been saying, the issue is much ado about nothing.

Re:No words.

[jwhitener]

I just tried on Redhat and Ubuntu and could add a user with zero in front as well. Hmm.

Re: No words.

[phorm]

Because it's a valid user on the system and there's no reason to create an artificial restriction against it. The restriction was created because originally the system f***ed up and allowed it to continue as the privileged user. I'm honestly not sure why #user was a restriction in the first place, if it was valid on the system, as a logical flow is

* Valid user on system, proceed to running as the lesser privileged account. Not a valid user, die with an error

And it apparently already does check if the user exists, so realistically adding cruft just obfuscates the issue. Most of the issues around lefthand-numerical users are due to confusion in lazy checking of a UID versus username, in the case of code that supports either.

Not supporting leading digits is not a security issue (though screwing up the implementation of such previously definitely was), but by properly validating against system-valid users it would be a non-issue regardless.

No, there isn't any distribution that I'm aware of that uses left-hand users by default. But the false premise in this is that systems will only use code that by default comes with the distribution by default, as opposed to having code which works with users the distribution allows.

Re: No words.

[Zero__Kelvin]

Ok. You still aren't getting it. Yes, it is a NEW bug. "Cannot create a service owned by user starting with a digit". Now,what would you assign for severity and prioriy of said bug?

Re: No words.

[phorm]

I love how you like to jump around trying to avoid any responsibility on the part of the devs. It's not a new bug, it's a broken fix to the original bug. But I think that now we're coming full-circle because aardvarkjoe has already pretty much captured this:
    they still haven't fixed the problem that systemd won't accept valid usernames. As far as I can tell, that is 100% an ego thing -- they won't admit that having systemd have its own username validation rules is a mistake.

After which it delved into:
* SystemD does accept valid usernames, useradd(8) is distribution-specific (conveniently ignores the fact that even the distribution of the company which employees the lead SystemD dev - RedHat - allows the number)
* Topic switch: but just because it works for you doesn't mean it's the same as others (but again, RedHat per above and also Ubuntu and derivatives, some of the most common desktop and enterprise Linux distributions)
* Topic switch: well your version might not be the same as other versions (except, again, the behavior per the common distributions regardless of version has been accepting of numerics)
* Topic switch: Well, those distributions don't come with services that run with users starting with numbers (regardless the usernames are still completely valid on those systems, and thus the application is disregarding valid OS users)
* Topic switch: Well, nobody really needs this (aka I don't know anybody who gives a f***, so why should I) so it's not really an issue
* Topic switch: Yeah, maybe it's a bug, but the old root-privilege issue was a different bug, this is a new one and not severe

Looking forward to 6 months from now where some similar issue comes up with a crafted username being used as a hidden attack vector but "hey, it wasn't our fault for trying to rewrite the entire stack - ignoring existing standards - and introducing ugly bugs in the process".

Care to switch it up again?
Actually, I'm happy with "yes it's (finally admitted to be) a bug" and agreeing that in the current state it's not of high severity. However low severity is not no severity, and we've happily obscured the underlying issue of the devs continually creating dangerously broken shit by redoing everything under the sun, being caustic towards legitimate user feedback, and generally turning deaf ear at the "good enough, IDGAF" point....

Re: No words.

[Zero__Kelvin]

I don't know if you have ever done software development, but you are the one switching up the issue. The original bug is fixed. It is lo longer possible to run a service, intending it to be owned by 0day, and have the system run it as root. There is no way to argue that bug still exists. It is closed, as it should be. NOW, someone can open a NEW bug stating that they can't run a service owned by 0day. That bug has minimal priority, and NO severity. It affects NOBODY. Some troll wants to insist "Oh my God!!! I can't do what nobody on the planet wants to do!" Nobody with any understanding of Linux gives a FUCK that a few trolls are complaining about this. All that is left for you to decide is if you want to be a troll, or a guy with a clue.

How does Debian justify using this?!

How can Debian's developers justify using systemd, considering all of these unbelievably unjustifiable problems with it? Why have they subjected Debian and its users to these flaws? Is it really just a result of the best Debian users having long ago moved to FreeBSD, leaving around only users who don't know any better?

Re:How does Debian justify using this?!

It was shoved down Debian's throat by the technical committee in a first ever usurp of power from the developers to the committee. There was not consensus on this change at all.

Re:How does Debian justify using this?!

Basically debian and many other arches abandoned self preservation and any trust to their own powers and people and thought it would be best to crown a corporate king and blindly follow him because, supposedly, money would provide a stable development for critical parts.
Apparently that's not the case and they have become victims of an ugly gentrification.

Re:How does Debian justify using this?!

Eventually Debian will just be a task that systemd spawns to handle legacy items like 'users'. Debian knows this and has adjusted its expectations and demands accordingly. It dares not anger systemd with a bunch of saber rattling, or systemd will renice it out of existence.

Re:How does Debian justify using this?!

Such as "BSL" software, which he loves to call open source even though you can't freely run, copy or distribute it? True-Up Disguised Viral Unlimited License (TUDVUL).

Re: How does Debian justify using this?!

Not only that but the vote for Systemd in Debian was a 2-2 tie and had to be overruled. Hardly a "everyone wanted Systemd" that a lot of the pro-systemd people like to suggest.

Re:How does Debian justify using this?!

Because Debian doesn't use systemd unmodified: the Debian developers taking care of the Debian packaging of systemd do *not* bow to Pottering and will patch his shit when required, no quarter given. After a while, the patches end up accepted on systemd upstream.

I don't know if the Fedora people have a second line of defense like Debian has, though. And, for the record, I have no idea why the hell there's a Debian swirl in this article, systemd came from RedHat and Fedora, *not* Debian.

As for why it is used [by Debian] in the first place: the desktop environment upstreams (gnome, kde) started depending on too much crap from systemd to just plain ignore it, and nobody stepped in to work on full replacements for at least logind and cgroup management until it was too late. Hell, people did not show up even to work on sysvinit which is easy in comparison to the work that needed to be done to replace logind... but they did show up to spew a lot of venom on the mailing lists (a lot worse than what you did in the parent post, even).

IOW, too many parasites making a pest of themselves, too little useful people showing up to do the actual work needed. I sure hope Devuan managed to gather enough useful people to get work done by now: we might be able to flow some of that work back into Debian eventually, for the betterment of all.

Re:How does Debian justify using this?!

I think that there was no consensus is what caused the technical committee to get involved. Many people were advocating for a next generation init system to replace SysV. Clearly forcing maintainers personally support all possible init systems would be worse.

The decisions that came down from the technical commitee made systemd the default init (#727708) and required that maintainers at least accept contributions for other init systems (#746715). The outcome provided for another popular system init to be supported if developer interest was great enough even if the package maintainer advocated for something else.

It's worth noting that systemd is compatible for SysV init scripts so really if the maintainer already supported SysV then they likely already had working support for systemd.

Re:How does Debian justify using this?!

Only gnome, kde's requirement on systemd is optional.
So for a Gnome's sake debian leaders chose to put their fingers into crap polluting their base system with systemd?
That doesn't sound rather technical, more like political decision.

Re:How does Debian justify using this?!

they are idiots and some probably got money for voting pro-systemcrap

Re: How does Debian justify using this?!

KDE doesn't require systemd. I chose it over GNOME on my last install for that exact reason.

Re: How does Debian justify using this?!

[Tenebrousedge]

Rating: pants on fire.

Re: How does Debian justify using this?!

[FrankHaynes]

Point of order: a 2-2 tie means that the motion failed to get a majority, therefore the motion fails. No further action is required.

Re:How does Debian justify using this?!

resources.

systemd has the deep pockets of Red Hat at their back.

the same Red Hat who also employ a number of Gnome developers.

Gnome these days rely on systemd for more and more.

Systemd is also absorbing many of the formerly autonomous daemons found under the Freedesktop umbrella.

End result is that if you want to run a non-systemd distro, you need to be able to maintain a large set of daemons and/or shims.

Even with Canonical involved, Debian just simply could not keep pace with the RH code churn released on the world through Fedora.

Re:How does Debian justify using this?!

[rainer_d]

Not using systemd would have made them irrelevant.

Not that this isn't going to happen anyway, as RedHat absorbs more and more of the Linux-world and it will be increasingly difficult to do anything on Linux "un-RedHat-edly" in the coming years.

As such it has to be seen how much of a differentiation-factor an installer and some default-settings are - together with the complete lack of any kind of enterprise-features that RedHat offers. Because that's what I think Debian et.al are going to end-up being. Because I believe they're even going to adopt the package-format (RPM) and the installer.

If I need something without systemd, I just use FreeBSD. It doesn't do some things, but what it does, it does it very, very well.

Re:How does Debian justify using this?!

[thegarbz]

How can Debian's developers justify using systemd

How can Anonymous Cowards justify asking pointless questions they don't want the answers to. I mean if you were really at all interested you'd look up the very public discussion they had on the adoption of systemd.

But yes, ignorance is oh so blissful.

Re: How does Debian justify using this?!

[thegarbz]

I'm not sure what's more impressive, that you think only 4 people voted on this decision or that you got someone to mod you up for your incorrect post.

Re: How does Debian justify using this?!

[thegarbz]

And if it was a 2-2 tie then that may have happened.

Re: How does Debian justify using this?!

[jon3k]

Looks like it was 4-4, not 2-2, right? Four for systemd vs two for upstart, two to keep sysvinit.

Re:How does Debian justify using this?!

[dbIII]

Because they want the new gnome and it's tied into systemd.

Re:How does Debian justify using this?!

[dbIII]

It's worth noting that systemd is compatible for SysV init scripts

Yes, there may be a couple of old scripts that work with systemd but I've never seen them. Have you? Can you list even a single one?
The syntax is very different.

Re: How does Debian justify using this?!

[somenickname]

You are correct, it was 8 people that voted on it and, as per the "pants on fire" link (https://lists.debian.org/debian-ctte/2014/02/msg00402.html) it was a 4-4 tie. That tie was decided by Bdale Garbee. Bdale Garbee made the decision to switch to systemd. Frankly, Mr. Garbee should be forced to hand over his Greybeard Card. He has shamed our honourable order.

Re: How does Debian justify using this?!

Reading comprehension much? 4 picked systemd as first choice, 2 picked upstart as first choice, and the other 2 wanted further discussion (and of those two sysvinit was a second choice for one and last choice for the other).

Re:How does Debian justify using this?!

[gweihir]

It is two things, I think
a) The Debian tech-board has long since been infiltrated and subverted by Red Hat
and
b) You can still run Debian just fine with sysVinit. You may lose Gnome, but that is no real loss.

It will be really interesting to see what happens if they try to take away b).

Re: How does Debian justify using this?!

[thegarbz]

it was a 4-4 tie

Only if you don't understand voting systems. Read the link. It was a 4-2-2 in favour of systemd. By pairwise elimination it ended up 4-4 in a case of Systemd vs Upstart which is the tie bdale needed to end.

If he'd voted the other way, you'd be here saying the same thing and bitching about upstart which had it's own share of detractors, not to mention that people don't understand the system as it is so we'd have a list of slashdot commenters asking why Debian is using an init system which only got 2 out of 6 votes.

The world is full of voting systems each with their own benefits and downsides. In many of them systemd would have been an overwhelming winner, including the first past the post systems so favoured by democracy, or stacked points often used to judge popularity. But, pairwise elimination it was.

Re: How does Debian justify using this?!

still looks like a fucking idiot decision

Re: How does Debian justify using this?!

[Tenebrousedge]

No, Ian Jackson was the only one to rank sysvinit over either upstart or systemd. He was also the only one to rank sysvinit higher than openrc. It was an equal split between systemd and upstart after all others were eliminated. Sysvinit lost 7:1 to both of those things, and it also lost to 'further discussion', and so it was the first option eliminated. Upstart, well...I've never seen anyone cry because it wasn't adopted that didn't work at Canonical. Generally 2-2 or 4-4 is just an overly simple way of looking at this. The one thing you *can* say is that sysvinit went down in flames.

Ian Jackson of course refused to accept this process as legitimate and has left Debian. I have very little positive to say about that kind of behavior.

Re:How does Debian justify using this?!

[nnet]

Splunk.

Re:How does Debian justify using this?!

[dbIII]

Well, named is a start but list means something else in this context. Do you have a link to a listing of that splunk startup script that apparently works on both systems?

Re:How does Debian justify using this?!

[nnet]

The init script is created after initial installation with /opt/splunk/bin/splunk boot-start, puts a sysv script into /etc/init.d and a systemd unit file that calls it into RH's systemd tree. The unit file may be added by rpm maintainer, haven't checked...

Re: How does Debian justify using this?!

[jon3k]

Sorry I was referring to their first choice. Unless I'm misreading this:

4x D U O V F (bdale, russ, keith, don)
F U D O V (steve)
U D O F V (colin)
F V O U D (ian)
U F D O V (andi)

4 people had it as their first choice, 2 as their 3rd, one as their second and one as their 5th. So only 4 of 8 people picked that as the best option. Right?

Re: How does Debian justify using this?!

[Tenebrousedge]

I mean, yes, but that's not how they were actually counting the votes, so I have trouble seeing the relevancy. If they had been counting the number of people who picked it as their first option, systemd would have had an easy plurality. The entire point of this voting method in the first place is that viewing things in that way is not very fairly representative of people's opinions.

Re: How does Debian justify using this?!

[jon3k]

I guess my point is only half of the group believe systemd to be the best choice. The point of the voting system is to come to some kind of consensus, which I understand.

Re: How does Debian justify using this?!

[Tenebrousedge]

With respect, I do not think you actually do understand. It's not "some kind of consensus," the voting system is designed for a very specific kind of consensus, which avoids the error that you're very keen on making. This is sounding very like motivated reasoning.

Yes, it would be more unfair if systemd had been chosen by a simple plurality vote, especially with a small plurality. They used a system which accounted for that: your objection is invalid.

Re: How does Debian justify using this?!

[jon3k]

It's entirely possible. Is the order of their vote not their order of preference?

Re: How does Debian justify using this?!

[Tenebrousedge]

Yes. But what they're after is not the first ranked choice, but the candidate which would beat every other candidate in a heads-up race. I was attempting to sort out mathematically whether it was possible to win without anyone ranking the winning candidate as their top option but I have yet to actually run the numbers. Either way, the absolute position is not as important as the relative position.

Consider a field split in thirds with one faction having a 34% plurality of the top ranking:

A B C 34%
B C A 33%
C B A 33%

Under pairwise comparison voting, A would lose despite having more people rank it first. This is a design goal of the voting method.

Re: How does Debian justify using this?!

[jon3k]

I completely understand that the goal is to reach a consensus which means you might not get your first choice. My point is just that only half of the group chose systemd as their first choice. Four people got their first choice and four people did not get their first choice.

Re: How does Debian justify using this?!

[Tenebrousedge]

I don't know how else can one tell you that your point is not relevant to the outcome of the decision or the manner in which it was conducted. I do not believe you are being terribly objective here.

Re: How does Debian justify using this?!

[jon3k]

I'm not how else I can tell you that I understand it's not relevant to the outcome. What it illustrates is individuals preferences.

Re: How does Debian justify using this?!

[Tenebrousedge]

You are intentionally viewing this topic in a biased manner after this bias has been demonstrated to you both verbally and mathematically. I believe this conversation is at an end. Good day.

Re: How does Debian justify using this?!

[jon3k]

I cannot figure out how you still don't understand this. My only guess is willful ignorance at this point.

Only four people's first choice was systemd. That is a simple fact.

Re: How does Debian justify using this?!

[Tenebrousedge]

Your argument is almost exactly identical to someone saying, "But Hillary won the popular vote!" That's not what counts. That's intentionally not what counts. Your side lost, get over it.

Re: How does Debian justify using this?!

[jon3k]

That's a pretty poor attempt to deflect from a simple fact that you cannot refute. Only half the people believed systemd was the best option. Deal with it.

Re: How does Debian justify using this?!

[Tenebrousedge]

If you don't like the comparison you should not use the same argument. No one is trying to refute your point, it's just as relevant to the topic as the price of tea in China. Why don't you find an adult and have them explain this to you.

Re: How does Debian justify using this?!

[jon3k]

If you're too simple to understand why that matters, there's no use arguing with you.

Re:Should systemd be Yesrewritten in Rust?

Rust and systemd are a true match for one another, although I would very much like to see systemd go.

Re:Should systemd be rewritten in Rust?

ISTR that Java was also designed from the ground up to be safe and secure.

Re:Should systemd be rewritten in Rust?

[HanzoSpam]

If I hear of a company marketing a supported enterprise distro of FreeBSD, I'm gonna buy stock!

the sea cannot rust until the fish eat the plastic

mynutswon; an almost godlike intervention by insulation scheme? i feel another which came first turdfling brewing..

Xinuos OpenServer 10

So it sounds like you want Xinuos OpenServer 10:

Xinuos OpenServer 10 is a 64-bit operating system based on the popular FreeBSD and designed to support business applications within an enterprise environment.

It should be noted that Xinuos also offers SCO UnixWare and SCO OpenServer. Even sco.com now goes to their web site. What's funny about this is that it wasn't SCO that ultimately harmed Linux to the point of it being unusable. It turned out to be the Linux community itself that made Linux unusable by including systemd! And now it is what could be seen as a successor to SCO that's providing relief from how the Linux community has ruined Linux!

What a world we live in!

Re:Xinuos OpenServer 10

Xinuos is more or less what is left (Oracle has another division, I believe) of the Tarantella people, not the SCO that was suing everybody.

Re:Xinuos OpenServer 10

[unixisc]

An interesting aspect of this is that Xinuos, as the successor to SCO* - the company that inherited UnixWare and w/ it System V Unix IP, has decided to fork off FreeBSD - a BSD project - instead of continuing on System V. That really demonstrates that the System V branch of Unix is for all practical purposes dead. Xinuos just does support work on the legacy SCO Unixes, but beyond that, drives companies towards FreeBSD. Oracle just supports Solaris on legacy SPARC hardware, but otherwise, pushes Oracle Linux. All the other Unixes that were based on System V are dead.

Re:Xinuos OpenServer 10

[unixisc]

Actually no! Tarantella was acquired by Sun shortly after it spun off SCO, and it didn't have the OSs - it had some utilities like IIRC OpenVision and some NFS like software.

Xinuos was the successor company to SCO, Inc, after it filed Chapter 7. They inherited whatever legacy assets SCO had, as well as any customers, but started w/ a FreeBSD fork for enterprises. No idea whether their management has anything in common w/ that of SCO, Inc.

Re: Xinuos OpenServer 10

[s4m7]

Netcraft confirms... System V is dead.

You be late, mon

BSDi went bust quite a while ago.

(Anyone willing to pry BSD/OS loose from what's left of wind river?)

Re: You be late, mon

Owned by Intel now, perhaps they would release it again, if it could be spun for good PR.

Re: You be late, mon

[Billly+Gates]

I thought Walnut Creek got acquired by the FreeBSD foundation. Did it not?

Re:You be late, mon

A lot of the BSDi kernel code was shared to key FreeBSD kernel developers. It is the basis for FreeBSD's replacement of the big kernel lock.

Re:You be late, mon

[unixisc]

Actually, that BSDi code was shared to the public - sans 6 files that were re-written to exclude any AT&T/USL code. That version was known as 386 BSD. It got forked to FreeBSD and NetBSD, and NetBSD had a major fork to OpenBSD. There have been several minor forks of FreeBSD since.

I seem to remember Miguel de Icaza ...

[HBI]

Back in the days when Mono was considered a submarine way to give Microsoft control over Linux, there was such universal hate then.

Re:I seem to remember Miguel de Icaza ...

Well Icaza did split the DE world down the middle, and is currently working for MS, so who really knows...

Re:I seem to remember Miguel de Icaza ...

[Billly+Gates]

Mono is alive and well. It is part of .NET core which Visual Studio is using to port itself to Linux. MS Code editor already is on Linux and MacOSX using .NET core with a few mono libraries.

Re: I seem to remember Miguel de Icaza ...

[spongman]

Vscode is written in JavaScript and uses the electron runtime.

Ax Handle Sodomy

I wonder how Poettering and Sievers feel about involuntary ax handle sodomy? Because that's what needs to be done. Each needs to be spread eagled and chained to a fence rail. Then everyone who has issues with systemd will be allowed five minutes with an ax handle and an those unlubricated rectums to teach those boys a lesson.

Not fair you say? Well how many thousands have they themselves sodomized with systemd?

Re:Ax Handle Sodomy

Funniest post for the past several weeks. Thanks for laugh.
But I guess that won't be punishment, they'd love it and would ask for more.

Re:Ax Handle Sodomy

You sure do have some weird fantasies.

Re:Ax Handle Sodomy

But isn't the point that at first the systemd felt like a good idea until it suddenly became just too much to take in? Ax handle, even with the proper lubrication is of the wrong shape to fulfill this communicative purpose.

Re:Ax Handle Sodomy

> Well how many thousands have they themselves sodomized with systemd?

Um. Zero?

Why do you call for a literal sodomization, when your motive is based entirely on a figurative/metaphorical sodomization? Do you even know the difference?

That said, the basic plot of your post would make for a pretty good gay porno BDSM/fetish film. WHich probably says more about YOU than you wanted to make public.

Re:Ax Handle Sodomy

Yes, they would love it and Lennart would lick the axe handle afterwords.

Why not OpenBSD?

[Ungrounded+Lightning]

Use FreeBSD, no systemd and technically a truer Unix than linux anyways.

Why do you mention Free rather than Open? (Or Net, for that matter?)

Seriously: I was looking at porting a project from Ubuntu 14.04 LTS to OpenBSD rather than later Ubuntu releases for security (and licensing) - at least in part because 14* to 16* or later means going to systemd and trying to security audit it looks like a nightmare. The obvious candidate was Open, because of its security tightness and because it's just supporting one embedded app on one particular hardware platform, so not having the whole kitchen sink of drivers and apps isn't an issue.

Is FreeBSD just a better match for what you're doing? (Laptop?) Or is there something else I should be looking at when picking a distribution?

Re:Why not OpenBSD?

Different goals of the platforms.
FreeBSD wants to be a well-rounded general usage OS
OpenBSD wants to be the pinnacle of security and is willing to throw everything out to achieve that goal
NetBSD wants to be ultra-portable
Dragonfly wants to be a high performance highly scalable and even distributed OS

Re:Why not OpenBSD?

I use FreeBSD for my web / email services. I don't have experience with Open and Net BSD. I would imagine they are just as equally better. Nor do I have any experience with any of them as a Desktop OS. I still use windows there. I don't have time to deal with fucking with shit and trying to make stuff work when it comes to my desktop. So Win7 does what I need there.

If you are looking for a bare bones install, FreeBSD base package install can be installed in a couple hundred MB. This will have No GUI. I ran my servers off a 4GB flash IDE disk on module for MANY years before i decided to upgrade to using IMAP to store all my mail on the server rather than locally on my desktop using POP. IMAP mail store ended up using 13GB for the emails I have saved. So that made it necessary to put the system on spinning rust. I could at some point upgrade it to an IDE to CF adapter, but the spinning rust was free out of my junk collection so that's what i went with.

Re:Why not OpenBSD?

[Curupira]

OpenBSD is undoubtedly safer, but FreeBSD is generally considered to be updated more often and better to use as a desktop/laptop OS. In fact, there is TWO desktop-centric operating systems based on FreeBSD: TrueOS (formerly PC-BSD) and DesktopBSD. So, if your intent is to use it in a desktop/workstation, FreeBSD is probably a better fit.

Re:Why not OpenBSD?

[Aighearach]

I've used them both and IMO they are exactly the same as a desktop because you're going to have to compile everything anyways.

Re:Why not OpenBSD?

[hord]

I've run Open and Free. Here is my opinion:

FreeBSD - Stable and ultra fast on x86 hardware. Good for file servers, desktops, anything.
OpenBSD - Stable but not performant. Useful for infrastructure.

I really like OpenBSD. I ran it for many years and even contributed hardware to the project. That being said, the security features in it don't outweigh its performance drawbacks. Some of this is due to the security features (e.g. PID randomization slows process generation) so your choice will be workload dependent. Your hardware choices with Open will be more limited as well and you don't get stuff like ZFS. I'd experiment with both.

Re:Why not OpenBSD?

You don't have to compile shit for FreeBSD. look up the pkg command. Every package is available precompiled. Sure you can still compile from the ports tree if you like, if you need to change a compile time option. But in most cases its just a waste of time.

https://www.freebsd.org/doc/handbook/pkgng-intro.html

Re:Why not OpenBSD?

[Billly+Gates]

TrueOS is utter crap and DesktopBSD hasn't been updated in a long time.

TrueOS uses FreeBSD 12 current which is over a year awhile and reminds me of early versions of Mandrake early last decade which never quite worked or crapped out as soon as you updated.

I just tried installing it in Hyper-V a few hours ago and it won't even post in generation 1 or 2 guests. FreeBSD 11.1 no problems for both. ... however I found a bug in Xorg with the mouse having issues as soon as Mate loads up on gen 2 hypervisor just now :-( (it came out 72 hours ago so things like this are expected)

I have not tried OpenBSD so take what I have to say with a grain of salt. I would not say it is safer. The drivers are not as up to date or existent which is essential for good uptimes with supported hardware on a server. Linux unfortunately is more tested and so is FreeBSD.

FreeBSD has ZFS, dtrace, and the amazing handbook which I recommend to buy in paperback and amazing man pages which even include Unix history so it can rock for a server.

As a desktop sigh yes you need to watch youtube videos and read the handbook and spend a food afternoon to get a gui, Sudo, bash and gnuls --color, and other things a modern Ubuntu user would expect after an installation.

Re:Why not OpenBSD?

[Billly+Gates]

I've run Open and Free. Here is my opinion:

FreeBSD - Stable and ultra fast on x86 hardware. Good for file servers, desktops, anything.
OpenBSD - Stable but not performant. Useful for infrastructure.

I really like OpenBSD. I ran it for many years and even contributed hardware to the project. That being said, the security features in it don't outweigh its performance drawbacks. Some of this is due to the security features (e.g. PID randomization slows process generation) so your choice will be workload dependent. Your hardware choices with Open will be more limited as well and you don't get stuff like ZFS. I'd experiment with both.

PID randomization is included with FreeBSD 11.x as well as few other hardening options when you install.

Re:Why not OpenBSD?

That's the public consumption stuff.

OpenBSD is really Theo's vehicle, which he forked out of spite after getting into a stupid spat with NetBSD core@. (This says bundles about both, incidentally.) They do worship "security" (and it often does devolve into "worship", though they do know their stuff) but to value it properly you need to understand their idea of "security", which is actually pretty narrow. Point in case: "openntpd", which is written by security nerds because the reference implementation was deemed to be doubleplus ungood, and not by time nerds. So you get a situation where the thing only doing sntp is deemed peachy fine. Except that to people who really need Proper Time, the bread and butter of ntp, this is simply not good enough, but the thing won't tell you. Fun times.

NetBSD is a bit of a tinker toy. It's pretty portable, but some (even non-mainstream!) platforms are actually better served by, oh, OpenBSD or something. It is a bit hampered by its core@ being a bunch of nice people and by its niche status. It now has lua in the kernel.

FreeBSD is a different kind of tinker toy with a big position as "geheimtipp" for servers, something they've done their level best to destroy since FreeBSD 5, first with the n:m scheduler (which they finally gave up on with FreeBSD 8), and now with various userland rewrites, including pkgng (which suffers from a massive case of second system effect). It was traditionally strongest on i386 and now x86_64, and much less so on other platforms (alpha was somewhat decent, though). There is a strong influx of linux refugees, and it shows.

DragonFly BSD is Matt Dillon's fork of FreeBSD 4.11, because he disagreed with the n:m scheduler as overly ambitious (which got vindicated) and as a vehicle to do things like HAMMER with. Too bad the thing also saw fit to jump the pkgng bandwagon. Like NetBSD it suffers from being small-ish and being niche without having a clear niche-crowd to leverage.

They all have their own flavour and they all steal from each other with gay abandon.

So you see, the people behind it are important also, certainly if you'd like to participate and not "just use". And the best way to learn about them is to try.

So if interested do find the time to install each of them at least once, even if only as a VM. But do install from scratch; go for a bootable system without X and packages, then build from there.

One thing the *BSDs tend to do much better than linux is documentation. So be sure to look for that first and do plenty reading before starting your installs.

Re:Why not OpenBSD?

You don't have to compile shit for FreeBSD. look up the pkg command. Every package is available precompiled. Sure you can still compile from the ports tree if you like, if you need to change a compile time option. But in most cases its just a waste of time.

https://www.freebsd.org/doc/handbook/pkgng-intro.html

You don't have to compile shit for OpenBSD. Everyone is encouraged to use the pre-compiled binary packages

Re:Why not OpenBSD?

[fnj]

Aighearach is the dictionary definition of an ignoramus.

Re:Why not OpenBSD?

[fnj]

TrueOS uses FreeBSD 12 current which is over a year awhile

What are you trying to say in English? Because that is gibberish. And what is a "food afternoon"?

The only one of those things that is any more than trivial to install is a DE. You can get all the rest in a few SECONDS using "pkg install sudo bash gnuls".

Re:Why not OpenBSD?

Are all BSDs are created equally? A survey of BSD kernel vulnerabilities.
by Ilja van Sprundel
https://defcon.org/html/defcon-25/dc-25-speakers.html#van Sprundel

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf

Re:Why not OpenBSD?

[unixisc]

They all have their own flavour and they all steal from each other with gay abandon.

What exactly does 'steal' mean here? Do they incorporate each other's code w/o giving them due credit? That would be the only violation of any BSD license, afaict. Otherwise, the BSD license explicitly allows anybody to take any code and use it in anything else, including changing the license: the only thing that must be done is the original author should be properly credited.

Re:Why not OpenBSD?

Some ideas get copied, some don't. It's not always the good ones that get copied, either. They'll mention it in passing, but you have to look closely to notice it much later. Eg. you wouldn't know these days that FreeBSD's rc system came from NetBSD (not that it was that much different to use than the previous one), unless you dug deep enough. Call it artistic licence, because yes, it's perfectly fine under the BSD licence. But it does sometimes mean that the other projects see this one with a new toy and they'll just copy it without really thinking about it.

Re: Why not OpenBSD?

OpenBSD earns some of their brownie points with code exclusion

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf

Re:Why not OpenBSD?

[Aighearach]

You could always check that, if you can find a dictionary.

Re:Why not OpenBSD?

[rl117]

The caveat, AFAICR, is that the binary builds don't have security updates, being built at the time of release, so you have to build from source if you care about security updates. It's been a topic of conversation on the openbsd list a few times.

Re:Why not OpenBSD?

You guys tried Windows ME? It's pretty slick.

"only the lamest of vendors gets a Pwnie"

Systemd is named "lamest vendor" in the nomination, as cited in the story. Granted, that's hard to see if you only read headlines.

No shit

Poettering is just as childish asshole as the great Trumpet is.

Will never recommend Redhat as long as systemd...

is a thing.

That Would Have SERIOUS Repercussions

SystemD being written in Rust would create such a massive black hole of douchebaggery that the entire universe would get sucked into it.

Re:Should systemd be rewritten in Rust?

Java is more mature so would make an even better choice. Where is my Linux Java init replacement? I mean imagine how awesome Linux would be if the kernel was written in Java? Unbreakable!

systemd

[maestroX]

When does the hurting stop.

Re:systemd

[Zero__Kelvin]

What hurting? When was the last time you created a custom service file with a non-existent username beginning with 0 again? Oh, that's right, you were NEVER going to do that, and yet the problem has been found and fixed anyway.

Re:Systemd

[dbIII]

Are you trying to imply that you opened this conversation in good faith

My post is right there above. No stuff such as "it's definitely easier to rant against something if you know next to nothing about it" - that bit of bad faith was entirely yours, as is your very long rant directly above which seems to be the only rant here.

If you want to be taken seriously I suggest acting appropriately.
The "one rule for me and another for others" attitude comes off as somewhat childish.

Also what's with the fucking lecture - indeed a revisionist lecture? I've been following this for more than a decade ever since Lennert's ill-fated roadshow to convince people outside of RedHat to grant him the linux crown. If you are going to parrot Lennart's own words, but get them wrong, just provide a link to his blog. Maybe try reading it yourself to clear up those misconceptions that you are attempting to propagate for some reason.

Re:Systemd

[Tenebrousedge]

I view this as a lack of response.

Re:systemd

The hurt? Let's see, off the top of my head...
Systemctl returns success on failure to stop.
Systemd won't mount network mount points from /etc/fstab, you need to create 11-line unit files for them.
Even then, it can't unmount NFS properly. Bye bye clean shutdown.
Systemd journal consumes all memory and leads to regular server downtime due to OOM.
Default systemd units raise network services before network is started, meaning they can't bind to IP and will hard fail (won't restart).
etc. etc. etc.

Oh, there's another systemd exploit with a high score currently under embargo. Expect yet more fun in August.

Re:Systemd

[dbIII]

That kind of makes two of us because I was asking what systemd was supposed to solve apart from empire building and while I have to say you did try hard I disagree with your very fuzzy attempt at an answer. IMHO those problems you said systemd was supposed to have solved have not actually been addressed in systemd. The lack of parallel init in an earlier system was addressed in upstart but barely touched on in systemd (as seen by those instances, which were never common and are becoming rarer, where systemd just hangs). The other "problems" still exist in all the current init systems.

That's why I wrote what I wrote.

Re:Should systemd be rewritten in Rust?

Rust will only save you from certain types of programming mistakes, not a cavalier attitude towards security design and testing.

Re: Finally, the thread slashdot deserves!

Sup, Zero_Kelvin?

With all this hate...

[Kokuyo]

I've been considering switching from Ubuntu to something without Systemd. But what would that be? Slackware is a bit hardcore and frankly, I'm really scared I won't get my server functional ever again if I start from scratch...

Re:With all this hate...

[Kokuyo]

And no, I'm not gonna do another LFS. The last time, many moons ago, I got it running but with so many error messages I couldn't truly deal with, I think I've got enouth PTSD to tell my grandkids I would have preferred a good war :D.

Re:With all this hate...

Devuan
Assuming that you actually are looking for an answer and not just playing "Why don't you - yes but...".

Re:With all this hate...

[sconeu]

What about Devuan?

Re:With all this hate...

[Kokuyo]

I was of the impression that Devuan is really, really new on the field. How trustworthy is the distribution and what are its chances of living for another few years?

Also, to be quite honest, Ubuntu provides a lot of howtos online. How similar is Devuan to Debian or Ubuntu, init aside? Do howtos mostly apply to it as well?

Re: With all this hate...

[thePjunisher]

I tried Devuan, but too early, maybe, because I found the beta I tried to be barely functional. It might be better now. In the end, I landed on Manjaro OpenRC.

Re:With all this hate...

One of the big things that both Slackware and LFS lack is a package system with dependency management. Try Gentoo: nice community, good dependency management, and a non-systemd default setup. Build it your way.

Re:With all this hate...

[Kokuyo]

Hmmm Gentoo. Why not? That one's at least seen a few years so it's probably somewhat mature at least and won't kick the bucket in a year or so :D.

Re:With all this hate...

[epyT-R]

slack, gentoo, devuan are options..

Re:With all this hate...

[angel'o'sphere]

Slackware used to be close to BSD and most other Linux distros are close to System V and the modern mix of BSD/System V.
If you really want to switch, why not to Open BSD?

Re:With all this hate...

[Kokuyo]

I guess that would be an idea considdering my zfs storage. I was just of the impression that hardware support was even worse than Linux. Is that not so?

Re:With all this hate...

[Kokuyo]

I should probably also mention that I plan GPU passthrough to a windows vm on this server (Threadripper based).

It's gonna be quite a challenge as it is and I've never worked with a BSD...

Re:With all this hate...

I ended up switching to macOS and iOS to escape systemd and Pottering's madness. Say what you will about Apple but they are BSD based and posix compliant. Pottering has no idea what posix complicance is and frankly neither does his code.

Re:With all this hate...

[Viol8]

Yeah, but OS/X has its own issues - OS/X specific system APIs in Objective-C? Ugh. Proprietary graphics and sound subsystems (X support now hived off to an OSS team so who knows how long that will last) , uppercase/lowercase issues with filenames, and a number of other things. I'm not saying OS/X is bad, its just not the perfect Unix enviroment either.

Re:With all this hate...

Alpine Linux
Gentoo
Funtoo
Void

Re:With all this hate...

[Billly+Gates]

OpenBSd has hardly any drivers and is not that user friendly. FreeBSD is better as it has up to date drivers, ZFS, dtrace, jails, and is more supported.

Re:With all this hate...

[Billly+Gates]

FreeBSD is quite popular. Issue is well it is hardcore :-)

But FreeBSD is conservative and known to be quite stable for server builds. What I love about FreeBSD is I find the FreeBSD handbook and manpages quite superior to Linux.

Linux is abunch of things glued together and grown. FreeBSD is designed and feels like a complete OS. The tools are BSD based, Documentation is BSD based, even the sample scripts, and then of course the kernel etc. The ports in /usr/ports also pull from the sources and apply FreeBSD patches to each one. It is a more integrated feel as seperate teams working together make the OS. Not a bunch of guys in a basement putting stuff togehter independently and calling it a linux distro. ... ok my last rant was true 15 years when we had lots of smaller distros made by kids. Ubuntu and CentOS/Redhat are professional. But outside support for things like Duvaan are not there.

I am not bashing it but a few guys who hate SystemD writting on github for Duvuaan scare me as I have no idea who they are and what kind of quality controls.

FreeBSD has ZFS (not a user mode hack), dtrace, and jails too so it does have a use besides Hey we are not Linux clone.

FreeBSD will not come with a gui by default. You will need to look up the handbook or go to youtube on setting up Xorg and your X11-wm of course and creating a Sudo file etc. But FreeBSD 11.1 has long term support not just for security updates but also application updates which unlike Redhat/CentOS can turn crusty after a few years.

Both Amazon and Microsoft have contributed code to FreeBSD for Azure/Hyper-V and Amazons web services so pull up a free VM to play with.

Re:With all this hate...

[Billly+Gates]

Yeah except MacOSX has it's own version of SystemD called startup which also tries to outsmart init with an autostarting daemon that starts other daemons that is not that configurable.

Not saying it is as bad as SystemD. I am just it tries to make it friendly and visual and do things for you which is what drives Unix nerds mad.

Re:With all this hate...

I've been running Devuan 1 since ~28 May; it's basically indistinguishable from a de-systemd'd Debian 8.

Re:With all this hate...

[aardvarkjoe]

Most of those who oppose systemd are pining for the Good Old Days of loading the boot target using bat-handle toggle switches on the front of their IMSAI.

We're mostly pining for the Good Old Days when you could trust your init system to do what it was supposed to do.

Re:With all this hate...

[Zero__Kelvin]

Let's hear your actually encountered, real world issue (not read about in a misleading Slashdot post) with systemd that merits such a drastic change.

Re:With all this hate...

[Lady+Galadriel]

Yes, FreeBSD is what I call a long term supported, server style OS.
(That's not to imply it can't be a desktop OS. I used Solaris 2.5.1, 2.6, 8 and 10 on SPARC for my desktop, for over 10 years...)

iXsystems took over the old PCBSD and now calls it TrueOS. Still based on FreeBSD, and intended as a desktop OS. Still a bit raw. And probably does not have the driver support Linux has, but if Linux goes messy, (SystemD everywhere!), then I will have to consider migrating from Gentoo to TrueOS.

One thing I absolutely love, is ZFS. (And yes, on Gentoo Linux it's rock stable.) This gets me so many features, like alternate boot environments for software upgrades, home filesystem snapshots for easy file recovery, simple disk mirroring, and data / RAID verification.

Re:With all this hate...

[thegarbz]

Based on the way people talk about systemd Devuan should now be the best funded and most active distribution in the linux world.

Snide comment aside, I don't think they'll go away. This topic has basically turned into a religion and the existence of Devuan is beyond someone's fork project and basically propped up by a belief system that an alternative must exist in the Linux world. I'd bank on it being around for a while.

Re:With all this hate...

[Billly+Gates]

Yes, FreeBSD is what I call a long term supported, server style OS.

(That's not to imply it can't be a desktop OS. I used Solaris 2.5.1, 2.6, 8 and 10 on SPARC for my desktop, for over 10 years...)

iXsystems took over the old PCBSD and now calls it TrueOS. Still based on FreeBSD, and intended as a desktop OS. Still a bit raw. And probably does not have the driver support Linux has, but if Linux goes messy, (SystemD everywhere!), then I will have to consider migrating from Gentoo to TrueOS.

One thing I absolutely love, is ZFS. (And yes, on Gentoo Linux it's rock stable.) This gets me so many features, like alternate boot environments for software upgrades, home filesystem snapshots for easy file recovery, simple disk mirroring, and data / RAID verification.

Thanks Lady I do not have experience wiht Solaris other than running uname. I do say I HATE trueOS as just a a few hours ago when I was typing that post I was trying to install it on my Windows 10 Desktop using Hyper-V. It won't even post in either UEFI or in Bios mode as either guest.

TrueOS is based off of FreeBSD 12 current according to their website which is still over a year away! It kind of reminds me of old Mandrake back in the day where it had lots of bugs when you exited XFree86 Kde1 and saw all the errors on the terminal.

To be fair I couldn't get the mouse to work after logging into Mate from FreeBSd 11.1 which I just installed that has generation 1 EFI support for Hyper-V so there is that on the bleeding edge. I want to play with ZFS when I get time to learn it. These days I was leaning more towards SharePoint help at work but maybe doing more admin stuff on the side.

If TrueOS was based off of a stable FreeBSD distro my respect for it would go WAAAY up as current is not even alpha. It is beta.

Re:With all this hate...

Most of those who oppose systemd are pining for the Good Old Days of loading the boot target using bat-handle toggle switches on the front of their IMSAI. Technology marches on. Instead of wading through several kilobytes of init scripts to figure out what mods I need to make, I can create a systemd file of a few lines and I'm up and running.

But you can go back to worrying about how to pay for your 80-column card so you can get a wider screen to play Pong. Enjoy!

Systemd violates one of the core philosophies: do one thing, do it well. It tries to do many things, and has problems.

What's next giving up on the opens source concept entirely? Just release systemd as a binary blob with no source?

Re:With all this hate...

[Zero__Kelvin]

Yes. The same is true of the kernel. You would think it would just display shit and do that well, but no, it handles disk drives, users, virtualization ... The list goes on and on. Talk about a violation of *nix principles! You DO know that systemd isn't a single program, right? Of course you don't.

Re:With all this hate...

[i.r.id10t]

I've been trying to learn how to do things The BSD Way. Considering freebsd since Linode support it to some degree for their VPSes...

Re:With all this hate...

Yes. The same is true of the kernel. You would think it would just display shit and do that well, but no, it handles disk drives, users, virtualization ... The list goes on and on. Talk about a violation of *nix principles! You DO know that systemd isn't a single program, right? Of course you don't.

So systemd is the kernel now? systemdux ftw!

Re:With all this hate...

[msk]

I've been running it since the repositories were available, as a direct changeout from Debian via sources.list. It's stable and maintained well.

Re:With all this hate...

Let's hear your actually encountered, real world issue (not read about in a misleading Slashdot post) with systemd that merits such a drastic change.

So you must be dumb.

Re:With all this hate...

[Zero__Kelvin]

No, and just as SysV Init is a collection of programs, so to is systemd. People saying it doesn't follow the philosophy are either mistakenly or intentionally mischaracterizing it as a single program. If you prefer, think of linux-tools. That is the analogy. Would you say OMFG ... linux-tools violates the philosophy because it doesn't do just one thing!? Of course not.

Re:With all this hate...

[dbIII]

I've shifted a lot of stuff to FreeBSD, but that's only a good move if the software you want to use runs on it. With commercial software I'm stuck on RHEL6/CentOS6 since the vendor can't work out how to get it to run on RHEL7 (which has systemd) let alone other platforms.

Re:With all this hate...

[dbIII]

The idea itself isn't bad. The implementation of taking things over instead of working with existing tools, and the replacement being substandard due to communication problems and not caring how things were done before - that is the issue.
Linux is deliberately made to act like an older version of *nix. Changing that entire idea of having something new that behaves completely differently is bound to annoy many people who choose to use linux.

Also, but far more trivially, such a major change connecting to so much other software has meant older platforms being abandoned and software concentrating onto specific platforms, which was kind of annoying me this week putting stuff on a couple of old Macs. That's just an example symptom of major change versus incremental change.

Re:With all this hate...

[supertall]

MX Linux

Re:With all this hate...

Debian can STILL be used WITHOUT systemd. My servers use debian-testing, with systemd-shim instead of systemd.

Re:With all this hate...

[gweihir]

At this time, stock Debian with sysVinit is a reasonable option. There will be some systemd cruft still around, but it will be mostly inert.

Re:With all this hate...

[angel'o'sphere]

FreeBSD or OpenBSD was more a hint for a change.
I have no real experience with any of them.

Mac OS X is based on FreeBSD, but uses a Mach kernel.

Re: With all this hate...

Nope- working fine for me- 1 new system, one upgrade from Jessie. No problems at all.

Re:With all this hate...

[tigersha]

Since when is ThreadRipper on the market? Where did you buy one?

Re:With all this hate...

[tigersha]

OS/X is OS/X. The Audio API, to use your example, is the best there is and in widespread commercial use. There is a reason they did their own Audio API. The one In Linux and BSD sucks. Completely.

As for Graphics, OS/X was always based on a PostScript/PDF rendering pipeline for reasons that it widely used in Desktop Publishing. OS/X is OS/X, not BSD. It works very well for the tasks it was designed for. FreeBSD works well for the tasks it was designed for. There is quite a bit of overlap, sure, but they are not the same

Re:With all this hate...

[tigersha]

I am still sad that I can't get a 160 wide Hercules Graphics Card that can drive my 24 Inch monitor in monochrome :(

Re:With all this hate...

All init systems should have their own webserver and QR code generator, obviously. I'm still waiting for the canoe launcher.

Re:Should systemd be rewritten in Rust?

Ummm, Android.

Re:Should systemd be rewritten in Rust?

Changing languages isn't the answer. Security bugs can happen in any language. The design of systemd ....

There's an actual DESIGN to systemd?

Dang, and here I thought systemd was nothing more than, "Let's replace init. Oh, SHIT! I never thought of THAT! OK, I'll write even more crap code to patch over that oversight, and replace what's been working fine for years with my own buggy code!"

Get Hans

[ArchieBunker]

You could always get Hans Reiser out of jail to do the hit. He doesn't have any problems murdering people.

Re:Get Hans

At least Hans invented something of use. He may have been a murderer but the features of ReiserFS were innovative and moved Linux forward.

Re:Get Hans

[Tenebrousedge]

This comment brought to you from Bizarro World.

Re:Get Hans

What? Had Hans not snapped, everyone would most likely be running Reiser in the places we run XFS and BtrFS in the places ext4 can't scale.

He snapped and did something horrible, his contributions to file system design were innovative and moved Linux forward.

SystemD is just shit and made by people who are assholes. They may never snap and do a horrible crime but the economic cost to the rest of us will most likely be greater than the damage Hans did to society.

No I don't condone Murder, just pointing out that it is a shame what wins in the marketplace is not always based upon what is 'best' but can be due to other factors.

Re:Get Hans

What about John McAfee? I heard he has experience actually getting away.

Re:Get Hans

[Tenebrousedge]

ReiserFS was not that great when it was under active development, and as far as I am aware while he was the first to implement some interesting filesystem features on Linux, he did not actually invent any of those concepts. The statement about XFS/btrFS is unsupportable.

Systemd has made many correct design decisions. The valid criticisms are completely drowned by people like you who don't understand the problems it's designed to solve. There's a reason why people keep inventing replacements for sysvinit.

the economic cost to the rest of us will most likely be greater than the damage Hans did to society.

We don't measure that murder in economic terms. What a foul comparison.

Re:Get Hans

[Billly+Gates]

ReiserFS was not that great when it was under active development, and as far as I am aware while he was the first to implement some interesting filesystem features on Linux, he did not actually invent any of those concepts. The statement about XFS/btrFS is unsupportable.

Systemd has made many correct design decisions. The valid criticisms are completely drowned by people like you who don't understand the problems it's designed to solve. There's a reason why people keep inventing replacements for sysvinit.

the economic cost to the rest of us will most likely be greater than the damage Hans did to society.

We don't measure that murder in economic terms. What a foul comparison.

I used to agree with you. Sysinit was designed for a computer (mini computer before being called a server) for a system with maybe 80 utilites and programs at the most. Very simplistic to do a few things and you set once and walk away for many years until the machine gets decommisioned etc.

A modern linux distro with +30,000 utilities running for example on a modern laptop is a nightmare in comparison if you need events like a laptop going asleep and waking up in a different time zone or when an apache server gets hacked and needs to quarantine itself or when a node fails in a cluster etc. Sysinit is not designed for these scenarios and Linux has hte worst ugliest scripts. NetBSD tries to do BSD to make it look cleaner but still.

Problem is SystemD is another nightmare all together. Sure you can setup stuff above in scenarios but when it fails IT FAILS BIG. The event processes are known to randomly change raid configurations during reboots, loose data, and events are difficult to debug. Sysinit is sequential even if an ugly hack of if/fi else scripts through the godzoo is not pretty you can debug it and you do not have unexecpted behavior.

Nothing scares a Network Administrator more than unpredictable behavior. Especially whose job counts on having a 99.97% uptime and a bonus only if your servers hit 99.99% uptime in their performance reviews.

OpenRC tries to be both. Ubuntu had upstart and even Apple has starteD or startD that do some event work and can handle a change like a laptop sleeping and waking up, but are not so alien and engulf.

I do not do system administration work anymore but might soon as I am applying on job sites. SystemD has me nervous as I do not want to support it from what I read here and from what colleagues have told me. Even if I have to learn it I do not like the idea my RAID or SAN might be configured one way, then when the system restarts it will be reconfigured a different way from some unknown reason that SystemD did from an event.

The more it tries to do the more work we have to figure out what it did when shit hits the fan.

Re:Get Hans

> We don't measure that murder in economic terms. What a foul comparison.

Sure we do. If we didn't the the TSA and DOD would get 100% of the Federal Budget.

Every life has value, but we have to draw lines somewhere. Even locally, you decide how much you want to spend on police and fire verses say roads or schools.

Re:Get Hans

[dbIII]

like you who don't understand the problems it's designed to solve

Which is what exactly? A single enormous codebase maintained by a generalist with little supervision instead of specific programs maintained by experts? Why is that a problem?

Re:Get Hans

[Tenebrousedge]

Why have people been trying to replace sysvinit? Why have you not bothered to research the origins and rationale for the project? I mean, it's definitely easier to rant against something if you know next to nothing about it, I suppose...

Re:Should systemd be rewritten in Rust?

Are you saying that Android has a kernel or init written in Java? You're wrong.

There was a vote

[ArchieBunker]

My understanding was there was a vote and some asshole had to break the tie in favor of systemd.

Re:There was a vote

[thegarbz]

Your understanding is basic.

By simple majority systemd had double the number of votes than upstart and further discussions and was a clear winner.
No one preferred keeping sysvinit, and everyone preferred openRC over sysvinit. However they didn't go by simple majority but rather by pairwise defeats. After pairwise defeats the only remaining options were systemd vs upstart. The "asshole" you're referring to was the chairman of the technical committee who preferred systemd in favour of upstart.

Of course systemd is more like politics and religion and everyone who doesn't like the outcome then claims that the voting system which has served well in the past is now this very one time inexplicably broken, and all people involved are assholes.

Have you considered running for public office? You'd fit right in.

Re:There was a vote

You're looking at the wrong vote. There were two votes. First, the Technical Committee ALONE decided that SystemD was the default. That was the four person vote, and only two of them voted for SystemD. A later vote was of the larger package maintainer community where the question was "Should we force package developers to use SystemD AND another init system, or just systemd alone?" That was a much larger vote, and the vote was "we're not going to require package maintainers to support multiple init systems."

For some reason, the SystemD apologists have been declaring that second vote was the one that forced SystemD on Debian, which is a flat out lie.

Re:There was a vote

still a fucking stupid vote for stupid fucked up systemd, nothinbg changes that, based on potterfuck's history, it was obviously stupid.

Douche?!

Did you just use 'douche' as an insult?! I've got HR on speed dial...

Re:Should systemd be rewritten in Rust?

you can't fix conceptual flaws with any language existing or not yet existing.

Re:Should systemd be rewritten in Rust?

[Aighearach]

The real point that professionals can read between the lines is that this code has been gone over by a gazillion haters already, and a huge number of real and potential bugs have been fixed without having been first used in exploits. This is a huge victory for systemd, and it is a strong sign that is going to be rock solid in the future.

It is the same as when we were talking about bug rates on windows 15+ years ago on here. It is exactly the same. When people focus on a system they will find its bugs. And software starts out with bugs. Any new feature starts out with bugs. And design flaws. And the features that go largely unchanged over time, but receive bugfixes, will be very solid and reliable. It doesn't matter what the starting condition was.

In the 1990s there was a thing called "Matt's Scripts," and while it was very kind and generous of Matt to write these scripts and give them away for free online, the problem was that they all contained huge security flaws. So you use this script so that people can email you from your home page, and now spammers are using your website to send spams in your name. All the scripts had these problems. He was panned all around the world, magazines wrote articles warning people not to use it, etc., etc. But Matt was undeterred. And he understood, spammers are bad. So he just listened to all the complaints, looked at their teardowns of his code, and fixed his code. It took years, really, because each fix introduced new bugs. But he wasn't adding features, he was just fixing bugs, and so even with a high bug rate, his scripts eventually became rock-solid and there were no more open bugs.

Hate cannot destroy bad code, and the virtue of Stubbornness is an absolute shield for hated code.

Re:I'm waiting for news of his death

[Aighearach]

It is true that neckbeards snarl worse than a grue, but they're not capable of physical attacks. They also can't remain outdoors for extended periods of time, so they can't stalk anybody.

Re:Should systemd be rewritten in Rust?

[hord]

You can re-write in any language you want to eliminate the design issues of the current language. You now have all the design flaws of the new language you picked plus the complexity of translating from the previous language. Best of luck.

Gentoo/Funtoo and Open RC

Stop worrying and change distros. OpenRC works fine for me.

Yes, the stories of taking days to get up and running with your fave desktop are true -- one is compiling source for everything, after all -- the package management is very good and the control and knowledge gained about how your system works is well worth it. And you can clone it to your other systems once you're reasonably happy with your setup.

Re:Gentoo/Funtoo and Open RC

You gotta "luv" Gentoo/Funtoo distros....

One-third of the repo is sort of maintained (they get around to it when they can).

One-third of the repo is rarely maintained (out-of-date code).

One-third of the repo is not maintained at all (left to rot after being added).

Both Gentoo & Funtoo impress me as distros developed and maintained by something like 3 to 5 people on a part-time basis.

Re:I'm waiting for news of his death

I've never seen someone so universally hated by such a large group. Can't be good for his personal safety.

Uh, just about every public figure has a large group (by numbers) of hardcore haters. Given how few public figures have attempted assassination let alone actual assassinations, I'm not betting on him being murdered. Honestly, I don't hold any personal ill will towards Lennart Poettering. I do think he's an agenda driven moron who speaks bullshit on a regular basis because he has a vested interest in rose-colored glasses viewing his own baby project, but then that's most developers (or scientists or politicians*). C'est la vie.

* Never attribute to malice what can be attributed to personal bias and incompetence. CBO gives your new bill horrible figures? They're biased against your beliefs! Happens on both sides of the aisle because legislators think that the world works a certain way and evil forces are hindering it, so they just need to nudge the world a certain way with a law. Obviously, rarely is that the case.

Re:Should systemd be rewritten in Rust?

[fahrbot-bot]

If bugs and programming errors that result in security flaws are a problem with systemd, would rewriting it in a language like Rust help?

There are bugs, programming errors and bad programming. Don't confuse the three.

Re:Should systemd be rewritten in Rust?

If I hear of a company marketing a supported enterprise distro of FreeBSD, I'm gonna buy stock!

How about ixsystems? They make FreeNAS and TruOS.

why are distributions using it ???

[cats-paw]

Never have I read anything positive about systemd.
and what I've read about it's design is extremely non-unixy.

so why did any of the distributions pick it up ?

Re:why are distributions using it ???

[dbIII]

Redhat own it as well as having a lot of the gnome developers on payroll. It was decided that if you want the current gnome you need systemd. Thus if other distros want gnome they need systemd.
Lennart has a blog and the office politics that were the real reason for the decision are crowed about on it. He is on the road to making linux his as far as he sees it. A bit more attention to detail or some listening to advice and it wouldn't matter.

Only because you have to pay to get the mark.

And it's quite meaningless, because you can be POSIX compliant without requiring the test mark that you have to pay to get it officially POSIX compliant.

And whether it is or not is irrelevant, since Linux IS compliant to that standard, it IS a standard, and peoterring just preferred to ignore it because it wasn't what he thought should happen when it screwed up his ideals.

Re:Should systemd be rewritten in Rust?

LOL

Thanks for the entertainment. Oh you meant it? ROFL. If you seriously think we're seen the last of the bugs in SystemD, you have many surprises waiting for you in the future.

Props for the

So he just listened to all the complaints, looked at their teardowns of his code, and fixed his code

part. I found that particularly amusing considering that's exactly what Mr LostTheFuckingPlotterling and his retarded bunch of helpers are well known for NOT doing!

Re:Should systemd be rewritten in Rust?

TrueOS aka PC-BSD (the FreeBSD fork) is a trademark of, and is sponsored by, iX Systems.

Re:Should systemd be rewritten in Rust?

[Billly+Gates]

PfSense uses it but more as a customized distro and equipment for routers and firewalls. So that is enterprise level support and I use their pfSense iso for my Hyper-V routers I use in my home lab.

They are great for offices of 100 users or less who do not want to buy a full expensive Cisco switch and router and have a guy come in and charge up the wazoo for a medium sized office. PfSense and do both layer 2 and 3.

Cisco on purpose tries to differentiate so you have to buy a switch AND a router and convinced network engineers that this is the proper way.

Thus Spake Poettering ..

[khz6955]

Systemd dies if there is no cgroup support in the kernel.

Poettering: "To make this work we’d need a patch, as nobody of us tests this"

R! /dir/.* destroys root.

Poettering: "I am not sure I'd consider this much of a problem. Yeah, it's a UNIX pitfall, but "rm -rf /foo/.*" will work the exact same way, no?"

Processes owned by a user with a leading zero in the name are started with root privilege..

Pottering: "I don't think there's anything to fix in systemd here"

Systemd kill background processes after user logs out.

Poettering: "In my view it was actually quite strange of UNIX that it by default let arbitrary user code stay around unrestricted after logout."

'I have an issue with journal corruptions and need to know what is the accepted way to deal with them.'

Poettering: "Yupp, journal corruptions result in rotation, and when reading we try to make the best of it. they are nothing we really need to fix hence."

'Poettering locked and limited conversation to collaborators on 17 Apr'

Re:Thus Spake Poettering ..

Let's not forget the time systemd exposed an issue on some machines that when the admin ran rm -rf on a directory it would brick the computer. Admittedly that was more of a kernel & hardware bug, but it was a bug that was not exposed by any other init/system software. systemd team refused to address the bug to prevent the bricking of hardware.

Re:Thus Spake Poettering ..

Yep, SystemD(eath)... the software that never ceases to entertain me!

Re:Thus Spake Poettering ..

[thegarbz]

Systemd dies if there is no cgroup support in the kernel.

WTF! Of course it does! That was one of the fundamental points of systemd. It's like saying Apache dies if you don't compile network support into the kernel, or that you can't mount an ext2fs if you don't compile ext2fs in the kernel.

Re:Thus Spake Poettering ..

[xbytor]

> "In my view it was actually quite strange of UNIX that it by default let arbitrary user code stay around unrestricted after logout."

Wow. Really, just wow. I am so happy I don't have to use Debian or any of those other systemd distros.

Re:Thus Spake Poettering ..

[dindinx]

If you don't compile network support into the kernel, no http servers can work. If you don't compile cgroup support into the kernel, systemd is the only init system that can't start. Every other init starts with no problems.

See the différence?

Re:Thus Spake Poettering ..

Quite strange! Quite strange! Why would we give the users this kind of power hm? No no, they might do things they haven't asked approval for!

Re:Thus Spake Poettering ..

[rl117]

While this post was marked "5, Funny" I personally feel it's more of a tragedy that Linux has been trashed so thoroughly by such a small group of people. If you'd suggested to me a few years back that in 2017 I'd be using FreeBSD and no longer a Debian developer I wouldn't have believed you, and yet that's where I've ended up.

Re:Thus Spake Poettering ..

You know that the 'background processes killed' was a thing for about 5 minutes? That it's an option which had a poor choice of default *which was changed almost immediately* and affected a handful of people a couple of years back.

At the time I predicted that the anti-systemd obsessives/trolls would still be banging on about it until the end of time.

Re:Thus Spake Poettering ..

I only robbed a couple of banks, and I was caught almost immediately. Now whenever I try to go into one of those banks they harp on about it. Really, they should just get over it. Bloody trolls.

no dice

There was supposed to be a bitcoin collection to get an assassin. Nobody ponied up or they got scammed. As a result, Puttering only has only been frequenting the other type of escort. SAD

Re: NSA Server Security

[Anna+Merikin]

To follow up on the lead and almost ignored first award: A long time ago I bought a Compaq Lunchbox https://en.wikipedia.org/wiki/... http://www.vintage-computer.co... in a San Francisco thrift store, looking to turn it into a portable Linux box. Curious about what files were on the drive, I discovered it booted into Windows 95, and autostarted a netwrok connection to a subdicrectory within the NSA's internet infrastructute. It signed in automatically and gave lots of access to ftp directories, too -- even root directories!

I am a hacker, not a cracker, so I didn't continue to compromise the NSA's site and went on to install Linux on it.

NSA's security has always sucked, I guess.

Re:Should systemd be rewritten in Rust?

Your post describes the methodology of 99.999999999999999% of the software industry. You only need to look at the subject of the OP and see the words "rewritten in Rust" to know what I'm talking about.

Re:Should systemd be rewritten in Rust?

[Billly+Gates]

The three are one. Security too as Windows was unstable due to its crashiness. If you can't control where the program points in ram addresses it means a hacker could plant some code and easily point it to the payload instead of a random spot to gpfault or give an IRQ_lessthan or equal BSOD. Notice how Windows got very stable when it took security seriously starting with WIndows 7/server 2008?

Bugs and errors can be fixed by good programming and design.

Hate systemd? Try Devuan or Freedora

...

title correct: named not awarded

if you rtfa you'd note their entry says, verbatim, "the lamest of vendors" so technically the headline's also true, just not what the award they received was. They were *awarded* for response. They were *named* as lamest.

Now, a headline naming the award, and not the name-calling, might have been more informative or useful, but that's another fight to fight.

That suspicion isn't like the systemd issues

[jbn-o]

I recall that being an entirely different issue from what's at issue in this /. thread. This thread concerns possibly buggy free software in need of some maintenance and review. Microsoft's patent licence for .NET core is a threat of a different kind—Microsoft's patents covering software in Mono and licensing that doesn't grant users the freedoms of free software work together to grant Microsoft the power to extracting patent royalties from free software distributors.

Re:Will never recommend Redhat as long as systemd.

Agreed. I've been a CentOS advocate for years, but as CentOS 6 EOLs, I'm looking for another distribution to migrate to.

Fork it

Actually burn it

systemd would ruin most Linux distro

Systemd is like a huge bug with some minor functionality, this whole big bug, called systemd, won't compensate for the very few conveniences it offers to the user.

I can't find any userland application which has destroyed the reputation of GNU/Linux, until systemd arrived. This systemd init wants to take control of everything, with dozens of bugs sprinkled around this init system just to make most Linux distro vulnerable to attack. Since Poettering is an employee of RH, I won't be surprised if he is indirectly under the payroll of government 3-letter agencies,, and hence indirectly paid by US taxpayers. Considering his competency in programming, I am sure he can also easily fix those bugs efficiently and effectively, but he can't do that because of orders from higher up.

Bobby Drop Tables

[dbIII]

It is dangerous to allow them to start with digits as we have seen

Only within the window of Lennart's "not a bug" and only with systemd.
He made the utter newbie mistake of not checking his inputs when there are inputs that can have dire consequences on how his code works. Now he's checking his inputs, good to see, but you defending him not checking them in the first place is not getting anything done apart from annoyance.

Re:Bobby Drop Tables

[Zero__Kelvin]

Funny. Many of the people here are criticizing him for checking, while others for not. It is almost like it doesn't matter what *they* do, someone will decide it was him and start blaming.

Re:Bobby Drop Tables

Like you, Lennart is a buffoon with a massively over-inflated ego, so there's much to dislike on all sides. I think that's the reason you've fallen in love with the guy. Two peas in a pod.

Re:Bobby Drop Tables

[0100010001010011]

At this point I'm not unsure that Zero__Kelvin isn't Pottering's slashdot account.

Re:Bobby Drop Tables

[dbIII]

No, those people are far worse than him on a bad day. Lennart has issues with criticism but not to the extent of some of the fanboys.

Re:Bobby Drop Tables

At this point I'm not unsure that Zero__Kelvin isn't Pottering's slashdot account.

As I alluded in another comment, the name "Zero__Kelvin" is on the same theme as the Lennart Poettering's domain, 0pointer.de.

Yep, Zero__Kelvin seems to be channeling him pretty well.

Re:Bobby Drop Tables

Doubtful; Zero__Kelvin has yet to twist some AC's words into a death threat, and then use it to whine about the entire FOSS community.

FreeBSD company

[unixisc]

Is iXsystems a private or a publicly traded company?

Re:Should systemd be rewritten in Rust?

[unixisc]

Changing languages isn't the answer. Security bugs can happen in any language. The design of systemd and the way they handle development is the problem. It's a bad architecture. The Linux user community is screaming this at the top of their lungs yet systemd is infecting almost every major distro.

Besides, from the Rust discussion the other day, Rust is a high level language. If one wants to write an init system, shouldn't it be written in a language close to the CPU, such as C/C++ or Assembly?

Re:Should systemd be rewritten in Rust?

[unixisc]

Even FreeBSD is owned by iXsystems, ain't it?

Cisco routers & switches

[unixisc]

Doesn't Cisco sell Layer 3 switches? That would eliminate the need for switch AND router. Also, if one uses IPv6, that should make eliminating switches even easier

McAfee

[unixisc]

Did he ever do anything in Unix? I thought that his antivirus package was Windows only

DesktopBSD

[unixisc]

Desktop BSD has been dead for a while. Did it ever get resurrected?

Why is Redhat allowing this?

[mike2006]

At this point why is Redhat or any major distro for that matter continuing with this systemd nonsense?

Does anyone in the know the inside story of what is going on within Redhat about systemd?

Re:Why is Redhat allowing this?

[gweihir]

It is difficult to say which it is, but here are a couple of possible reasons:

- Linux was getting too hard to hack and the intelligence community is pushing for systemd to fix that by having a known incompetent in charge of a critical system component
- Linux did not generate enough support revenue for Red Hat and this is intended to fix that (and to make sure people cannot just go to a different distro)
- Red Hat wants total control over Linux and systemd is their attempt to establish that by being the single source of a central component

It may also very well be a combination of these. In any case, it is targeted sabotage. I do not think Poettering is clued in though. They are just using him as a "useful idiot".

Re:Why is Redhat allowing this?

[nnet]

Gnome needs it.

Re: Should systemd be rewritten in Rust?

You have no clue what the init system does, do you? It's a very lightweight process spawning services (except systemd, which does more). It could be written in a higher level language as long as you could guarantee that the runtime system of the language was installed (or you can generate a small enough static executable of init).

Re:Should systemd be rewritten in Rust?

That's the single best troll I've seen on here in quite some time. I tip my fedora to you, Sir/Ma'am/Flipper.

Re:I'm waiting for news of his death

Butthurt. Sweet, sweet butthurt.

Trojan horse?

[pkphilip]

I wonder if systemd, pulseaudio etc are trojan horses inserted into the Linux ecosystem for nothing else but screwing things up - they work, sort of, but not very well.. they are irritating enough to significantly reduce the adoption of Linux and also to slow down the overall development of the Linux ecosystem by focusing attention on problems which could have been easily avoided. There there is of course these security vulnerabilities which open up in the strangest of places.

Of course, I have no evidence for this, but it has been a nagging suspicion.

Re:Trojan horse?

[gweihir]

I believe that is the case, but Poettering is not clued in. It seems likely that Linux became too hard to hack into, so something needed to be done. Putting a known incompetent with a huge ego and no understanding of security in charge of a critical central system component is just the ticket to do that. And it will not look like a sabotage attack either, because said incompetent will screw up security all by himself, whit zero understanding of how he is being used.

The nature of the campaign that systemd was pushed with gives further indication for that: Zero arguments technical merit, except on the meaningless surface. As soon as anybody tried to go into actual technical arguments that matter, emotional appeal, deriding of the person, portraying them as "backwards" and "anti innovation", etc. This just means that there were no good technological arguments, but a group with access to PsyOps techniques really wanted it to be pushed hard. And look where we are, they basically succeeded. Of course, PsyOps only works against incompetents long-term and there is still a core of the Linux community that actually understands technology, as exemplified by this award and the continuing resistance. Technological facts do not go away.

Re:Trojan horse?

[4partee]

Lennart Poettering === Useful Idiot.

Re:Trojan horse?

[gweihir]

Why would I believe any such moronic thing? 9/11 was just really cheap building coming back to bite them. The domino-effect of the floors is obvious. And vaccines? Why would anybody sane believe they do not work?

I take it you are a remnant of said PsyOps campaign. Know that you are a despicable waste of space and oxygen and the only way you could do something positive would be by killing yourself.

Re:Trojan horse?

And vaccines? Why would anybody sane believe they do not work?

Dunno, seems to be a thing with Devuan devs (e.g. Daniel Reurich (Centurion_Dan) calls himself an anti-vaxxer and golinux (another Devuan dev) agrees a few lines below.

You seem to prefer to believe in some PsyOps conspiracy theory (I guess either Mossad, CIA, NSA?).

As to the "why would sane people believe that": I never claimed that Devuan devs or you are sane. In fact it's pretty clear all of you have serious mental health issues.

Re:Should systemd be rewritten in Rust?

[gweihir]

I am all for that! Rewrite systemd in Rust, get all systemd experts and Rust experts into one place and then nuke it! Might make the future significantly better.

Re:Should systemd be rewritten in Rust?

[gweihir]

Indeed. But the Rust cult does not understand that. They somehow think Rust will prevent any and all important security issues and that already shows that these people have zero understanding of the problem.

Re:Should systemd be rewritten in Rust?

[Aighearach]

lol, no, I'm saying that the future will contain the day where few of these bugs are being found in it. It receives resources from RedHat. Bugs will be fixed. Bugs will be reported. Bugs will be fixed. Bugs will be reported. Bugs will be fixed.

The rate starts out bad, and gets better later. Because RedHat makes money and isn't going away.

Why don't the fanboys learn about the topic?

[dbIII]

Why have you not bothered to research

Ah there's that "research" again as if just reading a few things is that - when did that become a doubleplusgood thing instead of what it means in English?
Of course I know the reason - it's in Lennart's blog and I summed it up above - he wants to "own" linux. There's several other init projects out there, are you aware of them? Are you the one who knows "next to nothing about it" so have only fanboy bluster instead of the valid reason I'm supposed to have found via "research", which you have not done yourself?

Re:Why don't the fanboys learn about the topic?

[Tenebrousedge]

You're clearly far from objective on this issue. I'm not interested in being further baited and insulted. If you want information, it's out there. If you want to have a conversation, you can find a more respectable tone of address.

Re:Why don't the fanboys learn about the topic?

[dbIII]

I'm not interested in being further baited and insulted

Yes, it's kind of obvious that you think that's something you should do to other people and not be subjected to yourself in even the mildest form.

you can find a more respectable tone of address

Such as this of yours for example?

I mean, it's definitely easier to rant against something if you know next to nothing about it

It appears I was far more respectful than that - I asked a question leaving doubt that you are as bad as you appear and gave you an opportunity to defend yourself instead of accusations like those you made.
Go on - show you are more than the clueless fanboy with a thin skin that you appear to be. I have a thousand times more respect for Lennart who fixes some of his mistakes than some clueless cheerleader that pretends no mistakes were made.

Re: Should systemd be rewritten in Rust?

[s4m7]

Starting off by including a runtime dependency is a great way to have zero buy-in from old school admins. This was very much a part of systemd's political problem, which fed their technical ones.

So?

Apparently everything is a fundamental part of systemd

I didn't suggest it was the same issue

[HBI]

I did suggest the 'universal hate' felt pretty similar, though.

Systemd

[Tenebrousedge]

Are you trying to imply that you opened this conversation in good faith, or are you merely sorry to be detected?

I can't speak to every decision they've ever made, but the general concept of an event-driven service manager with dependency resolution is not a poor one. It's sort of ironic that 'init' was named as such, in that it led people to focus on its role in the boot process rather than the idea of state transitions. The fundamental problem of sysvinit was that it was not a kernel process and could not make any hard guarantees about things like resource usage or even whether a given PID file corresponds with the correct active process. For most purposes these defects can be ignored, but there were as I (vaguely) recall a handful of efforts over the years to introduce these things into the kernel, the latest and most successful being cgroups.

In parallel with these developments we had multiple efforts towards speeding up the Linux boot processes, often driven by efforts to introduce Linux in the mobile space. I believe notable improvements were made to things like ureadahead/sreadahead by Intel, Canonical, and Red Hat at various times. There seems to have been a fair amount of cross-pollination in that sector. There is of course nothing inherently wrong with wanting to boot faster, and starting services in parallel is the obvious initial improvement, and dependency resolution is a further obvious improvement.

At the time systemd was written, Upstart was already taking the lead in replacing sysvinit with something completely incompatible, and OpenRC was rewriting all of the common init script activities into more sensible C libraries. So then cgroups are introduced and someone has the fairly sensible idea that they should write a service manager to use them. At this point, it makes little sense to try and introduce cgroups to sysvinit, Upstart didn't have a great dependency model, and OpenRC didn't have a strong interest in parallel boot. So if you're going to do this at all, it makes sense to try to use all the nice features you can. We should also mention both Solaris and OSX having replaced sysvinit by this time as well; Linux was to some degree catching up to the commercial Unixes in this regard.

Now, while all this was going on, there were a large group of developers and sysadmins who were making lots of things with Bash, Perl, and Unix, and making pots of money doing it. The art of the scriptable operating system was refined and perfected. In a sense, sysvinit fell victim to its own success, since it worked so well that anything which intended to replace it had to head off in a completely different direction.

The narrative since then depends strongly on your point of view. Upstart has gone to a rather unlamented grave alongside Mir and a long list of other things Canonical has attempted to foist on the wider community. OpenRC remains a good option. It supports many of the same features that systemd does, but as optional elements as they have always been committed to multi-platform support. As a project designed around a Linux-kernel-only feature, systemd has had no reason to consider that. Sysvinit is hopefully no longer struggling to find maintainers, but there's not really any danger of it becoming popular again. Younger developers have other scripting languages that they like better, and everyone seems to be in a hurry to virtualize and containerize all the things -- which I'm sure that you've been around long enough to find ironic, but nevertheless it does not seem to be slowing down. Systemd appears to be doing better at keeping up with whatever the Cloud wants at any given moment (for better or worse).

I'll omit discussion of other features (binary logs, e.g.) unless you have some particular grudge against them. I generally don't mind the idea of establishing a common plumbing layer as long as their internal API is stable and well-documented, and I've not seen evidence otherwise. I do find these recent bugs to be concerning, but not so much so as to condemn the projec

Re:Should systemd be Yesrewritten in Rust?

You're fine then. Rust won't be around long.

Who benefits from SystemD? Red Hat? Microsoft?

[Futurepower(R)]

"Systemd, the ever growing cancer that seeks to subsume the entire Linux userland..."

Who benefits from SystemD destructiveness? Red Hat's consulting? Microsoft?

Linux does seem to be moving in the direction of destroying itself. Stories:

9 Lethal Linux Commands You Should Never Run

The top 5 problems with Linux. Quote: "... the community is vastly divided by tribal identity."

Major Linux Problems on the Desktop, 2017 edition

Start with systemd sucks

[whitroth]

I've come to have a number of issues with that piece of crap.

"A start script is running..." with no timeout, and no clue what's having an issue, and NO WAY to get to the moronic "journal that must absolutely be binary, (to save space?)" because it's still booting.

And targets and services and wants, oh, my. And DBUS all over the freakin' place.

Oh, but it starts SO MUCH FASTER!!! And this matters on *anything* but a laptop or mobile? Why force inappropriate crap onto desktops, workstations, and servers?

And with as much as possible running in parallel during boot, it massively makes it more difficult to debug a boot problem (y'know, like the bloody hour and a half I spent last Thursday on a major server?).

I continually wonder how much M$ paid him, and RH, to make Linux start to look like WinBlows.

That's two different scripts

[dbIII]

That's two different scripts with very different syntax.

Re:I'm waiting for news of his death

[TheDarkener]

Hey, I resent that grue remark.

Oh, shut up

[TheDarkener]

I'm sick and tired of the, "Oh, systemd sucks, move to *BSD!" Fuck you. Just get rid of systemd.