Systemd Named 'Lamest Vendor' At Pwnie Security Awards

Long-time Slashdot reader darkpixel2k shares a highlight from the Black Hat USA security conference. The Register reports: The annual Pwnie Awards for serious security screw-ups saw hardly anyone collecting their prize at this year's ceremony in Las Vegas... The gongs are divided into categories, and nominations in each section are voted on by the hacker community... The award for best server-side bug went to the NSA's Equation Group, whose Windows SMB exploits were stolen and leaked online this year by the Shadow Brokers...

And finally, the lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement: 5998, 6225, 6214, 5144, and 6237... "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message," reads the Pwnie nomination for Systemd, referring to the open-source project's allergy to assigning CVE numbers. "But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"
CSO has more coverage -- and presumably there will eventually be an official announcement up at Pwnies.com.

Already been closed

[NoNonAlphaCharsHere]

Marked NOTLAME, WONTACCEPT, closed.

Also, lameness filter.

Re:Already been closed

[AmiMoJo]

I know I've defended Poettering in the past, but lately I've come to think that he is a right pillock. systemd badly needs somehow who understands security and who can get these issues the attention they deserve.

Re:Already been closed

Too bad there isn't some other init system that has been tested for decades and is rock solid we could use instead... Wait! there is!

Re:Already been closed

Seriously though, why the Debian tag? Surely Redhat would be more appropriate in the circumstances?

Re:Already been closed

[TemporalBeing]

OpenRC has only been around for ten years, not decades. Sorry if you've confused sysvinit for something other than an unmaintained pile of trash. It's been dumped by every commercial Unix and the vast majority of all others. You don't understand where service management has been heading for the last thirty years, nor why.

that's still longer than the crapshoot that is systemd

Re:Already been closed

[arglebargle_xiv]

Too bad there isn't some other init system that has been tested for decades and is rock solid we could use instead... Wait! there is!

smss.exe? Will that run under Linux?

Re:Already been closed

[gweihir]

Excellent! Perfectly right on the mark.

Re:Already been closed

[gweihir]

Well, if systemd had somebody with the experience, insight and personality needed for such a job, there would be very little resistance to it. It would stay an init-system and not try to assimilate everything else. Security and reliability would be taken seriously. IT would make things less complex instead of more so. But unfortunately, what we have is Poettering with just enough smarts to do real damage, a hugely inflated ego and zero capability to learn or listen to advice.

I think there is no hope for systemd. It needs to die before this mess can be fixed. While that takes place I will stay away from it. At the moment, Debian still works nicely with sysVinit, and I expect that will not change.

Re:Already been closed

[gweihir]

Surprisingly, SMF, for example, can still work perfectly fine with classical init scripts. I think you mistake badly what is happening.

Re:Already been closed

[gweihir]

They are the traitors that fell to Red Hat infiltration.

Re:Already been closed

[AmiMoJo]

systemd does have many benefits. What is needed is a fork, that by virtue of being so much better eventually becomes the primary version.

Re:Already been closed

[Sarten-X]

Oh good... It's been days since I got involved in a holy war.

The problem with the inferred reference to sysvinit is that sysvinit is very labor-intensive for development. It's perfectly fine if all of your other software and systems are also rock-solid, but its simplicity puts a lot of work on the init script's author to not just define, but actively check prerequisites for service availability. The onus is also on the software author to handle service crashes and restarts gracefully, unless the inittab is used - but that doesn't have the flexibility of scripts.

Yes, sysvinit has been around for decades and is good enough for people who've spent decades getting used to its quirks, and running software where someone else has already put in the effort to make it work. Unfortunately, in environments like my company's product, where our software has to run different services based on what network resources are available, that architecture leads to a lot of complicated scripting and dependencies on other tools.

Back when a Unix system only needed a few services, and they were expected to run constantly in a controlled environment, sysvinit was fine. Now that Linux runs in practically every environment imaginable, the whole system needs to be designed with flexibility in mind. Systemd certainly isn't the only solution, but it's still better than what we had.

Re:Already been closed

[nnet]

Mrs. Douglas flees back to NYC and leaves Mr. Douglas alone to tend the farm. Soon, Arnold the pig moves into the Douglas homestead and they lived happily ever after.

Re:Already been closed

[ebvwfbw]

Only defend someone worth defending. They're right, he's lame. The whole default to root thing on boot, and his attitude towards that. And so on.

Some people think he's just crazy. Not in a good way.

Re:Already been closed

[chihowa]

Systemd, the init system, is workable and has welcome improvements over sysvinit scripts. (Along with the other replacement init systems, even though I'm partial to the init scripts myself.)

Systemd, the ever growing cancer that seeks to subsume the entire linux userland, is a clusterfuck and the source of almost all of these security issues. Init system have no place enforcing arbitrary username restrictions, handling domain name resolution, or making network time calls. Having the entire thing depend on a system-wide, constantly changing, the-implementation-is-the-documentation protocol is not a welcome improvement to the state of things.

Re:Already been closed

[next_ghost]

systemd badly needs somehow who understands security and who can get these issues the attention they deserve.

Anyone who fits that description already knows that systemd is an overengineered clusterfuck that should be avoided like the plague.

Re:Should systemd be rewritten in Rust?

Changing languages isn't the answer. Security bugs can happen in any language. The design of systemd and the way they handle development is the problem. It's a bad architecture. The Linux user community is screaming this at the top of their lungs yet systemd is infecting almost every major distro.

Misleading title

[markdavis]

>"Systemd Named 'Lamest Vendor' At Pwnie Security Awards"

I have no great love of Systemd, but that headline is misleading. The award was the "lamest vendor RESPONSE." But, you know, it is all the rage to have intentionally misleading headlines to grab even more attention than deserved.

Re: Misleading title

[whitlocktj]

To be honest, not much of a difference in this case. When someone epically falls on multiple accounts with their response to horrendous bugs, I'd consider them to be the 'lamest vendor' Your post is overrated in that you're distinguish between something that has very little difference in this case.

Re: Misleading title

Remote root compromise isn't serious? I have never, I mean ever, seen anyone hunker down and suck so quickly and enthusiastically as Zero__ does on Poettering, and I'm homosexual.

And yes, that is one of the four bugs listed. Any confusion in linking the bugs to the appropriate CVE is, again, entirely Poetterings fault and part of the reason he got the award.

Re: Misleading title

[Zero__Kelvin]

No. A remote exploit can be found in a lot of software. It would be horrendous if it was obvious or they refused to fix it, but neither of those things are true.

Re: Misleading title

[Barsteward]

I would have thought the best way for the those that didn't like/understand systemd to make their point would have been to produce an exploit related to the "init" function of systemd.

Re: Misleading title

[Barsteward]

Perhaps you should read all the way down to the bottom of that link, it might more sense to you.

Re: Misleading title

[Zero__Kelvin]

It isn't a root exploit.

Re: Misleading title

[Zero__Kelvin]

You don't understand the bug at all do you. You have to be root to get the process to run as root. You also have to create a user that doesn't exist and an invalid username. Off you go now ...

Re: Misleading title

[Zero__Kelvin]

Stop looking in the mirror. Problem solved.

Re: Misleading title

[DamnOregonian]

I knew as soon as I saw this thread, I would hear the sound furious slurping coming from you in desperate attempt at defense of your pet project's great leader.

Of course someone who disagrees that a bug is a bug disagrees about whether or not it should be called a bug, and treated as such outside of his control.
Unfortunately for him, and his favorite fellatrix, he's wrong. His bugs are bugs, whether or not he marks them WONTFIX or NOTABUG or otherwise.

Have you noticed that you attack every single disagreement with your assertions that are never backed up with any facts whatsoever with, "read the link stupid!"
And then you ignore when someone jumps up and informs you that you're illiterate, or didn't read the link yourself.
Every time. Tell me, is it pathological?

2 post so far marked Troll. Carry on, soldier. Poettering will never tire of your services.

Re: Misleading title

[DamnOregonian]

A fascinating claim from the only person in this thread morderated as a troll... much less morderated twice as a troll.
The dripping irony. Can trolls not see their reflection in mirrors?

Re: Misleading title

[Zero__Kelvin]

Dude, we get it. You are a troll who doesn't understand that it was a theoretical problem with no chance of happening in production, that required a completely incompetent sysadmin to create a custom unit file with a service owner starting with a digit, which no distribution has ever done in the history of Linux. You don't have to keep stressing your incompetence. We figured that out when you couldn't create a Slashdot account. Thanks for the Lulz though!

Re: Misleading title

[Zero__Kelvin]

Hi same guy posting again to try to make it sound like he isn't a lone troll!

Re: Misleading title

[Zero__Kelvin]

Yes genius.You have enlightened me. I just found a vulnerability in every program written in C! A user could add vulnerable code and recompile and a hacker could then, if he just knew that was done and to which one of the millions of systems it was done, exploit it!

Re: Misleading title

[Zero__Kelvin]

BTW - I have known what you were doing the whole time. You have mod points and have been trolling so you can mod me down each time, thinking that will shut me down. I was letting you screw yourself over, as Slashdot has heuristics to detect that. I wouldn't expect to get mod points for a LONG time :^)

Fuck linux and systemd

Use FreeBSD, no systemd and technically a truer Unix than linux anyways.

Re:Fuck linux and systemd

FreeBSD is superior in many other ways too: Performance, ZFS (a category of its own), packaging, stability, kernel code quality. I only use Linux now when I have to (like some SoC vendor with piles of Linux only drivers).

Re:Fuck linux and systemd

[ArchieBunker]

Sadly nobody can write clean code anymore. I come across plenty of stuff that gives tons of errors when compiled on *BSD or even AIX (with GNU tools in both cases) that compiles without issue in Linux. I'm not a comp.sci major so I have no clues as to why it never works.

Re:Fuck linux and systemd

[aardvarkjoe]

Sadly nobody can write clean code anymore. I come across plenty of stuff that gives tons of errors when compiled on *BSD or even AIX (with GNU tools in both cases) that compiles without issue in Linux.

"Write once, run everywhere" is not as easy as you might think to accomplish in C for complicated software. If the developer is targeting Linux systems, and it works without problems on Linux, then you can't really fault the developer if it doesn't work without changes on another OS.

Re:Fuck linux and systemd

[fnj]

What the fuck are you babbling about, schmuck? FreeBSD has an excellent binary package system with automatic dependency resolution: pkg. The user doesn't need to compile source from ports except if he wants something to be built with unusual options (same as linux, incidentally). All you need is "pkg install foo" and it will fetch the package foo and all its dependencies from the repo and install it.

Re:Fuck linux and systemd

[unixisc]

And that's made even better by TrueOS's PBI utility

Re:Fuck linux and systemd

[gweihir]

Oh, quite a few people can still write clean code. It is just that the FOSS community had a large influx of people with huge egos and small skills in the last decade or so. Many of them learned their trade on Windows and they think what they do is professional and normal.

Re:Fuck linux and systemd

[Aighearach]

If everything they needed is in ports, are you sure they even needed a computer?

Re:Fuck linux and systemd

[fnj]

PBI packaging was sent to that happy packaging ground in the sky some time ago. Before PC-BSD was renamed TrueOS, IIRC. BTW, warden has been canned, too.

Re:Fuck linux and systemd

[fnj]

Have some more pot and go back to sleep.

Re: Fuck linux and systemd

[rl117]

As of today, there are 26816 ports. It's up there with Debian in terms of the quantity of source packages and has contained pretty much everything I use in a Debian/Ubuntu installation.

Re:Fuck linux and systemd

[Aighearach]

If the only work you can think of that uses software outside of ports is smoking pot, that says a lot about you and nothing about the subject at hand.

No words.

[0100010001010011]

You have got to be fucking kidding me: systemd can't handle the process previlege that belongs to user name startswith number, such as 0day #6237

And what's worse is Pottering's complete lack of UNIX awareness.

Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create it in the first place. Note that not permitting numeric first characters is done on purpose: to avoid ambiguities between numeric UID and textual user names.

Somehow FreeBSD doesn't have an issue:

[root@freenas2 ~]# adduser
Username: 0day
Full name: 0 Day
Uid (Leave empty for default):
Login group [0day]:
Login group is 0day. Invite 0day into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash git-shell netcli.sh ksh93 mksh zsh rzsh scponly nologin) [sh]: bash
Home directory [/home/0day]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]: no
Username : 0day
Password :
Full Name : 0 Day
Uid : 8001
Class :
Groups : 0day
Home : /home/0day
Home Mode :
Shell : /usr/local/bin/bash
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (0day) to the user database.
Add another user? (yes/no): no
Goodbye!
[root@freenas2 ~]# su - 0day
[0day@freenas2 ~]$ id 0day
uid=8001(0day) gid=8001(0day) groups=8001(0day)

His failure to understand POSIX has shown up in the past as well: tmpfiles: R! /dir/.* destroys root #5644 with Pottering's amazing comment of:

I am not sure I'd consider this much of a problem. Yeah, it's a UNIX pitfall, but "rm -rf /foo/.*" will work the exact same way, no?

It's not like you couldn't take 5 seconds to test that:

root@m6700:~# mkdir /foo
root@m6700:~# touch /foo/.test
root@m6700:~# mkdir /foo/.test2
root@m6700:~# ls -lah /foo/
total 12K
drwxr-xr-x 3 root root 4.0K Jul 29 14:04 .
drwxr-xr-x 25 root root 4.0K Jul 29 14:04 ..
-rw-r--r-- 1 root root 0 Jul 29 14:04 .test
drwxr-xr-x 2 root root 4.0K Jul 29 14:04 .test2
root@m6700:~# rm -rf /foo/.*
rm: refusing to remove '.' or '..' directory: skipping '/foo/.'
rm: refusing to remove '.' or '..' directory: skipping '/foo/..'
root@m6700:~# ls -lah /foo/
total 8.0K
drwxr-xr-x 2 root root 4.0K Jul 29 14:04 .
drwxr-xr-x 25 root root 4.0K Jul 29 14:04 ..

Re:No words.

It is almost as if the concept of "be conservative in what you do, be liberal in what you accept" is useful in graceful handling of errors. I mean, not as if someone said it in the past who had any importance.

Re:No words.

[Bearhouse]

From one BSD neckbeard to another; well played sir

Re:No words.

[Moridineas]

From the github link for the deletion problem:

poettering locked and limited conversation to collaborators on Apr 17

Hahahaha

Re:No words.

[ArchieBunker]

POSIX compliance aside, there is no reason why having a username starting with a number should cause issues with ANY operating system.

Re:No words.

[aardvarkjoe]

Linux is not POSIX compliant; and never will be. So, more than half of your rant is irrelevant.

Where Linux distributions (sans systemd) are not POSIX compliant, there's generally a stronger reason than "Poettering can't get his head around the standards."

The differences between the LSB and POSIX are pretty minor compared to the things that Poettering is ignoring.

Re:No words.

[angel'o'sphere]

I just created a random binary digit user on my Mac. Starting with a 0 ... no problem.
AFAIK user names only need to be type able on a keyboard ...

Re: No words.

[aardvarkjoe]

Except of course that this very bug has been fixed for weeks now, as havevall tje other bugs listed.

Yes and no. They did fix the security problem by having the unit file error out if the username starts with a digit. So at least they're no longer randomly running things as root.

But they still haven't fixed the problem that systemd won't accept valid usernames. As far as I can tell, that is 100% an ego thing -- they won't admit that having systemd have its own username validation rules is a mistake.

Re:No words.

[CanadianMacFan]

The computer doesn't give a damn what the user name is. From a user friendliness point of view it certainly helps things if you can't create user names that don't start with a number. I'm sure that there other reasons but I can see some idiot doing the following.

Person creates an account with the user name "501" that gets assigned the user id 506. Sometime later on the account associated with the user id 501 is deleted. When you do an `ls -l` in a directory that contains files from both users the output is going to show the username 501 and the user id 501 because it won't know what user name to display. So how is the user going to know which files belong to who at a quick glance. Of course you use the `ls -n` command but the idiot who creates an account with a user name that could be confused with a user id won't know that.

Re:No words.

[khz6955]

"rm -rf /foo/.*"
"rm: refusing to remove '.' or '..' directory: skipping '/foo/.'"

Unfortunately if you pass .* to 'chmod -R', and run it as root, it will walk up the directory tree and mangle all the system directories. not the behavior I was expecting :)

Re:No words.

[aardvarkjoe]

That is, at best, an argument for not allowing all-numeric usernames. It's not a valid argument against usernames like "0day", which can't be misinterpreted as a user id.

Re: No words.

[aardvarkjoe]

What the FUCK are you talking about? Never mind, you made it pretty clear you don't know.

Another quality post from our resident Poettering fanboy!

You want to enlighten us as to what part of my post you think is wrong, so I can correct you?

Re: No words.

[aardvarkjoe]

I'll just pick the obvious one: systemd accepts valid usernames.

Apparently you seem to think that repeating a falsehood over and over makes it true. Are you actually Donald Trump?

Re: No words.

[Zero__Kelvin]

You spelled fact wrong

Re: No words.

[0100010001010011]

It is dangerous to allow them to start with digits as we have seen

Systemd aside is there any danger? Or is the danger in using usernames that start with a digit systemd?

Most distributions follow this safe rule.

Who is 'most'? On Ubuntu 16.04:

root@m6700:~# useradd 1day
root@m6700:~# id 1day
uid=1003(1day) gid=1003(1day) groups=1003(1day)
root@m6700:~# id 0day
uid=1002(0day) gid=1002(0day) groups=1002(0day)
root@m6700:~# useradd -u 2002 2001

That works just fine.

Re:No words.

[TheSunborn]

Well, Systemd did exactly that, which is the problem. It kept the part of the input which was valid(The 0, thus running with pid=0) and then ignored the rest of the invalid input.

"be liberal in what you accept" is a horrible concept, because it makes it impossible to ever have a standard, without breaking half of the current uses, because they then depend on undocumented implementation specific error handling which is impossible to implement for others.

Just look at ns4 and internet explorer 5/6. Because they accepted anything with tags as some kind of valid html, all other browsers had to implement the same rules for handling tag soup,
For example: Did you know that chuck norris is a color code? (Google it :)

Re: No words.

[aardvarkjoe]

Again, systemd does the safe and sane thing here.

Let's see -- systemd's incorrect username validation caused a privilege escalation here. Yeah, real safe and sane, guys.

The actual correct implementation -- permit any username that the system allows to be created -- suffers from no such problems. As such, it is the safe and sane thing.

Re: No words.

[dbIII]

With respect you can even use a text editor to add a user or change the username, it's introduction to *nix territory. There's no point quibbling and Lennart is now checking for valid inputs instead of just blaming the "tool" that creates inputs he did not expect.

Re: No words.

[0100010001010011]

I tried CentOS. I went to the source.

I downloaded the latest ISO they had. I did a fresh clean install.

It let me use 0day as the install user.

http://imgur.com/a/8PZcS

It then allowed me to login with it. With zero problems.

It then allowed me to do this:

[root@centos ~]# cd
[root@centos ~]# adduser 1day
[root@centos ~]# adduser 2day
[root@centos ~]# useradd 3day
[root@centos ~]# useradd 4day
[root@centos ~]# id 1day
uid=1001(1day) gid=1001(1day) groups=1001(1day)
[root@centos ~]# id 2day
uid=1002(2day) gid=1002(2day) groups=1002(2day)
[root@centos ~]# id 3day
uid=1003(3day) gid=1003(3day) groups=1003(3day)
[root@centos ~]# id 4day
uid=1004(4day) gid=1004(4day) groups=1004(4day)
[root@centos ~]# uname -a
Linux centos 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[root@centos ~]#

So now I know you're full of shit. Name one distribution that does that, let alone a 'most'. Fuck at this point take a screenshot of any OS throwing an error trying to add a 0day user. You piqued my interest enough to download OpenIndiana and see what Solaris thinks.

but if you read the bug you would already know that adduser and useradd disagree on the acceptability of said username

No, I read what Pottering said. But time and time and time again his actual knowledge of how things work is completely wrong (See the rm -rf /foo/.*).

Systemd is turning out to be the Theranos of Linux with Pottering at the helm sounding more and more like Elizabeth Holmes every day. It's like he makes it up as he goes.

Re: No words.

[somenickname]

The adduser tool uses a regex to screen valid user names. It's a configuration variable called NAME_REGEX. If you try to add a user that doesn't conform to that regex, you'll get an error like:

adduser: Please enter a username matching the regular expression configured
via the NAME_REGEX configuration variable. Use the `--force-badname'
option to relax this check or reconfigure NAME_REGEX.

However, the useradd utility has no such restrictions and will happily create just about any user name. Various tools may use adduser or useradd and different sysadmins may also be more familiar with one tool or the other. If a user puts in a request to have his username be 0day, it's a coin toss as to whether or not it will be an acceptable username. This is not a "you need root to gain root" kind of bug, this is a "you need to fool a human/script into doing something that you know will compromise the system" kind of bug.

I understand the systemd is bug is "fixed" now but, Lennarts response to it certainly warrants the award he received.

Re: No words.

[somenickname]

Actually, on Debian 9, "adduser 0day" will fail with an error that it doesn't match the NAME_REGEX in /etc/adduser.conf. The useradd utility has no such restrictions though. It wouldn't surprise me if the NAME_REGEX in Debian 9 was specifically crafted to avoid systemd misery. Fool me once and all...

Re: No words.

[0100010001010011]

I'll be damned. Is it commented out by default?

It looks like NAME_REGEX is an optional check and commented out by default on my 16.04 install. CentOS doesn't even have one installed.

I pulled it's from the source: https://alioth.debian.org/anon... and it's commented out.

cb2d8d3 (Jörg Hoh 2007-06-27 21:12:38 +0000 84) # check user and group names also against this regular expression.
b2b6460e (Jörg Hoh 2009-09-07 21:20:22 +0000 85) #NAME_REGEX="^[a-z][-a-z0-9_]*\$"

And appears to have been added as a thing of convenience, not a hard rule:

commit b2b6460eab2b2bc514ffe45f5b8abca32b47fafc
Author: Jörg Hoh

        fix 520586: allow underscores again in usernames

diff --git a/adduser.conf b/adduser.conf
--- a/adduser.conf
+++ b/adduser.conf
@@ -84,2 +84,2 @@
  # check user and group names also against this regular expression.
-#NAME_REGEX="^[a-z][-a-z0-9]*\$"
+#NAME_REGEX="^[a-z][-a-z0-9_]*\$"

commit ccb2d8d37f6a09e0958a0e8b5bc8bc36372078a4
Author: Jörg Hoh

        Adjusted documentation to NAME_REGEX
          * added default value to /etc/adduser.conf
          * NAME_REGEX also applies to group names

diff --git a/adduser.conf b/adduser.conf
--- a/adduser.conf
+++ b/adduser.conf
@@ -82,0 +84,2 @@
+# check user and group names also against this regular expression.
+#NAME_REGEX="^[a-z][-a-z0-9]*\$"

Re: No words.

[somenickname]

It's commented out by default on Debian but, in a way that leads me to believe the commented out value is the default value:

$ grep NAME_REGEX /etc/adduser.conf
#NAME_REGEX="^[a-z][-a-z0-9_]*\$"
$ sudo adduser 0day
adduser: Please enter a username matching the regular expression configured
via the NAME_REGEX configuration variable. Use the `--force-badname'
option to relax this check or reconfigure NAME_REGEX.

Re:No words.

Yes, because there's no such thing as keeping a VM or two around just for such testing, and it doesn't take 30 seconds to replace a mangled image from backup.

Re:No words.

[TCM]

You completely misunderstand what "be liberal in what you accept" means.

It doesn't mean to take any input and cherrypick single bits that you understand and ignore the rest. You rather try to parse inputs liberally, while making sure it's unambiguous in its meaning. For example, when parsing a config file, there could be more whitespace than necessary. As long as you find valid keywords in that extra whitespace, you're good to parse it liberally. When writing a config file, however, you're supposed to trim all that whitespace to a uniform scheme.

You would also be free to ignore invalid keywords to support forward compatibility.

What you shouldn't do and what being liberal doesn't mean is saying "this input would be correct to me if I threw away these letters in the keyword". That's just retarded.

Re:No words.

[gweihir]

The problem is that Poettering has reached a level of arrogance that he is unable to learn and unable to recognize anything others have done has merit. Dunning-Kruger far left side, a.k.a. "insight resistant". The technological issues resulting from that are a mere symptom. The UNIX philosophy has stood the test of time and it is a result of a myriad of failures, some of them quite like systemd in nature. Anybody dismissing it or ignoring it is not competent to build a major piece of infrastructure. The only sane way to deal with this is to stay away from the abomination he is creating. It will collapse sooner or later and at that time only those that did not go with will not suffer.

Funny thing, SMF, while hated by many Solaris admins, does this better: You can still write conventional init-scripts and hence you can easily write services that are not dependent on the init system being SMF. Because of his ignorance, Poettering is re-inventing the wheel and doing it badly.

Re:No words.

[gweihir]

I am with you here. Most websites are broken these days, because browsers will accept any crap that they can still somehow interpret. This is bad for compatibility (if the other browser has a somewhat different definition of "crap"), bad for reliability and security. It makes filtering and scanning web-pages far more complicated. It makes things not quite mainstream far harder get working. And it causes web-"developers" to mistake what a specific browser accepts for what is actually fine and correct. When you then tell them that no, their stuff is broken, they become offended because they have no clue what you are talking about.

This way, a huge mountain of technological debt has been piling up in many corporate infrastructures and in the web in general, and it becomes harder and harder to fix things, because every time you try to, some other broken things come to the surface. The only way to deal with that is to enforce the standards. Only that way can you depend on things working sanely and retain your capability to act on issues.

Re:No words.

[gweihir]

The way of the autocrat: Silence dissenting voices. He has obviously been creating his own filter-bubble for some time now.

Re: No words.

[phorm]

REALLY?

linux ~ # useradd 0intelligence
linux ~ #

Uh, nope, that works fine.

Man page:

It is usually RECOMMENDED to only use usernames that begin with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes

Emphasis mine, RECOMMENDED is NOT insists.
I recommend you learn how to read, and insist you remove your head from your ass.

Re: No words.

[rl117]

What useradd does or does not do is an irrelevance; there are many tools to create user accounts. Many of us deal with large LDAP/AD setups where the usernames don't even get created by Linux tools. So long as getpwnam[_r] return nonzero, that username is valid from the point of view of the system.

Username validation is way, way outside systemd's remit.

Re: No words.

[Zero__Kelvin]

You didn't even read the bug did you. If you did you would realize how stupid you sound.

Re: No words.

[Zero__Kelvin]

Yes, because nobody here seems to be smart enough to understand all of this AFTER it has been explained to them, but HE should know everything about everything. Newsflash: 99.9% of people didn't know or care about how this works until it became an opportunity to criticize a guy they have an irrational hatred for because he didn't know it either.

Re: No words.

[0100010001010011]

Where is it reading that default value from?

I annotated up adduser but I can't seem to find where that value is set. I even deleted the whole line from the config and it's still getting it set somewhere.

Re: No words.

[somenickname]

$ sudo apt-get source adduser
$ tar xvf adduser_3.115.tar.xz
$ cd adduser
$ grep -r -i "NAME_REGEX.*="
examples/adduser.local.conf.examples/adduser.conf:#NAME_REGEX="^[a-z][-a-z0-9_]*\$"
adduser.conf:#NAME_REGEX="^[a-z][-a-z0-9_]*\$"
AdduserCommon.pm: $configref->{"name_regex"} = "^[a-z][-a-z0-9_]*\$";

So, it has a default value in AdduserCommon.pm that can be overridden by the conf file.

Re: No words.

[Zero__Kelvin]

You can read the bug to see that you are all upset because it does what you are saying it should do.

Re: No words.

[phorm]

No, MY useradd is the same as all the other people who use one of the MOST POPULAR fucking Linux distributions out there. It's absolutely not stupid to work towards supporting such, unless you're a systemdickhead....

Re: No words.

[Zero__Kelvin]

Your version of useradd behaves the same as every other version of useradd that is the same exact version of the useradd you are using? Wow, you are a genius for being able to advance that little tautology!

Re:No words.

[nnet]

Says the guy with the sig:

I usually ignore AC's. There are too many self-important cretins hiding behind it.

If you're going to pass judgement, at least get rid of the sig.

Re: No words.

[nnet]

I haven't been paying too much attention to all this drivel, but did Lennart apologize for the mistakes he made in ignorance?
You're alleging the reason for criticism is that '99.9% of people didn't know or care about how this works', and of course Lennart is included.
So, did he apologize?

-Genuinely Curious

Re: No words.

[Zero__Kelvin]

DId he apologize? To whom? Did you read the issue linked to in the summary? Now *I* am genuinely curious.

Re: No words.

[Zero__Kelvin]

I missed one thing earlier. This is indeed a "root escalation requires root" bug. You must be root to create the unit file. People can create crazy user names all day. This *only* happens when a custom service script is created using the crazy user name as the owner of the process as described in a Unit file. It is as close to a non-issue as you can get. People are trying to make it sound like commands you run from BASH will execute as the root user. This is NOT the case.

Re: No words.

[Zero__Kelvin]

I am sorry you were unable to understand what you read, or way it behaves correctly, but that's on you I'm afraid.

Re:No words.

[gweihir]

Ignoring ACs is not a "filter bubble". ACs cannot be identified and are sniping from the shadows, like, you know, cowards. Slashdot has pseudonymity, unless you do something stupid, you cannot be identified. That means many (not all) ACs are in it purely for the trolling.

Re: No words.

[Zero__Kelvin]

Really dude ....

Re: No words.

[phorm]

No, it behaves the exact same as any other machine running the same OS Distro as me, with versions ranging back several years. Thus far distributions I have tested this includes:
Ubuntu/Mint (Current versions as I don't have any older ones kicking around)
CentOS 7
RedHat 6/7

Oh, and who does Lennart Poettering work for, well it's REDHAT, and yeah their OS happily allows me to create a username with a leading number. In fact, the only Linux OS I've been able to test that doesn't without some extra flags has thus far been (recent versions of) Debian.

But - barring some massive cranial-rectal inversion - you already knew what I was talking about behavior of useradd in various Distros and not specific binary versions, so you just want to be a prick about that. That's fine :-)

Re: No words.

[Zero__Kelvin]

That is good that you have those distros at your disposal. Now, go through them and find all the ones that have services owned by users that have a digit as the first character, or any character for that matter. Count them and write the number on a piece of paper. That number is the severity of the issue.

Re: No words.

[phorm]

Ah yes, the old "why fix this security/integrity issue, it's not that it's likely to happen" defense :-)

Re: No words.

[Zero__Kelvin]

It is already fixed. I am starting to think you aren't a troll, but just really have no idea what the situition is ATM.

Re: No words.

[phorm]

Last I read (and perhaps that has changed, but I've seen nothing to indicate thus in either the github thread nor the CVE) the "fix" was to have it error out on the username should it start with a digit, even though it was a valid user on the system. Still, killing it is DEFINITELY better than the original behavior of running as root (or most simply failing to adequately drop privileges).

Now the argument has been given (github) that privilege-dropping could be done by the application rather than systemD or that the unit files should never start with a numeric in order to be os-portable. Simply validating the existence of the user would seem to make it plenty portable, as if left-side-numeric usernames are not permitted they should not otherwise exist. POSIX (which about as close to a standard as you'll get) also seems like the standard allows for usernames starting with a numeric:

3.437 User Name

A string that is used to identify a user; see also User Database. To be portable across systems conforming to POSIX.1-2008, the value is composed of characters from the portable filename character set. The character should not be used as the first character of a portable user name.

It specifically calls out usage of a hyphen as the start of a username (likely to avoid conflicts with a flag), but nowhere limits an initial numerical character that I can see.

Now don't get me wrong, there are some things I do like about systemD - in particular the ability to create nested unit files to build derivative/custom configs without breaking the main script - but it's not just the error but the *REACTION* to the error that's sometimes quite maddening. Maybe it's just that team's way of doing things, and certainly Poettering isn't a stranger to controversial modules/changes (though I quite like Pulseaudio these days), but for F*** sakes at least own up rather than hands-up.

The first comment from P on this was essentially "oh, well this isn't a valid username dumbass" rather than "shit, our code allows stealthy privilege escalation, let's fix it".

Re: No words.

[Zero__Kelvin]

If you can tell me a single reason why you have to have a service owner by a user with a name beginning with a digit than you have an argument that the fix is bad. Given that there is NO reason for it, and NO distribution even tries to do this then you have an argument. Sure they *could* allow it, but there is no need or benefit to it. They made a good decision. You might prefer that they support the leading digit option, but not doing so is NOT a major issue,or an issue at all really.

Re: No words.

[Zero__Kelvin]

We don't disagree. To take it a step further one can use a hex editor to create *invalid* user names. I am the one pointing out that the tool used may or may not allow certain names. It is the trolls trying to say that if you can create the user name with a tool it is by definition valid. As you said, and I have been saying, the issue is much ado about nothing.

Re:No words.

[jwhitener]

I just tried on Redhat and Ubuntu and could add a user with zero in front as well. Hmm.

Re: No words.

[phorm]

Because it's a valid user on the system and there's no reason to create an artificial restriction against it. The restriction was created because originally the system f***ed up and allowed it to continue as the privileged user. I'm honestly not sure why #user was a restriction in the first place, if it was valid on the system, as a logical flow is

* Valid user on system, proceed to running as the lesser privileged account. Not a valid user, die with an error

And it apparently already does check if the user exists, so realistically adding cruft just obfuscates the issue. Most of the issues around lefthand-numerical users are due to confusion in lazy checking of a UID versus username, in the case of code that supports either.

Not supporting leading digits is not a security issue (though screwing up the implementation of such previously definitely was), but by properly validating against system-valid users it would be a non-issue regardless.

No, there isn't any distribution that I'm aware of that uses left-hand users by default. But the false premise in this is that systems will only use code that by default comes with the distribution by default, as opposed to having code which works with users the distribution allows.

Re: No words.

[Zero__Kelvin]

Ok. You still aren't getting it. Yes, it is a NEW bug. "Cannot create a service owned by user starting with a digit". Now,what would you assign for severity and prioriy of said bug?

Re: No words.

[phorm]

I love how you like to jump around trying to avoid any responsibility on the part of the devs. It's not a new bug, it's a broken fix to the original bug. But I think that now we're coming full-circle because aardvarkjoe has already pretty much captured this:
    they still haven't fixed the problem that systemd won't accept valid usernames. As far as I can tell, that is 100% an ego thing -- they won't admit that having systemd have its own username validation rules is a mistake.

After which it delved into:
* SystemD does accept valid usernames, useradd(8) is distribution-specific (conveniently ignores the fact that even the distribution of the company which employees the lead SystemD dev - RedHat - allows the number)
* Topic switch: but just because it works for you doesn't mean it's the same as others (but again, RedHat per above and also Ubuntu and derivatives, some of the most common desktop and enterprise Linux distributions)
* Topic switch: well your version might not be the same as other versions (except, again, the behavior per the common distributions regardless of version has been accepting of numerics)
* Topic switch: Well, those distributions don't come with services that run with users starting with numbers (regardless the usernames are still completely valid on those systems, and thus the application is disregarding valid OS users)
* Topic switch: Well, nobody really needs this (aka I don't know anybody who gives a f***, so why should I) so it's not really an issue
* Topic switch: Yeah, maybe it's a bug, but the old root-privilege issue was a different bug, this is a new one and not severe

Looking forward to 6 months from now where some similar issue comes up with a crafted username being used as a hidden attack vector but "hey, it wasn't our fault for trying to rewrite the entire stack - ignoring existing standards - and introducing ugly bugs in the process".

Care to switch it up again?
Actually, I'm happy with "yes it's (finally admitted to be) a bug" and agreeing that in the current state it's not of high severity. However low severity is not no severity, and we've happily obscured the underlying issue of the devs continually creating dangerously broken shit by redoing everything under the sun, being caustic towards legitimate user feedback, and generally turning deaf ear at the "good enough, IDGAF" point....

Re: No words.

[Zero__Kelvin]

I don't know if you have ever done software development, but you are the one switching up the issue. The original bug is fixed. It is lo longer possible to run a service, intending it to be owned by 0day, and have the system run it as root. There is no way to argue that bug still exists. It is closed, as it should be. NOW, someone can open a NEW bug stating that they can't run a service owned by 0day. That bug has minimal priority, and NO severity. It affects NOBODY. Some troll wants to insist "Oh my God!!! I can't do what nobody on the planet wants to do!" Nobody with any understanding of Linux gives a FUCK that a few trolls are complaining about this. All that is left for you to decide is if you want to be a troll, or a guy with a clue.

How does Debian justify using this?!

How can Debian's developers justify using systemd, considering all of these unbelievably unjustifiable problems with it? Why have they subjected Debian and its users to these flaws? Is it really just a result of the best Debian users having long ago moved to FreeBSD, leaving around only users who don't know any better?

Re:How does Debian justify using this?!

It was shoved down Debian's throat by the technical committee in a first ever usurp of power from the developers to the committee. There was not consensus on this change at all.

Re: How does Debian justify using this?!

Not only that but the vote for Systemd in Debian was a 2-2 tie and had to be overruled. Hardly a "everyone wanted Systemd" that a lot of the pro-systemd people like to suggest.

Re:How does Debian justify using this?!

Because Debian doesn't use systemd unmodified: the Debian developers taking care of the Debian packaging of systemd do *not* bow to Pottering and will patch his shit when required, no quarter given. After a while, the patches end up accepted on systemd upstream.

I don't know if the Fedora people have a second line of defense like Debian has, though. And, for the record, I have no idea why the hell there's a Debian swirl in this article, systemd came from RedHat and Fedora, *not* Debian.

As for why it is used [by Debian] in the first place: the desktop environment upstreams (gnome, kde) started depending on too much crap from systemd to just plain ignore it, and nobody stepped in to work on full replacements for at least logind and cgroup management until it was too late. Hell, people did not show up even to work on sysvinit which is easy in comparison to the work that needed to be done to replace logind... but they did show up to spew a lot of venom on the mailing lists (a lot worse than what you did in the parent post, even).

IOW, too many parasites making a pest of themselves, too little useful people showing up to do the actual work needed. I sure hope Devuan managed to gather enough useful people to get work done by now: we might be able to flow some of that work back into Debian eventually, for the betterment of all.

Re:How does Debian justify using this?!

I think that there was no consensus is what caused the technical committee to get involved. Many people were advocating for a next generation init system to replace SysV. Clearly forcing maintainers personally support all possible init systems would be worse.

The decisions that came down from the technical commitee made systemd the default init (#727708) and required that maintainers at least accept contributions for other init systems (#746715). The outcome provided for another popular system init to be supported if developer interest was great enough even if the package maintainer advocated for something else.

It's worth noting that systemd is compatible for SysV init scripts so really if the maintainer already supported SysV then they likely already had working support for systemd.

Re:How does Debian justify using this?!

Only gnome, kde's requirement on systemd is optional.
So for a Gnome's sake debian leaders chose to put their fingers into crap polluting their base system with systemd?
That doesn't sound rather technical, more like political decision.

Re: How does Debian justify using this?!

[Tenebrousedge]

Rating: pants on fire.

Re: How does Debian justify using this?!

[FrankHaynes]

Point of order: a 2-2 tie means that the motion failed to get a majority, therefore the motion fails. No further action is required.

Re:How does Debian justify using this?!

[rainer_d]

Not using systemd would have made them irrelevant.

Not that this isn't going to happen anyway, as RedHat absorbs more and more of the Linux-world and it will be increasingly difficult to do anything on Linux "un-RedHat-edly" in the coming years.

As such it has to be seen how much of a differentiation-factor an installer and some default-settings are - together with the complete lack of any kind of enterprise-features that RedHat offers. Because that's what I think Debian et.al are going to end-up being. Because I believe they're even going to adopt the package-format (RPM) and the installer.

If I need something without systemd, I just use FreeBSD. It doesn't do some things, but what it does, it does it very, very well.

Re: How does Debian justify using this?!

[thegarbz]

I'm not sure what's more impressive, that you think only 4 people voted on this decision or that you got someone to mod you up for your incorrect post.

Re: How does Debian justify using this?!

[thegarbz]

And if it was a 2-2 tie then that may have happened.

Re: How does Debian justify using this?!

[jon3k]

Looks like it was 4-4, not 2-2, right? Four for systemd vs two for upstart, two to keep sysvinit.

Re:How does Debian justify using this?!

[dbIII]

Because they want the new gnome and it's tied into systemd.

Re:How does Debian justify using this?!

[dbIII]

It's worth noting that systemd is compatible for SysV init scripts

Yes, there may be a couple of old scripts that work with systemd but I've never seen them. Have you? Can you list even a single one?
The syntax is very different.

Re: How does Debian justify using this?!

[somenickname]

You are correct, it was 8 people that voted on it and, as per the "pants on fire" link (https://lists.debian.org/debian-ctte/2014/02/msg00402.html) it was a 4-4 tie. That tie was decided by Bdale Garbee. Bdale Garbee made the decision to switch to systemd. Frankly, Mr. Garbee should be forced to hand over his Greybeard Card. He has shamed our honourable order.

Re:How does Debian justify using this?!

[gweihir]

It is two things, I think
a) The Debian tech-board has long since been infiltrated and subverted by Red Hat
and
b) You can still run Debian just fine with sysVinit. You may lose Gnome, but that is no real loss.

It will be really interesting to see what happens if they try to take away b).

Re: How does Debian justify using this?!

[thegarbz]

it was a 4-4 tie

Only if you don't understand voting systems. Read the link. It was a 4-2-2 in favour of systemd. By pairwise elimination it ended up 4-4 in a case of Systemd vs Upstart which is the tie bdale needed to end.

If he'd voted the other way, you'd be here saying the same thing and bitching about upstart which had it's own share of detractors, not to mention that people don't understand the system as it is so we'd have a list of slashdot commenters asking why Debian is using an init system which only got 2 out of 6 votes.

The world is full of voting systems each with their own benefits and downsides. In many of them systemd would have been an overwhelming winner, including the first past the post systems so favoured by democracy, or stacked points often used to judge popularity. But, pairwise elimination it was.

Re:How does Debian justify using this?!

[nnet]

Splunk.

Re:How does Debian justify using this?!

[dbIII]

Well, named is a start but list means something else in this context. Do you have a link to a listing of that splunk startup script that apparently works on both systems?

Re:How does Debian justify using this?!

[nnet]

The init script is created after initial installation with /opt/splunk/bin/splunk boot-start, puts a sysv script into /etc/init.d and a systemd unit file that calls it into RH's systemd tree. The unit file may be added by rpm maintainer, haven't checked...

Re: How does Debian justify using this?!

[jon3k]

Sorry I was referring to their first choice. Unless I'm misreading this:

4x D U O V F (bdale, russ, keith, don)
F U D O V (steve)
U D O F V (colin)
F V O U D (ian)
U F D O V (andi)

4 people had it as their first choice, 2 as their 3rd, one as their second and one as their 5th. So only 4 of 8 people picked that as the best option. Right?

Re: How does Debian justify using this?!

[Tenebrousedge]

I mean, yes, but that's not how they were actually counting the votes, so I have trouble seeing the relevancy. If they had been counting the number of people who picked it as their first option, systemd would have had an easy plurality. The entire point of this voting method in the first place is that viewing things in that way is not very fairly representative of people's opinions.

Re: How does Debian justify using this?!

[jon3k]

I guess my point is only half of the group believe systemd to be the best choice. The point of the voting system is to come to some kind of consensus, which I understand.

Re: How does Debian justify using this?!

[Tenebrousedge]

With respect, I do not think you actually do understand. It's not "some kind of consensus," the voting system is designed for a very specific kind of consensus, which avoids the error that you're very keen on making. This is sounding very like motivated reasoning.

Yes, it would be more unfair if systemd had been chosen by a simple plurality vote, especially with a small plurality. They used a system which accounted for that: your objection is invalid.

Re: How does Debian justify using this?!

[jon3k]

It's entirely possible. Is the order of their vote not their order of preference?

Re: How does Debian justify using this?!

[Tenebrousedge]

Yes. But what they're after is not the first ranked choice, but the candidate which would beat every other candidate in a heads-up race. I was attempting to sort out mathematically whether it was possible to win without anyone ranking the winning candidate as their top option but I have yet to actually run the numbers. Either way, the absolute position is not as important as the relative position.

Consider a field split in thirds with one faction having a 34% plurality of the top ranking:

A B C 34%
B C A 33%
C B A 33%

Under pairwise comparison voting, A would lose despite having more people rank it first. This is a design goal of the voting method.

Re: How does Debian justify using this?!

[jon3k]

I completely understand that the goal is to reach a consensus which means you might not get your first choice. My point is just that only half of the group chose systemd as their first choice. Four people got their first choice and four people did not get their first choice.

Re: How does Debian justify using this?!

[Tenebrousedge]

I don't know how else can one tell you that your point is not relevant to the outcome of the decision or the manner in which it was conducted. I do not believe you are being terribly objective here.

Re: How does Debian justify using this?!

[jon3k]

I'm not how else I can tell you that I understand it's not relevant to the outcome. What it illustrates is individuals preferences.

Re: How does Debian justify using this?!

[Tenebrousedge]

You are intentionally viewing this topic in a biased manner after this bias has been demonstrated to you both verbally and mathematically. I believe this conversation is at an end. Good day.

Re: How does Debian justify using this?!

[jon3k]

I cannot figure out how you still don't understand this. My only guess is willful ignorance at this point.

Only four people's first choice was systemd. That is a simple fact.

Re: How does Debian justify using this?!

[Tenebrousedge]

Your argument is almost exactly identical to someone saying, "But Hillary won the popular vote!" That's not what counts. That's intentionally not what counts. Your side lost, get over it.

Re: How does Debian justify using this?!

[jon3k]

That's a pretty poor attempt to deflect from a simple fact that you cannot refute. Only half the people believed systemd was the best option. Deal with it.

Re: How does Debian justify using this?!

[Tenebrousedge]

If you don't like the comparison you should not use the same argument. No one is trying to refute your point, it's just as relevant to the topic as the price of tea in China. Why don't you find an adult and have them explain this to you.

Re: How does Debian justify using this?!

[jon3k]

If you're too simple to understand why that matters, there's no use arguing with you.

Re:Should systemd be rewritten in Rust?

[HanzoSpam]

If I hear of a company marketing a supported enterprise distro of FreeBSD, I'm gonna buy stock!

Xinuos OpenServer 10

So it sounds like you want Xinuos OpenServer 10:

Xinuos OpenServer 10 is a 64-bit operating system based on the popular FreeBSD and designed to support business applications within an enterprise environment.

It should be noted that Xinuos also offers SCO UnixWare and SCO OpenServer. Even sco.com now goes to their web site. What's funny about this is that it wasn't SCO that ultimately harmed Linux to the point of it being unusable. It turned out to be the Linux community itself that made Linux unusable by including systemd! And now it is what could be seen as a successor to SCO that's providing relief from how the Linux community has ruined Linux!

What a world we live in!

Re:Xinuos OpenServer 10

Xinuos is more or less what is left (Oracle has another division, I believe) of the Tarantella people, not the SCO that was suing everybody.

Re:Xinuos OpenServer 10

[unixisc]

An interesting aspect of this is that Xinuos, as the successor to SCO* - the company that inherited UnixWare and w/ it System V Unix IP, has decided to fork off FreeBSD - a BSD project - instead of continuing on System V. That really demonstrates that the System V branch of Unix is for all practical purposes dead. Xinuos just does support work on the legacy SCO Unixes, but beyond that, drives companies towards FreeBSD. Oracle just supports Solaris on legacy SPARC hardware, but otherwise, pushes Oracle Linux. All the other Unixes that were based on System V are dead.

Re:Xinuos OpenServer 10

[unixisc]

Actually no! Tarantella was acquired by Sun shortly after it spun off SCO, and it didn't have the OSs - it had some utilities like IIRC OpenVision and some NFS like software.

Xinuos was the successor company to SCO, Inc, after it filed Chapter 7. They inherited whatever legacy assets SCO had, as well as any customers, but started w/ a FreeBSD fork for enterprises. No idea whether their management has anything in common w/ that of SCO, Inc.

Re: Xinuos OpenServer 10

[s4m7]

Netcraft confirms... System V is dead.

I seem to remember Miguel de Icaza ...

[HBI]

Back in the days when Mono was considered a submarine way to give Microsoft control over Linux, there was such universal hate then.

Re:I seem to remember Miguel de Icaza ...

Well Icaza did split the DE world down the middle, and is currently working for MS, so who really knows...

Re:I seem to remember Miguel de Icaza ...

[Billly+Gates]

Mono is alive and well. It is part of .NET core which Visual Studio is using to port itself to Linux. MS Code editor already is on Linux and MacOSX using .NET core with a few mono libraries.

Re: I seem to remember Miguel de Icaza ...

[spongman]

Vscode is written in JavaScript and uses the electron runtime.

Ax Handle Sodomy

I wonder how Poettering and Sievers feel about involuntary ax handle sodomy? Because that's what needs to be done. Each needs to be spread eagled and chained to a fence rail. Then everyone who has issues with systemd will be allowed five minutes with an ax handle and an those unlubricated rectums to teach those boys a lesson.

Not fair you say? Well how many thousands have they themselves sodomized with systemd?

Re:Ax Handle Sodomy

Funniest post for the past several weeks. Thanks for laugh.
But I guess that won't be punishment, they'd love it and would ask for more.

Why not OpenBSD?

[Ungrounded+Lightning]

Use FreeBSD, no systemd and technically a truer Unix than linux anyways.

Why do you mention Free rather than Open? (Or Net, for that matter?)

Seriously: I was looking at porting a project from Ubuntu 14.04 LTS to OpenBSD rather than later Ubuntu releases for security (and licensing) - at least in part because 14* to 16* or later means going to systemd and trying to security audit it looks like a nightmare. The obvious candidate was Open, because of its security tightness and because it's just supporting one embedded app on one particular hardware platform, so not having the whole kitchen sink of drivers and apps isn't an issue.

Is FreeBSD just a better match for what you're doing? (Laptop?) Or is there something else I should be looking at when picking a distribution?

Re:Why not OpenBSD?

Different goals of the platforms.
FreeBSD wants to be a well-rounded general usage OS
OpenBSD wants to be the pinnacle of security and is willing to throw everything out to achieve that goal
NetBSD wants to be ultra-portable
Dragonfly wants to be a high performance highly scalable and even distributed OS

Re:Why not OpenBSD?

[Curupira]

OpenBSD is undoubtedly safer, but FreeBSD is generally considered to be updated more often and better to use as a desktop/laptop OS. In fact, there is TWO desktop-centric operating systems based on FreeBSD: TrueOS (formerly PC-BSD) and DesktopBSD. So, if your intent is to use it in a desktop/workstation, FreeBSD is probably a better fit.

Re:Why not OpenBSD?

[hord]

I've run Open and Free. Here is my opinion:

FreeBSD - Stable and ultra fast on x86 hardware. Good for file servers, desktops, anything.
OpenBSD - Stable but not performant. Useful for infrastructure.

I really like OpenBSD. I ran it for many years and even contributed hardware to the project. That being said, the security features in it don't outweigh its performance drawbacks. Some of this is due to the security features (e.g. PID randomization slows process generation) so your choice will be workload dependent. Your hardware choices with Open will be more limited as well and you don't get stuff like ZFS. I'd experiment with both.

Re:Why not OpenBSD?

You don't have to compile shit for FreeBSD. look up the pkg command. Every package is available precompiled. Sure you can still compile from the ports tree if you like, if you need to change a compile time option. But in most cases its just a waste of time.

https://www.freebsd.org/doc/handbook/pkgng-intro.html

Re:Why not OpenBSD?

[Billly+Gates]

TrueOS is utter crap and DesktopBSD hasn't been updated in a long time.

TrueOS uses FreeBSD 12 current which is over a year awhile and reminds me of early versions of Mandrake early last decade which never quite worked or crapped out as soon as you updated.

I just tried installing it in Hyper-V a few hours ago and it won't even post in generation 1 or 2 guests. FreeBSD 11.1 no problems for both. ... however I found a bug in Xorg with the mouse having issues as soon as Mate loads up on gen 2 hypervisor just now :-( (it came out 72 hours ago so things like this are expected)

I have not tried OpenBSD so take what I have to say with a grain of salt. I would not say it is safer. The drivers are not as up to date or existent which is essential for good uptimes with supported hardware on a server. Linux unfortunately is more tested and so is FreeBSD.

FreeBSD has ZFS, dtrace, and the amazing handbook which I recommend to buy in paperback and amazing man pages which even include Unix history so it can rock for a server.

As a desktop sigh yes you need to watch youtube videos and read the handbook and spend a food afternoon to get a gui, Sudo, bash and gnuls --color, and other things a modern Ubuntu user would expect after an installation.

Re:Why not OpenBSD?

[Billly+Gates]

I've run Open and Free. Here is my opinion:

FreeBSD - Stable and ultra fast on x86 hardware. Good for file servers, desktops, anything.
OpenBSD - Stable but not performant. Useful for infrastructure.

I really like OpenBSD. I ran it for many years and even contributed hardware to the project. That being said, the security features in it don't outweigh its performance drawbacks. Some of this is due to the security features (e.g. PID randomization slows process generation) so your choice will be workload dependent. Your hardware choices with Open will be more limited as well and you don't get stuff like ZFS. I'd experiment with both.

PID randomization is included with FreeBSD 11.x as well as few other hardening options when you install.

Re:Why not OpenBSD?

That's the public consumption stuff.

OpenBSD is really Theo's vehicle, which he forked out of spite after getting into a stupid spat with NetBSD core@. (This says bundles about both, incidentally.) They do worship "security" (and it often does devolve into "worship", though they do know their stuff) but to value it properly you need to understand their idea of "security", which is actually pretty narrow. Point in case: "openntpd", which is written by security nerds because the reference implementation was deemed to be doubleplus ungood, and not by time nerds. So you get a situation where the thing only doing sntp is deemed peachy fine. Except that to people who really need Proper Time, the bread and butter of ntp, this is simply not good enough, but the thing won't tell you. Fun times.

NetBSD is a bit of a tinker toy. It's pretty portable, but some (even non-mainstream!) platforms are actually better served by, oh, OpenBSD or something. It is a bit hampered by its core@ being a bunch of nice people and by its niche status. It now has lua in the kernel.

FreeBSD is a different kind of tinker toy with a big position as "geheimtipp" for servers, something they've done their level best to destroy since FreeBSD 5, first with the n:m scheduler (which they finally gave up on with FreeBSD 8), and now with various userland rewrites, including pkgng (which suffers from a massive case of second system effect). It was traditionally strongest on i386 and now x86_64, and much less so on other platforms (alpha was somewhat decent, though). There is a strong influx of linux refugees, and it shows.

DragonFly BSD is Matt Dillon's fork of FreeBSD 4.11, because he disagreed with the n:m scheduler as overly ambitious (which got vindicated) and as a vehicle to do things like HAMMER with. Too bad the thing also saw fit to jump the pkgng bandwagon. Like NetBSD it suffers from being small-ish and being niche without having a clear niche-crowd to leverage.

They all have their own flavour and they all steal from each other with gay abandon.

So you see, the people behind it are important also, certainly if you'd like to participate and not "just use". And the best way to learn about them is to try.

So if interested do find the time to install each of them at least once, even if only as a VM. But do install from scratch; go for a bootable system without X and packages, then build from there.

One thing the *BSDs tend to do much better than linux is documentation. So be sure to look for that first and do plenty reading before starting your installs.

Re:Why not OpenBSD?

[fnj]

Aighearach is the dictionary definition of an ignoramus.

Re:Why not OpenBSD?

[fnj]

TrueOS uses FreeBSD 12 current which is over a year awhile

What are you trying to say in English? Because that is gibberish. And what is a "food afternoon"?

The only one of those things that is any more than trivial to install is a DE. You can get all the rest in a few SECONDS using "pkg install sudo bash gnuls".

Re:Why not OpenBSD?

[unixisc]

They all have their own flavour and they all steal from each other with gay abandon.

What exactly does 'steal' mean here? Do they incorporate each other's code w/o giving them due credit? That would be the only violation of any BSD license, afaict. Otherwise, the BSD license explicitly allows anybody to take any code and use it in anything else, including changing the license: the only thing that must be done is the original author should be properly credited.

Re:Why not OpenBSD?

[Aighearach]

You could always check that, if you can find a dictionary.

Re:Why not OpenBSD?

[rl117]

The caveat, AFAICR, is that the binary builds don't have security updates, being built at the time of release, so you have to build from source if you care about security updates. It's been a topic of conversation on the openbsd list a few times.

No shit

Poettering is just as childish asshole as the great Trumpet is.

systemd

[maestroX]

When does the hurting stop.

Re:Systemd

[dbIII]

Are you trying to imply that you opened this conversation in good faith

My post is right there above. No stuff such as "it's definitely easier to rant against something if you know next to nothing about it" - that bit of bad faith was entirely yours, as is your very long rant directly above which seems to be the only rant here.

If you want to be taken seriously I suggest acting appropriately.
The "one rule for me and another for others" attitude comes off as somewhat childish.

Also what's with the fucking lecture - indeed a revisionist lecture? I've been following this for more than a decade ever since Lennert's ill-fated roadshow to convince people outside of RedHat to grant him the linux crown. If you are going to parrot Lennart's own words, but get them wrong, just provide a link to his blog. Maybe try reading it yourself to clear up those misconceptions that you are attempting to propagate for some reason.

Re:Systemd

[Tenebrousedge]

I view this as a lack of response.

Re:Systemd

[dbIII]

That kind of makes two of us because I was asking what systemd was supposed to solve apart from empire building and while I have to say you did try hard I disagree with your very fuzzy attempt at an answer. IMHO those problems you said systemd was supposed to have solved have not actually been addressed in systemd. The lack of parallel init in an earlier system was addressed in upstart but barely touched on in systemd (as seen by those instances, which were never common and are becoming rarer, where systemd just hangs). The other "problems" still exist in all the current init systems.

That's why I wrote what I wrote.

Re:Should systemd be rewritten in Rust?

Rust will only save you from certain types of programming mistakes, not a cavalier attitude towards security design and testing.

With all this hate...

[Kokuyo]

I've been considering switching from Ubuntu to something without Systemd. But what would that be? Slackware is a bit hardcore and frankly, I'm really scared I won't get my server functional ever again if I start from scratch...

Re:With all this hate...

[Kokuyo]

And no, I'm not gonna do another LFS. The last time, many moons ago, I got it running but with so many error messages I couldn't truly deal with, I think I've got enouth PTSD to tell my grandkids I would have preferred a good war :D.

Re:With all this hate...

Devuan
Assuming that you actually are looking for an answer and not just playing "Why don't you - yes but...".

Re:With all this hate...

[sconeu]

What about Devuan?

Re: With all this hate...

[thePjunisher]

I tried Devuan, but too early, maybe, because I found the beta I tried to be barely functional. It might be better now. In the end, I landed on Manjaro OpenRC.

Re:With all this hate...

[Kokuyo]

Hmmm Gentoo. Why not? That one's at least seen a few years so it's probably somewhat mature at least and won't kick the bucket in a year or so :D.

Re:With all this hate...

[epyT-R]

slack, gentoo, devuan are options..

Re:With all this hate...

[angel'o'sphere]

Slackware used to be close to BSD and most other Linux distros are close to System V and the modern mix of BSD/System V.
If you really want to switch, why not to Open BSD?

Re:With all this hate...

[Kokuyo]

I guess that would be an idea considdering my zfs storage. I was just of the impression that hardware support was even worse than Linux. Is that not so?

Re:With all this hate...

[Kokuyo]

I should probably also mention that I plan GPU passthrough to a windows vm on this server (Threadripper based).

It's gonna be quite a challenge as it is and I've never worked with a BSD...

Re:With all this hate...

[Viol8]

Yeah, but OS/X has its own issues - OS/X specific system APIs in Objective-C? Ugh. Proprietary graphics and sound subsystems (X support now hived off to an OSS team so who knows how long that will last) , uppercase/lowercase issues with filenames, and a number of other things. I'm not saying OS/X is bad, its just not the perfect Unix enviroment either.

Re:With all this hate...

[Billly+Gates]

OpenBSd has hardly any drivers and is not that user friendly. FreeBSD is better as it has up to date drivers, ZFS, dtrace, jails, and is more supported.

Re:With all this hate...

[Billly+Gates]

FreeBSD is quite popular. Issue is well it is hardcore :-)

But FreeBSD is conservative and known to be quite stable for server builds. What I love about FreeBSD is I find the FreeBSD handbook and manpages quite superior to Linux.

Linux is abunch of things glued together and grown. FreeBSD is designed and feels like a complete OS. The tools are BSD based, Documentation is BSD based, even the sample scripts, and then of course the kernel etc. The ports in /usr/ports also pull from the sources and apply FreeBSD patches to each one. It is a more integrated feel as seperate teams working together make the OS. Not a bunch of guys in a basement putting stuff togehter independently and calling it a linux distro. ... ok my last rant was true 15 years when we had lots of smaller distros made by kids. Ubuntu and CentOS/Redhat are professional. But outside support for things like Duvaan are not there.

I am not bashing it but a few guys who hate SystemD writting on github for Duvuaan scare me as I have no idea who they are and what kind of quality controls.

FreeBSD has ZFS (not a user mode hack), dtrace, and jails too so it does have a use besides Hey we are not Linux clone.

FreeBSD will not come with a gui by default. You will need to look up the handbook or go to youtube on setting up Xorg and your X11-wm of course and creating a Sudo file etc. But FreeBSD 11.1 has long term support not just for security updates but also application updates which unlike Redhat/CentOS can turn crusty after a few years.

Both Amazon and Microsoft have contributed code to FreeBSD for Azure/Hyper-V and Amazons web services so pull up a free VM to play with.

Re:With all this hate...

[Billly+Gates]

Yeah except MacOSX has it's own version of SystemD called startup which also tries to outsmart init with an autostarting daemon that starts other daemons that is not that configurable.

Not saying it is as bad as SystemD. I am just it tries to make it friendly and visual and do things for you which is what drives Unix nerds mad.

Re:With all this hate...

I've been running Devuan 1 since ~28 May; it's basically indistinguishable from a de-systemd'd Debian 8.

Re:With all this hate...

[aardvarkjoe]

Most of those who oppose systemd are pining for the Good Old Days of loading the boot target using bat-handle toggle switches on the front of their IMSAI.

We're mostly pining for the Good Old Days when you could trust your init system to do what it was supposed to do.

Re:With all this hate...

[Zero__Kelvin]

Let's hear your actually encountered, real world issue (not read about in a misleading Slashdot post) with systemd that merits such a drastic change.

Re:With all this hate...

[Lady+Galadriel]

Yes, FreeBSD is what I call a long term supported, server style OS.
(That's not to imply it can't be a desktop OS. I used Solaris 2.5.1, 2.6, 8 and 10 on SPARC for my desktop, for over 10 years...)

iXsystems took over the old PCBSD and now calls it TrueOS. Still based on FreeBSD, and intended as a desktop OS. Still a bit raw. And probably does not have the driver support Linux has, but if Linux goes messy, (SystemD everywhere!), then I will have to consider migrating from Gentoo to TrueOS.

One thing I absolutely love, is ZFS. (And yes, on Gentoo Linux it's rock stable.) This gets me so many features, like alternate boot environments for software upgrades, home filesystem snapshots for easy file recovery, simple disk mirroring, and data / RAID verification.

Re:With all this hate...

[thegarbz]

Based on the way people talk about systemd Devuan should now be the best funded and most active distribution in the linux world.

Snide comment aside, I don't think they'll go away. This topic has basically turned into a religion and the existence of Devuan is beyond someone's fork project and basically propped up by a belief system that an alternative must exist in the Linux world. I'd bank on it being around for a while.

Re:With all this hate...

[Billly+Gates]

Yes, FreeBSD is what I call a long term supported, server style OS.

(That's not to imply it can't be a desktop OS. I used Solaris 2.5.1, 2.6, 8 and 10 on SPARC for my desktop, for over 10 years...)

iXsystems took over the old PCBSD and now calls it TrueOS. Still based on FreeBSD, and intended as a desktop OS. Still a bit raw. And probably does not have the driver support Linux has, but if Linux goes messy, (SystemD everywhere!), then I will have to consider migrating from Gentoo to TrueOS.

One thing I absolutely love, is ZFS. (And yes, on Gentoo Linux it's rock stable.) This gets me so many features, like alternate boot environments for software upgrades, home filesystem snapshots for easy file recovery, simple disk mirroring, and data / RAID verification.

Thanks Lady I do not have experience wiht Solaris other than running uname. I do say I HATE trueOS as just a a few hours ago when I was typing that post I was trying to install it on my Windows 10 Desktop using Hyper-V. It won't even post in either UEFI or in Bios mode as either guest.

TrueOS is based off of FreeBSD 12 current according to their website which is still over a year away! It kind of reminds me of old Mandrake back in the day where it had lots of bugs when you exited XFree86 Kde1 and saw all the errors on the terminal.

To be fair I couldn't get the mouse to work after logging into Mate from FreeBSd 11.1 which I just installed that has generation 1 EFI support for Hyper-V so there is that on the bleeding edge. I want to play with ZFS when I get time to learn it. These days I was leaning more towards SharePoint help at work but maybe doing more admin stuff on the side.

If TrueOS was based off of a stable FreeBSD distro my respect for it would go WAAAY up as current is not even alpha. It is beta.

Re:With all this hate...

[i.r.id10t]

I've been trying to learn how to do things The BSD Way. Considering freebsd since Linode support it to some degree for their VPSes...

Re:With all this hate...

[msk]

I've been running it since the repositories were available, as a direct changeout from Debian via sources.list. It's stable and maintained well.

Re:With all this hate...

[dbIII]

I've shifted a lot of stuff to FreeBSD, but that's only a good move if the software you want to use runs on it. With commercial software I'm stuck on RHEL6/CentOS6 since the vendor can't work out how to get it to run on RHEL7 (which has systemd) let alone other platforms.

Re:With all this hate...

[dbIII]

The idea itself isn't bad. The implementation of taking things over instead of working with existing tools, and the replacement being substandard due to communication problems and not caring how things were done before - that is the issue.
Linux is deliberately made to act like an older version of *nix. Changing that entire idea of having something new that behaves completely differently is bound to annoy many people who choose to use linux.

Also, but far more trivially, such a major change connecting to so much other software has meant older platforms being abandoned and software concentrating onto specific platforms, which was kind of annoying me this week putting stuff on a couple of old Macs. That's just an example symptom of major change versus incremental change.

Re:With all this hate...

[supertall]

MX Linux

Re:With all this hate...

[gweihir]

At this time, stock Debian with sysVinit is a reasonable option. There will be some systemd cruft still around, but it will be mostly inert.

Re:With all this hate...

[angel'o'sphere]

FreeBSD or OpenBSD was more a hint for a change.
I have no real experience with any of them.

Mac OS X is based on FreeBSD, but uses a Mach kernel.

Re:With all this hate...

[tigersha]

Since when is ThreadRipper on the market? Where did you buy one?

Re:With all this hate...

[tigersha]

OS/X is OS/X. The Audio API, to use your example, is the best there is and in widespread commercial use. There is a reason they did their own Audio API. The one In Linux and BSD sucks. Completely.

As for Graphics, OS/X was always based on a PostScript/PDF rendering pipeline for reasons that it widely used in Desktop Publishing. OS/X is OS/X, not BSD. It works very well for the tasks it was designed for. FreeBSD works well for the tasks it was designed for. There is quite a bit of overlap, sure, but they are not the same

Re:With all this hate...

[tigersha]

I am still sad that I can't get a 160 wide Hercules Graphics Card that can drive my 24 Inch monitor in monochrome :(

Get Hans

[ArchieBunker]

You could always get Hans Reiser out of jail to do the hit. He doesn't have any problems murdering people.

Re:Get Hans

[Tenebrousedge]

ReiserFS was not that great when it was under active development, and as far as I am aware while he was the first to implement some interesting filesystem features on Linux, he did not actually invent any of those concepts. The statement about XFS/btrFS is unsupportable.

Systemd has made many correct design decisions. The valid criticisms are completely drowned by people like you who don't understand the problems it's designed to solve. There's a reason why people keep inventing replacements for sysvinit.

the economic cost to the rest of us will most likely be greater than the damage Hans did to society.

We don't measure that murder in economic terms. What a foul comparison.

Re:Get Hans

[Billly+Gates]

ReiserFS was not that great when it was under active development, and as far as I am aware while he was the first to implement some interesting filesystem features on Linux, he did not actually invent any of those concepts. The statement about XFS/btrFS is unsupportable.

Systemd has made many correct design decisions. The valid criticisms are completely drowned by people like you who don't understand the problems it's designed to solve. There's a reason why people keep inventing replacements for sysvinit.

the economic cost to the rest of us will most likely be greater than the damage Hans did to society.

We don't measure that murder in economic terms. What a foul comparison.

I used to agree with you. Sysinit was designed for a computer (mini computer before being called a server) for a system with maybe 80 utilites and programs at the most. Very simplistic to do a few things and you set once and walk away for many years until the machine gets decommisioned etc.

A modern linux distro with +30,000 utilities running for example on a modern laptop is a nightmare in comparison if you need events like a laptop going asleep and waking up in a different time zone or when an apache server gets hacked and needs to quarantine itself or when a node fails in a cluster etc. Sysinit is not designed for these scenarios and Linux has hte worst ugliest scripts. NetBSD tries to do BSD to make it look cleaner but still.

Problem is SystemD is another nightmare all together. Sure you can setup stuff above in scenarios but when it fails IT FAILS BIG. The event processes are known to randomly change raid configurations during reboots, loose data, and events are difficult to debug. Sysinit is sequential even if an ugly hack of if/fi else scripts through the godzoo is not pretty you can debug it and you do not have unexecpted behavior.

Nothing scares a Network Administrator more than unpredictable behavior. Especially whose job counts on having a 99.97% uptime and a bonus only if your servers hit 99.99% uptime in their performance reviews.

OpenRC tries to be both. Ubuntu had upstart and even Apple has starteD or startD that do some event work and can handle a change like a laptop sleeping and waking up, but are not so alien and engulf.

I do not do system administration work anymore but might soon as I am applying on job sites. SystemD has me nervous as I do not want to support it from what I read here and from what colleagues have told me. Even if I have to learn it I do not like the idea my RAID or SAN might be configured one way, then when the system restarts it will be reconfigured a different way from some unknown reason that SystemD did from an event.

The more it tries to do the more work we have to figure out what it did when shit hits the fan.

Re:Get Hans

[dbIII]

like you who don't understand the problems it's designed to solve

Which is what exactly? A single enormous codebase maintained by a generalist with little supervision instead of specific programs maintained by experts? Why is that a problem?

Re:Get Hans

[Tenebrousedge]

Why have people been trying to replace sysvinit? Why have you not bothered to research the origins and rationale for the project? I mean, it's definitely easier to rant against something if you know next to nothing about it, I suppose...

There was a vote

[ArchieBunker]

My understanding was there was a vote and some asshole had to break the tie in favor of systemd.

Re:There was a vote

[thegarbz]

Your understanding is basic.

By simple majority systemd had double the number of votes than upstart and further discussions and was a clear winner.
No one preferred keeping sysvinit, and everyone preferred openRC over sysvinit. However they didn't go by simple majority but rather by pairwise defeats. After pairwise defeats the only remaining options were systemd vs upstart. The "asshole" you're referring to was the chairman of the technical committee who preferred systemd in favour of upstart.

Of course systemd is more like politics and religion and everyone who doesn't like the outcome then claims that the voting system which has served well in the past is now this very one time inexplicably broken, and all people involved are assholes.

Have you considered running for public office? You'd fit right in.

Re:I'm waiting for news of his death

[Aighearach]

It is true that neckbeards snarl worse than a grue, but they're not capable of physical attacks. They also can't remain outdoors for extended periods of time, so they can't stalk anybody.

Re:Should systemd be rewritten in Rust?

[hord]

You can re-write in any language you want to eliminate the design issues of the current language. You now have all the design flaws of the new language you picked plus the complexity of translating from the previous language. Best of luck.

Re:Should systemd be rewritten in Rust?

[fahrbot-bot]

If bugs and programming errors that result in security flaws are a problem with systemd, would rewriting it in a language like Rust help?

There are bugs, programming errors and bad programming. Don't confuse the three.

Re:Should systemd be rewritten in Rust?

If I hear of a company marketing a supported enterprise distro of FreeBSD, I'm gonna buy stock!

How about ixsystems? They make FreeNAS and TruOS.

why are distributions using it ???

[cats-paw]

Never have I read anything positive about systemd.
and what I've read about it's design is extremely non-unixy.

so why did any of the distributions pick it up ?

Re:why are distributions using it ???

[dbIII]

Redhat own it as well as having a lot of the gnome developers on payroll. It was decided that if you want the current gnome you need systemd. Thus if other distros want gnome they need systemd.
Lennart has a blog and the office politics that were the real reason for the decision are crowed about on it. He is on the road to making linux his as far as he sees it. A bit more attention to detail or some listening to advice and it wouldn't matter.

Re:Should systemd be rewritten in Rust?

[Billly+Gates]

PfSense uses it but more as a customized distro and equipment for routers and firewalls. So that is enterprise level support and I use their pfSense iso for my Hyper-V routers I use in my home lab.

They are great for offices of 100 users or less who do not want to buy a full expensive Cisco switch and router and have a guy come in and charge up the wazoo for a medium sized office. PfSense and do both layer 2 and 3.

Cisco on purpose tries to differentiate so you have to buy a switch AND a router and convinced network engineers that this is the proper way.

Re: You be late, mon

[Billly+Gates]

I thought Walnut Creek got acquired by the FreeBSD foundation. Did it not?

Thus Spake Poettering ..

[khz6955]

Systemd dies if there is no cgroup support in the kernel.

Poettering: "To make this work we’d need a patch, as nobody of us tests this"

R! /dir/.* destroys root.

Poettering: "I am not sure I'd consider this much of a problem. Yeah, it's a UNIX pitfall, but "rm -rf /foo/.*" will work the exact same way, no?"

Processes owned by a user with a leading zero in the name are started with root privilege..

Pottering: "I don't think there's anything to fix in systemd here"

Systemd kill background processes after user logs out.

Poettering: "In my view it was actually quite strange of UNIX that it by default let arbitrary user code stay around unrestricted after logout."

'I have an issue with journal corruptions and need to know what is the accepted way to deal with them.'

Poettering: "Yupp, journal corruptions result in rotation, and when reading we try to make the best of it. they are nothing we really need to fix hence."

'Poettering locked and limited conversation to collaborators on 17 Apr'

Re:Thus Spake Poettering ..

[xbytor]

> "In my view it was actually quite strange of UNIX that it by default let arbitrary user code stay around unrestricted after logout."

Wow. Really, just wow. I am so happy I don't have to use Debian or any of those other systemd distros.

Re:Thus Spake Poettering ..

[dindinx]

If you don't compile network support into the kernel, no http servers can work. If you don't compile cgroup support into the kernel, systemd is the only init system that can't start. Every other init starts with no problems.

See the différence?

Re:Thus Spake Poettering ..

[rl117]

While this post was marked "5, Funny" I personally feel it's more of a tragedy that Linux has been trashed so thoroughly by such a small group of people. If you'd suggested to me a few years back that in 2017 I'd be using FreeBSD and no longer a Debian developer I wouldn't have believed you, and yet that's where I've ended up.

Re:Thus Spake Poettering ..

I only robbed a couple of banks, and I was caught almost immediately. Now whenever I try to go into one of those banks they harp on about it. Really, they should just get over it. Bloody trolls.

Re:Should systemd be rewritten in Rust?

[Billly+Gates]

The three are one. Security too as Windows was unstable due to its crashiness. If you can't control where the program points in ram addresses it means a hacker could plant some code and easily point it to the payload instead of a random spot to gpfault or give an IRQ_lessthan or equal BSOD. Notice how Windows got very stable when it took security seriously starting with WIndows 7/server 2008?

Bugs and errors can be fixed by good programming and design.

That suspicion isn't like the systemd issues

[jbn-o]

I recall that being an entirely different issue from what's at issue in this /. thread. This thread concerns possibly buggy free software in need of some maintenance and review. Microsoft's patent licence for .NET core is a threat of a different kind—Microsoft's patents covering software in Mono and licensing that doesn't grant users the freedoms of free software work together to grant Microsoft the power to extracting patent royalties from free software distributors.

Bobby Drop Tables

[dbIII]

It is dangerous to allow them to start with digits as we have seen

Only within the window of Lennart's "not a bug" and only with systemd.
He made the utter newbie mistake of not checking his inputs when there are inputs that can have dire consequences on how his code works. Now he's checking his inputs, good to see, but you defending him not checking them in the first place is not getting anything done apart from annoyance.

Re:Bobby Drop Tables

[Zero__Kelvin]

Funny. Many of the people here are criticizing him for checking, while others for not. It is almost like it doesn't matter what *they* do, someone will decide it was him and start blaming.

Re:Bobby Drop Tables

[0100010001010011]

At this point I'm not unsure that Zero__Kelvin isn't Pottering's slashdot account.

Re:Bobby Drop Tables

[dbIII]

No, those people are far worse than him on a bad day. Lennart has issues with criticism but not to the extent of some of the fanboys.

FreeBSD company

[unixisc]

Is iXsystems a private or a publicly traded company?

Re:You be late, mon

[unixisc]

Actually, that BSDi code was shared to the public - sans 6 files that were re-written to exclude any AT&T/USL code. That version was known as 386 BSD. It got forked to FreeBSD and NetBSD, and NetBSD had a major fork to OpenBSD. There have been several minor forks of FreeBSD since.

Re:Should systemd be rewritten in Rust?

[unixisc]

Changing languages isn't the answer. Security bugs can happen in any language. The design of systemd and the way they handle development is the problem. It's a bad architecture. The Linux user community is screaming this at the top of their lungs yet systemd is infecting almost every major distro.

Besides, from the Rust discussion the other day, Rust is a high level language. If one wants to write an init system, shouldn't it be written in a language close to the CPU, such as C/C++ or Assembly?

Re:Should systemd be rewritten in Rust?

[unixisc]

Even FreeBSD is owned by iXsystems, ain't it?

Cisco routers & switches

[unixisc]

Doesn't Cisco sell Layer 3 switches? That would eliminate the need for switch AND router. Also, if one uses IPv6, that should make eliminating switches even easier

McAfee

[unixisc]

Did he ever do anything in Unix? I thought that his antivirus package was Windows only

DesktopBSD

[unixisc]

Desktop BSD has been dead for a while. Did it ever get resurrected?

Why is Redhat allowing this?

[mike2006]

At this point why is Redhat or any major distro for that matter continuing with this systemd nonsense?

Does anyone in the know the inside story of what is going on within Redhat about systemd?

Re:Why is Redhat allowing this?

[gweihir]

It is difficult to say which it is, but here are a couple of possible reasons:

- Linux was getting too hard to hack and the intelligence community is pushing for systemd to fix that by having a known incompetent in charge of a critical system component
- Linux did not generate enough support revenue for Red Hat and this is intended to fix that (and to make sure people cannot just go to a different distro)
- Red Hat wants total control over Linux and systemd is their attempt to establish that by being the single source of a central component

It may also very well be a combination of these. In any case, it is targeted sabotage. I do not think Poettering is clued in though. They are just using him as a "useful idiot".

Re:Why is Redhat allowing this?

[nnet]

Gnome needs it.

Trojan horse?

[pkphilip]

I wonder if systemd, pulseaudio etc are trojan horses inserted into the Linux ecosystem for nothing else but screwing things up - they work, sort of, but not very well.. they are irritating enough to significantly reduce the adoption of Linux and also to slow down the overall development of the Linux ecosystem by focusing attention on problems which could have been easily avoided. There there is of course these security vulnerabilities which open up in the strangest of places.

Of course, I have no evidence for this, but it has been a nagging suspicion.

Re:Trojan horse?

[gweihir]

I believe that is the case, but Poettering is not clued in. It seems likely that Linux became too hard to hack into, so something needed to be done. Putting a known incompetent with a huge ego and no understanding of security in charge of a critical central system component is just the ticket to do that. And it will not look like a sabotage attack either, because said incompetent will screw up security all by himself, whit zero understanding of how he is being used.

The nature of the campaign that systemd was pushed with gives further indication for that: Zero arguments technical merit, except on the meaningless surface. As soon as anybody tried to go into actual technical arguments that matter, emotional appeal, deriding of the person, portraying them as "backwards" and "anti innovation", etc. This just means that there were no good technological arguments, but a group with access to PsyOps techniques really wanted it to be pushed hard. And look where we are, they basically succeeded. Of course, PsyOps only works against incompetents long-term and there is still a core of the Linux community that actually understands technology, as exemplified by this award and the continuing resistance. Technological facts do not go away.

Re:Trojan horse?

[4partee]

Lennart Poettering === Useful Idiot.

Re:Trojan horse?

And vaccines? Why would anybody sane believe they do not work?

Dunno, seems to be a thing with Devuan devs (e.g. Daniel Reurich (Centurion_Dan) calls himself an anti-vaxxer and golinux (another Devuan dev) agrees a few lines below.

You seem to prefer to believe in some PsyOps conspiracy theory (I guess either Mossad, CIA, NSA?).

As to the "why would sane people believe that": I never claimed that Devuan devs or you are sane. In fact it's pretty clear all of you have serious mental health issues.

Re:Should systemd be rewritten in Rust?

[gweihir]

I am all for that! Rewrite systemd in Rust, get all systemd experts and Rust experts into one place and then nuke it! Might make the future significantly better.

Re:Should systemd be rewritten in Rust?

[gweihir]

Indeed. But the Rust cult does not understand that. They somehow think Rust will prevent any and all important security issues and that already shows that these people have zero understanding of the problem.

Re:Should systemd be rewritten in Rust?

[Aighearach]

lol, no, I'm saying that the future will contain the day where few of these bugs are being found in it. It receives resources from RedHat. Bugs will be fixed. Bugs will be reported. Bugs will be fixed. Bugs will be reported. Bugs will be fixed.

The rate starts out bad, and gets better later. Because RedHat makes money and isn't going away.

Why don't the fanboys learn about the topic?

[dbIII]

Why have you not bothered to research

Ah there's that "research" again as if just reading a few things is that - when did that become a doubleplusgood thing instead of what it means in English?
Of course I know the reason - it's in Lennart's blog and I summed it up above - he wants to "own" linux. There's several other init projects out there, are you aware of them? Are you the one who knows "next to nothing about it" so have only fanboy bluster instead of the valid reason I'm supposed to have found via "research", which you have not done yourself?

Re:Why don't the fanboys learn about the topic?

[Tenebrousedge]

You're clearly far from objective on this issue. I'm not interested in being further baited and insulted. If you want information, it's out there. If you want to have a conversation, you can find a more respectable tone of address.

Re:Why don't the fanboys learn about the topic?

[dbIII]

I'm not interested in being further baited and insulted

Yes, it's kind of obvious that you think that's something you should do to other people and not be subjected to yourself in even the mildest form.

you can find a more respectable tone of address

Such as this of yours for example?

I mean, it's definitely easier to rant against something if you know next to nothing about it

It appears I was far more respectful than that - I asked a question leaving doubt that you are as bad as you appear and gave you an opportunity to defend yourself instead of accusations like those you made.
Go on - show you are more than the clueless fanboy with a thin skin that you appear to be. I have a thousand times more respect for Lennart who fixes some of his mistakes than some clueless cheerleader that pretends no mistakes were made.

Re: Should systemd be rewritten in Rust?

[s4m7]

Starting off by including a runtime dependency is a great way to have zero buy-in from old school admins. This was very much a part of systemd's political problem, which fed their technical ones.

I didn't suggest it was the same issue

[HBI]

I did suggest the 'universal hate' felt pretty similar, though.

Systemd

[Tenebrousedge]

Are you trying to imply that you opened this conversation in good faith, or are you merely sorry to be detected?

I can't speak to every decision they've ever made, but the general concept of an event-driven service manager with dependency resolution is not a poor one. It's sort of ironic that 'init' was named as such, in that it led people to focus on its role in the boot process rather than the idea of state transitions. The fundamental problem of sysvinit was that it was not a kernel process and could not make any hard guarantees about things like resource usage or even whether a given PID file corresponds with the correct active process. For most purposes these defects can be ignored, but there were as I (vaguely) recall a handful of efforts over the years to introduce these things into the kernel, the latest and most successful being cgroups.

In parallel with these developments we had multiple efforts towards speeding up the Linux boot processes, often driven by efforts to introduce Linux in the mobile space. I believe notable improvements were made to things like ureadahead/sreadahead by Intel, Canonical, and Red Hat at various times. There seems to have been a fair amount of cross-pollination in that sector. There is of course nothing inherently wrong with wanting to boot faster, and starting services in parallel is the obvious initial improvement, and dependency resolution is a further obvious improvement.

At the time systemd was written, Upstart was already taking the lead in replacing sysvinit with something completely incompatible, and OpenRC was rewriting all of the common init script activities into more sensible C libraries. So then cgroups are introduced and someone has the fairly sensible idea that they should write a service manager to use them. At this point, it makes little sense to try and introduce cgroups to sysvinit, Upstart didn't have a great dependency model, and OpenRC didn't have a strong interest in parallel boot. So if you're going to do this at all, it makes sense to try to use all the nice features you can. We should also mention both Solaris and OSX having replaced sysvinit by this time as well; Linux was to some degree catching up to the commercial Unixes in this regard.

Now, while all this was going on, there were a large group of developers and sysadmins who were making lots of things with Bash, Perl, and Unix, and making pots of money doing it. The art of the scriptable operating system was refined and perfected. In a sense, sysvinit fell victim to its own success, since it worked so well that anything which intended to replace it had to head off in a completely different direction.

The narrative since then depends strongly on your point of view. Upstart has gone to a rather unlamented grave alongside Mir and a long list of other things Canonical has attempted to foist on the wider community. OpenRC remains a good option. It supports many of the same features that systemd does, but as optional elements as they have always been committed to multi-platform support. As a project designed around a Linux-kernel-only feature, systemd has had no reason to consider that. Sysvinit is hopefully no longer struggling to find maintainers, but there's not really any danger of it becoming popular again. Younger developers have other scripting languages that they like better, and everyone seems to be in a hurry to virtualize and containerize all the things -- which I'm sure that you've been around long enough to find ironic, but nevertheless it does not seem to be slowing down. Systemd appears to be doing better at keeping up with whatever the Cloud wants at any given moment (for better or worse).

I'll omit discussion of other features (binary logs, e.g.) unless you have some particular grudge against them. I generally don't mind the idea of establishing a common plumbing layer as long as their internal API is stable and well-documented, and I've not seen evidence otherwise. I do find these recent bugs to be concerning, but not so much so as to condemn the projec

Who benefits from SystemD? Red Hat? Microsoft?

[Futurepower(R)]

"Systemd, the ever growing cancer that seeks to subsume the entire Linux userland..."

Who benefits from SystemD destructiveness? Red Hat's consulting? Microsoft?

Linux does seem to be moving in the direction of destroying itself. Stories:

9 Lethal Linux Commands You Should Never Run

The top 5 problems with Linux. Quote: "... the community is vastly divided by tribal identity."

Major Linux Problems on the Desktop, 2017 edition

Start with systemd sucks

[whitroth]

I've come to have a number of issues with that piece of crap.

"A start script is running..." with no timeout, and no clue what's having an issue, and NO WAY to get to the moronic "journal that must absolutely be binary, (to save space?)" because it's still booting.

And targets and services and wants, oh, my. And DBUS all over the freakin' place.

Oh, but it starts SO MUCH FASTER!!! And this matters on *anything* but a laptop or mobile? Why force inappropriate crap onto desktops, workstations, and servers?

And with as much as possible running in parallel during boot, it massively makes it more difficult to debug a boot problem (y'know, like the bloody hour and a half I spent last Thursday on a major server?).

I continually wonder how much M$ paid him, and RH, to make Linux start to look like WinBlows.

That's two different scripts

[dbIII]

That's two different scripts with very different syntax.

Re:I'm waiting for news of his death

[TheDarkener]

Hey, I resent that grue remark.

Oh, shut up

[TheDarkener]

I'm sick and tired of the, "Oh, systemd sucks, move to *BSD!" Fuck you. Just get rid of systemd.