New SystemD Vulnerability Discovered

The Register reports that a new security bug in systemd "can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box" by a malicious host on the same network segment as the victim. According to one Red Hat security engineer, "An attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines, resulting in a denial of service or potential code execution." According to the bug description, systemd-networkd "contains a DHCPv6 client which is written from scratch and can be spawned automatically on managed interfaces when IPv6 router advertisements are received."

OneHundredAndTen shared this article from the Register: In addition to Ubuntu and Red Hat Enterprise Linux, systemd has been adopted as a service manager for Debian, Fedora, CoreOS, Mint, and SUSE Linux Enterprise Server. We're told RHEL 7, at least, does not use the vulnerable component by default.

Systemd creator Leonard Poettering has already published a security fix for the vulnerable component -- this should be weaving its way into distros as we type. If you run a systemd-based Linux system, and rely on systemd-networkd, update your operating system as soon as you can to pick up the fix when available and as necessary.

Really, is anyone surprised?

[telek83]

This is what happens when you reinvent everything you possible can, just 'cuz' but to put the icing on the cake, you run everything as root when you do it...

Re:Really, is anyone surprised?

That's the thing, isn't it? The millionth windows vulnerability and still saying "well any code has bugs". Sure it does. But the rebuttal is essentially saying that all code is created equal. That's just not true. Some code is very much more equal than others.

This guy doesn't merely write crap code, he has a track record of not playing well with others, refusing to acknowledge bugs, expecting other software projects to work around and make up for his mistakes, and so on, and so forth. Next to his track record, there are multiple reasons why his code has more and more pernicious bugs than other code. One of the reasons is as GP says: The code tries to do too much and fails to make use of built-in fall-out protection, deliberately. That's just stupid. The guy has been told, and he still thinks it's a good idea. He really believes his shit does not stink. Ergo, the guy is stupid, as well as an asshole.

If I get a choice at all, it is clear: I do not want any of his code running on my systems if I can at all help it.

Re:Really, is anyone surprised?

[telek83]

While no one writes perfect code, when rewriting code for no good reason either then wanting to, the code itself should have at least be as good as the previous implementation, and as it stands dhclient6 and isc-dhcp-server do not have this problem.

I don't have a problem with SystemD, I have a problem with anyone who tries to modernize some software but doesn't take into account of why things were written the way they were in the fist place... it's like the DNS resolve bugs... had the developers even bothered to look into bind's history, they would have never made the same mistakes... why take 1 step forward and all the steps back, just to rewrite software that has worked in the first place? This goes for any project, not just SystemD, not just Wayland or any of the "next-generation"projects... all reincarnations of software should take into the account of the previous implementations bugs, doing anything else is completely irresponsible and childish on the developers part, it sends a massage of "I can write better code then you" while in reality making all the mistakes the previous implementation made and more.

This whole "I am better then thou" s**t should end, it only makes people look like idiots

Re:Really, is anyone surprised?

bind's obtuse, error prone configuration syntax should be modernized..

Re: Really, is anyone surprised?

[Type44Q]

No, don't you see??

New SystemD Vulnerability Discovered...

The vulnerability they discovered... was SystemD. It's recursive or a paradox or something. Either way, very fascinating...

Re: Really, is anyone surprised?

But not at the expense of security vulnerabilities.

Re:Really, is anyone surprised?

[telek83]

Agreed, bind's configuration is obtuse and does need fixing, so rather then rewriting a completely different client with the same set of bugs that have already been fixed, why not fork bind, fix the configuration so it's something more sane and then if people like it, they will use it, or ISC will pull the forks changes back into the main fork of bind, if you look at the problems that need to be solved, most of the time there is no need to a complete rewrite, You can see this is true for most things out there, despite this, people almost always try to reinvent the wheel anyways.

Re:Really, is anyone surprised?

They don't run the modules on privilege-separated processes with minimal privileges?!

Re:Really, is anyone surprised?

[telek83]

SIOCSIFADDR SIOCSIFFLAGS SIOCSIFFLAGS and Opening a socket for LPF requires root... unless you do this "sudo setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW=+ep" which no one does, because every upgrade they would have to reset the cap

So yes the client and the server have to run as root, you would think because they are reinventing the wheel here, they would fix this so it can be run be a user with minimal privileges, so even if a bug like this does happen, they are still limited to what they can do.

Re:Really, is anyone surprised?

[alvinrod]

This guy doesn't merely write crap code, he has a track record of not playing well with others, refusing to acknowledge bugs, expecting other software projects to work around and make up for his mistakes, and so on, and so forth.

All of that's a valid reason for not liking SystemD, and touches on my own dislike for it as well. However, the fact that it had a vulnerability in it isn't a good reason to dislike it for the sake of that reason alone, unless you're willing to dislike any other software that has had a vulnerability equally much. Don't conflate dislike of a thing for valid reasons with reasons that you wouldn't use or apply in other cases.

To put it another way, if you found out that a person you already disliked once ran over someone's dog, you might use that act itself to condemn them as a terrible person. However, it's unlikely that if your friend ran over someone's dog that you'd think using that act to condemn them as a terrible person would be justified. If you want to think less of a person for running over a dog, do it in equal amounts irrespective of how you felt about that person prior to them running over someone's dog.

That's the thing, isn't it? The millionth windows vulnerability and still saying "well any code has bugs". Sure it does. But the rebuttal is essentially saying that all code is created equal.

It obviously isn't, and I don't think anyone would honestly argue that all code (or designs, or programmers, etc.) is equal with a straight face. No one's forcing anyone to use crap code, especially in the open source community. If this were Windows, you'd just be stuck with it like all of the other crap that Microsoft has shoved off on people over the years.

Re:Really, is anyone surprised?

The old way of having 10 redundant tools to run a hundred scripts is fucking retarded.

Re:Really, is anyone surprised?

[Lady+Galadriel]

I am surprised!

That this is not a weekly occurance. (Well, weekly Public occurance...)

Re:Really, is anyone surprised?

[Aighearach]

This is what happens when you reinvent everything you possible can, just 'cuz' but to put the icing on the cake, you run everything as root when you do it...

Just imagine what they'd say if it had 12 intentional exploits added! Planet Neckbeard would assplode, probably wipe out the entire Klingon-speaking population of this galaxy.

Re:Really, is anyone surprised?

People don't hate the bug so much as the bad process that created it, though.

Did Pottering get his start in Enterprise software? It would explain a lot.

Re:Really, is anyone surprised?

However, the fact that it had a vulnerability in it isn't a good reason to dislike it for the sake of that reason alone, ...

If that vulnerability is a byproduct of a clear disregard for proper software production and follows a pattern of outright even acknowledging that things are bugs, it's not "that reason alone".

To put it another way, if you found out that a person you already disliked once ran over someone's dog, you might use that act itself to condemn them as a terrible person.

In this analogy, if you disliked the person precisely because they had a history of nearly hitting people without apology and a pattern of not looking behind them, then you'd see them running over someone's dog as a manifestation of how terrible a person they are and how likely it is they'll run over a person in the future.

If you want to think less of a person for running over a dog, do it in equal amounts irrespective of how you felt about that person prior to them running over someone's dog.

I feel differently over a friend who is a dog lover who apologizes for running over a dog and feels terrible vs a dog hater who willfully ran over the dog and cackles daily over the joy of squishing the blood and guts out of animals. Funny how context maters.

It obviously isn't, and I don't think anyone would honestly argue that all code (or designs, or programmers, etc.) is equal with a straight face. No one's forcing anyone to use crap code, especially in the open source community. If this were Windows, you'd just be stuck with it like all of the other crap that Microsoft has shoved off on people over the years.

SystemD is a clusterfuck that's been shoved into most major distros. One cannot trivial avoid it. In fact, it takes a reasonable amount of effort to manage it oneself or one has to make compromises and choose a fork of a distro and hope it remains substantially usable with minimal effort. That one is not "forced" to use it is as true as one is not "forced" to use Windows. I don't think reasonably, though, arguing that when has issues with Windows one should just switch to Linux+WINE and write the code to make whatever program you need work. It's an unreasonable burden to expect and really a cop out to argue "in the open source community" unless there is actually a substantial community that avoids "crap code" like systemd. Sadly, that's not the case.

Re:Really, is anyone surprised?

[gweihir]

The code tries to do too much and fails to make use of built-in fall-out protection, deliberately. That's just stupid. The guy has been told, and he still thinks it's a good idea. He really believes his shit does not stink. Ergo, the guy is stupid, as well as an asshole.

All classical beginner's mistakes. This guy is not a beginner, but still makes bad beginner's mistakes. Because of his unlimited arrogance, he does not learn. Classical Dunning-Kruger sufferer. Now how anybody ever thought using code from this person was a good idea is beyond me.

We can also expect this stuff to go bad exceptionally fast when Poettering loses interest, as the code is too complex and to badly documented to be maintainable.

If I get a choice at all, it is clear: I do not want any of his code running on my systems if I can at all help it.

Depending on the defaults, I either rip this crap out after installation or do not install it in the first place. My employer does the same as a matter of policy. Has not caused any problems so far and probably prevented a ton of them. Usually the problems with systemd start right after installation for me, as I do have a network-setup that is not quite standard. The only other system that has these problems is Windows, and it has it to a lesser degree these days.

Re:Really, is anyone surprised?

[Rockoon]

This guy doesn't merely write crap code, he has a track record of not playing well with others, refusing to acknowledge bugs, expecting other software projects to work around and make up for his mistakes, and so on, and so forth.

Exaggerations aside, the key point is that even the best programmers with the best intent cannot reinvent the wheel without consequences. The motivation for reinventing the wheel is that the current code is ugly and hard to maintain. So off they go writing the replacement temple. What happens is that all the stuff that they thought was ugly was a bugfix or in another way necessary. Their temple grows ugly. The bugs were reinvented too.

Re:Really, is anyone surprised?

[Rockoon]

Even better, dont fuck with bind, and simply invent a decent side language for producing bind configurations. This is how unix is supposed to stack up.

Re:Really, is anyone surprised?

This guy doesn't merely write crap code, he has a track record of not playing well with others, refusing to acknowledge bugs, expecting other software projects to work around and make up for his mistakes, and so on, and so forth.

All of that's a valid reason for not liking SystemD, and touches on my own dislike for it as well. However, the fact that it had a vulnerability in it isn't a good reason to dislike it for the sake of that reason alone, unless you're willing to dislike any other software that has had a vulnerability equally much. Don't conflate dislike of a thing for valid reasons with reasons that you wouldn't use or apply in other cases.

It's not about "has a vulnerability", it's about "has a long history of vulnerabilities, often unnecessary and aggravated for even less reason to boot, and like as not the guy responsible will claim 'not my fault, not my problem' in creative ways". That is, there are multiple ways in which all that applies many more times over to this guy's crap software than it does to other software.

To put it another way, if you found out that a person you already disliked once ran over someone's dog, you might use that act itself to condemn them as a terrible person. However, it's unlikely that if your friend ran over someone's dog that you'd think using that act to condemn them as a terrible person would be justified. If you want to think less of a person for running over a dog, do it in equal amounts irrespective of how you felt about that person prior to them running over someone's dog.

Yeah, this guy has a history of running over your metaphorical dogs wilfully, so "equal amounts" times many many many many more times to apply them still means the guy's well off my "friend" list. For cause.

That's the thing, isn't it? The millionth windows vulnerability and still saying "well any code has bugs". Sure it does. But the rebuttal is essentially saying that all code is created equal.

It obviously isn't, and I don't think anyone would honestly argue that all code (or designs, or programmers, etc.) is equal with a straight face.

Why did you go and have to claim that "other software has bugs too, you know", then?

No one's forcing anyone to use crap code, especially in the open source community.

Get me a poettering-free linux with a non-stupid X and a decent browser. Can you do it with an established distribution at all or is it linux-from-scratch time with a whole lot of work tacked on top?

If this were Windows, you'd just be stuck with it like all of the other crap that Microsoft has shoved off on people over the years.

Hmhm, which is why many people ran off to other systems the moment they thought they could get away with it. But red hat is doing its level best to become the redmond-of-linux-space, which is why they're employing lennart "useful idiot" poettering.

Re: Really, is anyone surprised?

My vulnerability sense is tingling. Would fixing this by allowing regular users to do these operations perhaps come with its own set of security issues?

I know it's potential exploits all the way down, but...

Re: Really, is anyone surprised?

[Jane+Q.+Public]

SystemD was a bad idea from the start.

The majority opposition to it should have been a clue.

Nothing at all surprising about this.

Re: Really, is anyone surprised?

That's exactly right: you can manage complexity but you can't remove it.

Re: Really, is anyone surprised?

The majority opposition to it should have been a clue.

What "majority opposition" are you talking about?

Re:Really, is anyone surprised?

No, do not re-invent sendmail

Re:Really, is anyone surprised?

[thegarbz]

This is what happens when you reinvent everything you possible can

New software has bugs? ZOMG someone stop the presses, we need to tell EVERYONE.

just 'cuz'

just 'cuz' the old init system didn't meet the requirements set out by a modern OS and there have been no less than 15 other projects attempting to replace it already. But hey, one of them gained traction, so let's pick on that one.

Re:Really, is anyone surprised?

[thegarbz]

when rewriting code for no good reason either then wanting to

You left out the bit where various distributions have been attempting to replace sysvinit with something workable for years due to its technical limitations.

This goes for any project, not just SystemD, not just Wayland or any of the "next-generation"projects... all reincarnations of software should take into the account of the previous implementations bugs

And yet we are discussing a bug that is due to functionality that doesn't exist in other implementations. It's easy to criticise repeating mistakes of the past until you look closely and realise that quite often the mistakes of the past weren't repeated, but rather implemented in a completely different way under a different scenario.

Re:Really, is anyone surprised?

[AmiMoJo]

Although in this case the person responsible seems to be Patrik Flykt, who added the code with this commit about 4 years ago: https://github.com/systemd/sys...

Poettering committed the fix.

Re:Really, is anyone surprised?

Or it could start as root and drop the privileges except for those it needs

Re:Really, is anyone surprised?

[Shaitan]

I have a problem with the design philosophy around systemd. The entire one size fits all integrated rather than simple function specific tools concept has its strengths and its weaknesses but they belong on platforms which are not fundamentally built on a platform with the philosophy of small function specific tools. At least not at the system level.

Systemd feels like a clone of what you find on some of the proprietary Unix systems like Solaris and while those systems do have some strengths they mostly are the giant pain in the backside that ensures you need to have an experienced Solaris guy on staff if you have Solaris running somewhere.

Re: Really, is anyone surprised?

omg I am shucked
poettering fixed someone else's code
wow

Re:Really, is anyone surprised?

bind's configuration is obtuse

abstruse.

so rather then

than.

will pull the forks changes back

fork's.

Also, do not use the comma as a substitute for a full stop. Thanks.

Love, your resident speling nazi.

Re:Really, is anyone surprised?

>unless you're willing to dislike any other software that has had a vulnerability equally much.

SystemD has an architectural problem - it's got its fingers in every pie.

Vulnerabilities in other software are only an issue if they allow escalation of privileges. With systemd, any vulnerability results in root. Remember sendmail? It was riddled with vulnerabilities that resulted in escalation. Alternatives like qmail separated concerns to limit escalation. That principle is still sound, and systemd smashes it into atoms. Add the size of its codebase and Poettering's attitude problem, and you see that there's no way systemd will ever have no vulnerabilities.

Re:Really, is anyone surprised?

[tomtomtom]

Which is why rewriting basic system utilities from scratch, repeatedly, instead of relying on the battle-hardened code which has already had its fair share of vulnerabilities exploited and patched over a long lifespan, is likely to increase the attack surface.

systemd's apparent need to replace/rewrite basic system utilities which have worked for decades (in some cases) and don't need changing IS part of the problem.

Re:Really, is anyone surprised?

[knorthern+knight]

> Get me a poettering-free linux with a non-stupid X and a decent
> browser. Can you do it with an established distribution at all or
> is it linux-from-scratch time with a whole lot of work tacked on top?

Gentoo https://gentoo.org/get-started... has systemd as an option, not a requirement. If that's too much like LFS for you, there's Devuan https://devuan.org/ which was forked from Debian. Like Debian, it is also the base for several specialized spin-offs https://devuan.org/os/partners...

Re: Really, is anyone surprised?

Iâ(TM)ve found that devuan is much more stable than Ubuntu 16.04 and 18.04, and also Debian. Itâ(TM)s not really that big of an inconvenience to switch away from SystemD, especially if you already use a tiling/minimalist window manager.

Re:Really, is anyone surprised?

Sorry, but systemd HAS basically need forced on everyone because all the major distributions have adopted it. Sure, nobody forced it down THEIR throats, but for end users the effect is the same.

This is really a condemnation of the choices that major distros have made. Poettering may or may not be an awful programmer, but the distros have done everyone a disservice by jumping on what amounts to untested garbage running in privileged contexts on users machines.

Re: Really, is anyone surprised?

???? Get good fag or stop complaining.

Re: Really, is anyone surprised?

are those other 15 options forced down your throat by most distro maintainers?
They aren't? Ok then kindly stfu.

Re:Really, is anyone surprised?

[fisted]

Just one data point chiming in, I've been running Devuan at home and at work, as well on a few machines that I admin (friends, parents), it's solid.

It's almost as if someone had taken Debian and removed systemd from it, as well as compiling out the systemd dependencies of a few packages. Oh wait.

Re:Really, is anyone surprised?

expecting other software projects to work around and make up for his mistakes

To be fair Len also does the opposite; like that whole absurd KillUserProcess=yes default was basically started because GNOME had a lingering daemon that stayed on logout and kept accumilating so it's really the incestuous Red Hat synergy at work where nominally independent projects are all staffed by the same people and paid from the same pockets integrating to the point of one providing the hack to fix the bugs of the other.

Re: Really, is anyone surprised?

Ist different from a Webserver that If has a vulnerability it can be isolated, tus is a system manager with root permissions, systemd affects every process, it touchs and it's needed buenas most basic essential componentes, it's a critical component as important as the kernel.

Re:Really, is anyone surprised?

However, the fact that it had a vulnerability in it isn't a good reason to dislike it for the sake of that reason alone, unless you're willing to dislike any other software that has had a vulnerability equally much.

That doesn't seem to be the problem here, though. There is an existing implementation that has probably solved this in the past. Why rewrite from scratch when there are more secure and validated components that exist? How many more hours are we going to waste revalidating the new component?

No one's forcing anyone to use crap code, especially in the open source community.

But this is the problem: systemd is being rammed down everyone's throat. I don't know what user-end distro doesn't use it, because even Linux Mint switched to systemd despite saying that they won't.

Sure you can use another distro, but those "choices" are getting smaller and smaller. Bad software with momentum is bad because soon everyone will just use it.

And no, the condescending answer of "build your own distro, then" isn't going to help anyone here.

Re:Really, is anyone surprised?

[strikethree]

However, the fact that it had a vulnerability in it isn't a good reason to dislike it for the sake of that reason alone, unless you're willing to dislike any other software that has had a vulnerability equally much.

I think you are missing that any vulnerability in SystemD is a root level vulnerability. That also goes for its "modules". The blindness and arrogance evident in the main component allows for misplaced trust in its modules, so if you can violate any of the "modules", you can violate the system as a whole.

There is a reason organic life expresses great variation, even within species. But yeah, SystemD will be the one thing in the universe to find security without variation.

Re:Really, is anyone surprised?

To put it another way, if you found out that a person you already disliked once ran over someone's dog, you might use that act itself to condemn them as a terrible person. However, it's unlikely that if your friend ran over someone's dog that you'd think using that act to condemn them as a terrible person would be justified.

Depends on how he reacted after running over the dog. If he reacted like it was his fault, and made amends, I'd probably say about the person I'd disliked "You know, at least he's got a heart". But if he blamed the dog for being there in first place, got back in his car and in his lack of attention for the road then drove over another dog while flipping off the first dogs owner, then I'd say he's a terrible person regardless if he used to be a friend or not.

The question is perhaps, how many dogs does Lennart have to run over before we can all agree that he's a cunt. Because clearly, we're entering basket of puppies territory and the engine is revving.

Re: Really, is anyone surprised?

No one seems shocked, I noticed...

First of many

[ArchieBunker]

This is the tip of the iceburg as more spaghetti code will be found. Tell me again why a startup manager also does DNS resolution?

Re:First of many

This is the tip of the iceburg as more spaghetti code will be found. Tell me again why a startup manager also does DNS resolution?

It is the networkd module. if you do not use it you are not affected, period.

Re:First of many

[93+Escort+Wagon]

I imagine, in Poettering’s long-term plan, systemd is eventually going to include its own X server and its own graphical desktop manager.

Wish I was joking.

Re:First of many

I'm sure someone who knows something at all about this will explain it to you eventually. Calm down bitch.

Re:First of many

I can't wait for someone to come up with a new init system to go "under" SystemD. :)

Re:First of many

Wow Lennard. Little touchy are we? A little butt-frustrated? A little anally ravaged?
It's okay man, just let it out. Sometimes we just fuck it up. Not as much as you, but sometimes.

Re:First of many

It's worse than just doing DNS resolution.

It has a hardcoded fallback to Google's servers:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658

In spite of repeated explanations about why that is a horrid idea, the maintainers chose to ignore all the objections and proceed full steam ahead.

Re: First of many

It doesnt, but your assumption otherwise is telling.

Re:First of many

SystemD even builds in the spyware

Re:First of many

I stand corrected, calm down bitches, plural.

Re:First of many

Because it's not a startup manager you stupid retard. It's does one job, handle events. Network connections are an event. So is connecting hardware or starting up.

Re:First of many

[Calydor]

Hi Poettering.

Re: First of many

Hi Leenerd :^) feeling a bit...

anally annihilated
butt blasted
caboose collapsed
derriere destroyed
end eliminated
fanny flustered
glute gutted
haunch heated
intestinally impacted
junk jumbled
keister killed
loin liquidated
money maker maimed
nates nuked
orifice obliterated
posterior pulverized
quarter quashed
rectally ruined
shitter shattered
tushy trounced
underside upset
vagina-ass vexed
wagger wasted
x-tremity x-terminated
yam yielded
zoomer zapped

Re:First of many

Nothing a kernel patch wouldn't fix.

Re:First of many

That happened because your a French troll. Duh.

Re:First of many

[mike2006]

It's worse than just doing DNS resolution.

It has a hardcoded fallback to Google's servers:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761658

In spite of repeated explanations about why that is a horrid idea, the maintainers chose to ignore all the objections and proceed full steam ahead.

It is mind blowing to read that to begin with but what was worse is reading the refusal to acknowledge the privacy issue and fix it.

Re:First of many

[ArchieBunker]

Silly me thinking the kernel handled network connections...

Re:First of many

[gweihir]

Because the designer is a smart moron that does not learn and never grasped why KISS is so essential to all good engineering. An amateur at work.

Re:First of many

[gweihir]

Fascinating. Hardcoded defaults like that are a catastrophe in the making and are only done by complete and utter amateurs with no experience.

Re: First of many

[Provocateur]

Found the Ubuntu release-namer reject.

Re:First of many

[Barsteward]

Thats the problem with your comment, pure ignorance. its optional and nothing to do with the systemd init process at all.

Re:First of many

[Barsteward]

They are still finding security issues with X even after all this time and yet no-one whines like an ignorant anti-systemd poster. https://www.theregister.co.uk/...

Re:First of many

Docker has the exact same hardcoded default to google's DNS.

Not implying anything, just pointing that out.

Re:First of many

[thegarbz]

are only done by complete and utter amateurs with no experience.

Idiots, maybe. Reckless people, definitely. But calling the person whose code has for many years now underpinned core functionality of multiple distributions "amateur with no experience" is a self defeating insult.

Re: First of many

kerneld?

Re: First of many

That's nothing. They also hardcoded the DNSSEC root key. Redhats support articles have started saying "the DNSSEC root key is something that has to be hardcoded" rather than admit their idiot developers shouldn't be allowed near a computer.

Re:First of many

No, it's not. He *is* an amateur without experience. It's just that the people creating Linux distributions are typically even bigger amateurs.

Re: First of many

Your parent is correct, but only technically.

Red Hat pays him to write this crap, so he doesn't fit the dictionary definition of amateur.

Re:First of many

Oh crap. I was serious believe it or not.

maybe it did go to google.com, I don't remember. OS locale or web redirection may lead you to a country top domain version of google but this is completely irrelevant. What I found weird is : why assume I want to go to some website? It is a Google OS, but an alternate version maintained and built by other people and rather de-googled as is. I installed it for two reasons : no google play, google play services, gmail, youtube etc. ; no google search box on the desk, or background, or home screen, or whatever it's called.

I only used Firefox for many years (or lynx, dillo at best) so I'm not used to getting drawn to a commercial website just by opening a browser. Last time was when I opened IE5 or IE6 and it opened a microsoft or MSN site.
It's a minor thing, but it's like that Mickey Mouse and whatever in the default Windows 10 start menu.

Re: First of many

That's because X does its job and does it well. SystemD, it does 100 jobs and sucks at all 100 of them.

That's the difference faggot.

Re:First of many

[gweihir]

The thing about Poettering is apparently that he has not acquired any experience in all these years and still only qualifies as an amateur. It is pretty surprising how somebody can be that resistant to learning. So, no, not "self defeating", just accurate in describing his capabilities, if not his history.

Re: First of many

[gweihir]

I was commenting on demonstrated skill-level, not employment history. I am well aware were he works.

Re:First of many

[gweihir]

I think it strongly implies something very specific. But good to know, so I will continue to ignore Docker.

Re: First of many

[gweihir]

Fascinating. That is probably the most stupid thing I have heard in some time with regards to security.

Re:First of many

[thegarbz]

The thing about Poettering is apparently that he has not acquired any experience in all these years and still only qualifies as an amateur.

On account of the fact that he is both paid for his work and continues to do it your insult remains self-defeating. Common pick something more appropriate.

Re:First of many

There is a HUGE difference between a *remotely* exploitable vulnerability of a critical system service and a optional software that is locally exploitable..

From the link:

If a vulnerable version of X.org runs on a system as setuid root, it can be abused by normal logged-in users to gain administrator-level control over the machine. That would allow a miscreant to tamper with files, install spyware, and so on. Some Linux distros don't use X.org with elevated privileges, or are otherwise immune – such as CentOS; check for security updates anyway.

The distribution has a security-issue when running X.org as root.. So don't run things as root... I would consider this to be a bug in X.org that is turned into a security-issue by the distributions that choose to run it as root.

SystemD on the other hand is not optional, and has remote-exploit after remote-exploit published... Such a fundamental service should not talk to things on the network. (DNS/MDNS/DHCP/LMMNR etc)

Another issue with SystemD is that there is no shared project on CVE-details so keeping track of what issues exists or affects you is a bit of a hassle.
https://duckduckgo.com/?q=site%3Awww.securityfocus.com+systemd&t=h_&ia=web

Done right SystemD could have become a welcome thing... But it should not try to replace basically every system-service without supporting the previous functionality that was there...It should also try to reuse existing code that has been running for many years, and that have had loads of security-fixes applied.

SystemD is a badly written, badly introduced, hack of "good to have" things that sort of works most of the time and that you are unable to disable or add to without writing code that you then have to maintain since only widely used features, that fit into Pottering's agenda, are accepted.

Slackware: not affected.

[sombragris]

Slackware does not use systemd and therefore is not affected by this vulnerability.

At least in this case, the KISS philosophy paid well.

Re: Slackware: not affected.

It's a relief to hear that all four of you are safe.

Re: Slackware: not affected.

I'm offended, there are six of us.

Re: Slackware: not affected.

Hey! I'll have you know, I still have a Slax disc from 2005. That's basically Slackware.
6.5ish.

Re: Slackware: not affected.

Four of you?

That shows that you don't know who all contributes patches to slackware.

Educated yourself:

http://www.slackware.com/changelog/current.php?cpu=x86_64

The world laughs at your random number "four". :)

I am happily using slackware since almost 15 years.

Re: Slackware: not affected.

There is no 0.5 human, you know that?

Re: Slackware: not affected.

Seven

Re: Slackware: not affected.

These are fake patches submitted by Russians! /s

Re: Slackware: not affected.

Better Red then SystemD

Re: Slackware: not affected.

[mark-t]

Redhat uses systemd too, actually. In fact, I think that's where it started.

Re: Slackware: not affected.

Six. I went to OpenBSD. But I'll miss The Man more than I will ever miss Torvalds.

Re:Slackware: not affected.

[ortholattice]

I used Debian for over a decade before systemd and loved it. I'm not qualified to judge the merits of systemd, but when it was brought into Debian many things I was used to were suddenly different, with knowledge I learned over the years no longer of value. I don't mind learning new things, but I don't like them foisted on me gratuitously for no reason, especially since I had a lot more important stuff going on at the time.

I switched my server to Devuan and am extremely happy with it. It was a breath of fresh air to see what I thought of as "Debian" back again. So far I've had zero problems, from installation to daily use, and I don't expect I will use Debian again.

Re: Slackware: not affected.

Seven. I'm the lucky number.

Re:Slackware: not affected.

[TeknoHog]

Gen too.

Re: Slackware: not affected.

Noob!

Re:Slackware: not affected.

[gweihir]

I am currently still with Debian and just rip out the cancer. When that stops working, I will move to Devuan.

Re: Slackware: not affected.

You insensitive clout, there are more two of us running here Debian without SystemDick.

Re:Slackware: not affected.

[RuiFRibeiro]

AntiX is doing a much better job of keeping SystemD at bay. i am using it on my corporate desktop.

Re:Slackware: not affected.

[Rockoon]

The BSD's are avoiding this nightmare also.

Re:Slackware: not affected.

> I don't expect I will use Debian again.

You are using Debian when you use Devuan.

Re:Slackware: not affected.

[Barsteward]

Nor does opensuse use this particular module as its very very optional

Re:Slackware: not affected.

[thegarbz]

Slackware does not use systemd and therefore is not affected by this vulnerability.

Ubuntu uses systemd and like all other reasonable distributions patched the bug straight away and is therefore not affected by this vulnerability.

Re: Slackware: not affected.

me seven

Re:Slackware: not affected.

> with knowledge I learned over the years no longer of value. I don't mind learning new things

systemd has been created for sysadmin and that's a shame that it was to simplify init script writing when every sysadmin should be and must be able to write anything in sh/bash in first place! there was a library called initscripts so you don't have to rewrite from the blind any routines.

now you have to learn a DSL with a strange semantic which give the impression that you are dealing with windows subsystem.

you have to deal with .service, .target, .mount, .timer, .device and so on... wtf?!

I don't say that systemd doesn't address some good points but man, the implementation! And so far, each time I got an issue, the famous logging system was not of any help, ie: unamed service or network service with infinite timeout, GREAT!

8 years later, i still don't the benefit.

OH and the joy of having non-deterministic network interface name and you hop on several devices.

fuck it!

Re:Slackware: not affected.

[schweini]

As someone whose servers updated to Debian-with-systemd: is it possible to migrate to a systemd-free Debian (Devuan or some other) without re-installing, in a safe way?

Laughs

[Billly+Gates]

Goes back to working on some FreeBSD vms.

Re:Laughs

[Ol+Olsoc]

Goes back to working on some FreeBSD vms.

I'll just leave this here https://www.cvedetails.com/vul...

Re:Laughs

[syzler]

*Laughs* Goes back to working on some 300+ Slackware VMs.

BTW, the site only lists 2 vulnerabilities for CentOS since 2012, so I don't think it uses as complete a dataset as you think. As an example there has been at least 10 high severity OpenSSL vulnerabilities which affected CentOS since 2012 and neither of the 2 CentOS vulnerabilities listed on site you provided are for OpenSSL packages.

Re:Laughs

[Ol+Olsoc]

*Laughs* Goes back to working on some 300+ Slackware VMs.

BTW, the site only lists 2 vulnerabilities for CentOS since 2012, so I don't think it uses as complete a dataset as you think. As an example there has been at least 10 high severity OpenSSL vulnerabilities which affected CentOS since 2012 and neither of the 2 CentOS vulnerabilities listed on site you provided are for OpenSSL packages.

Whoosh. Your "Ermagherd. I use FreeBSD so I am superior and safe" is just the opposite side of the coin of the Windows fanbois who strut around like cock-a-whoops when some other OS has any vulnerability at all, as if a few is somehow the equivalent of the hella batch of Windows problems.

So anyhow, if you want to believe that you are immune from the problems that us Proles have, by all means, crack open a cold one, and toast your wisdom in picking the system that is safe. Laugh away.

Re:Laughs

[bgalbrecht]

None of the vulnerabilities listed which are against currently supported versions of FreeBSD allow the attacker to gain access level, unlike this SystemD bug.

Re:Laughs

[Ol+Olsoc]

None of the vulnerabilities listed which are against currently supported versions of FreeBSD allow the attacker to gain access level, unlike this SystemD bug.

Well then FreeBSD is impervious to attack, and will never suffer. I don't care what the dates are, Im tryingf to impress you with the fact that laughing at other vulnerabilities is the old pride goeth before a fall. But don't let me stop you. Most of the FreeBSD users I've met have a nasty whiff of superiority. Doesn't really smell all that good.

Seriously, are you FreeBSD users so arrogant that you refuse to believe your vaunted OS can be compromised? And if yo udon't understand or get that, well good on ya.

Re: Laughs

An APC can be compromised, but I'd still rather be travelling in one through the war zone that is the internet than Systemd's bright red plastic tonka car.

Re: Laughs

We feel superior because we fucking are. Our code is hardened and written with security in mind. Can you say that about your OS?

Re: Laughs

[Ol+Olsoc]

We feel superior because we fucking are.

Now I can laugh.

Our code is hardened and written with security in mind. Can you say that about your OS?

You and your attitude of imperviousness would get your ass fired if you worked for me. Not that you'd care - a superior being like yourself will be commanding 8 or more figures since you use an impervious OS.

Meanwhile - thanks for the LuLz Coward!

Re:Laughs

Just an FYI - FreeBSD is the lesser OS. NetBSD is the more secure one.

Re:Laughs

[Ol+Olsoc]

Just an FYI, any system that can be coded, can be compromised. All it takes is the will and some time.

When was last time

When was the last time Linux was said virus free and the best secure system ??
IT seems a lot of people are making bla tant effort to corrupt it in every way possible

Re: When was last time

[jd]

The best possible/the most secure - these are relative concepts, not absolute.

Besides, systemd is no more Linux than Emacs or KDE.

Re:When was last time

Browsers are sufficiently insecure, so that takes care of permitting penetration of many computers, regardless of OS

Devuan!

one more reason to run Devuan!

Oh Pottering.

[0100010001010011]

I am not sure I'd consider this much of a problem. Yeah, it's a UNIX pitfall, but "rm -rf /foo/.*" will work the exact same way, no?

tmpfiles: R! /dir/.* destroys root

Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create it in the first place. Note that not permitting numeric first characters is done on purpose: to avoid ambiguities between numeric UID and textual user names.

So, yeah, I don't think there's anything to fix in systemd here. I understand this is annoying, but still: the username is clearly not valid.

systemd can't handle the process previlege that belongs to user name startswith number, such as 0day

I tested Ubuntu, Debian, FreeBSD, and OpenSolaris, 0day is a perfectly valid username.

How did anyone that lacked that much understanding about UNIX get in charge of the init system?

Re:Oh Pottering.

[cats-paw]

how is it that many of the major Linux distributions picked up systemd?

Not only was it a terrible idea, but people who should know better put it into their systems knowing it was a terrible idea.

Re:Oh Pottering.

[Gravis+Zero]

Yes, as you found out "0day" is not a valid username.

I tested Ubuntu, Debian, FreeBSD, and OpenSolaris, 0day is a perfectly valid username.

Oh it's more than just that, I checked the POSIX standard and this rule of his is entirely invented.

per the POSIX standard:

A string that is used to identify a user; see also User Database. To be portable across systems conforming to POSIX.1-2017, the value is composed of characters from the portable filename character set. The <hyphen-minus> character should not be used as the first character of a portable user name.

so what's the portable filename character set?

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 . _ -

What's this mean? On POSIX your username can be "007", "4-8_" or "._-" if you want it to be.

Lennart is full of shit and cannot admit he didn't even consider the standard when designing systemd.

Re:Oh Pottering.

From "resolved" to blocking syslog, there's a WHOLE lot more crap like that from him you're missing. For years people complained but were shut down/banned from communities for not being part of his camp. They didn't go away, they're trying to rewrite the audio system in Linux, again.

https://github.com/systemd/systemd/issues

Re: Oh Pottering.

The bigger mystery is why he felt the need to enforce arbitrary rules on the string at all. Pass it to getpwnam_r(), job done. Validating username format should not be duplicated or the responsibility of a badly written jumped up process manager. That guy is a fascistic idiot

Re:Oh Pottering.

[Opportunist]

This is actually the question that's asking for an answer.

People develop shabby software for Linux all the time. That happens daily, multiple times. For every good project there's at least 100 crappy ones. So it should be no surprise that there is of course also a crappy init process.

The actual question is why it became the go-to init process for all major distributions.

Re:Oh Pottering.

> Lennart is full of shit and cannot admit he didn't even consider the standard when designing systemd.

There is time inversion here, in which all of history, past, present and future, emerge from Lennart the programmer

Re:Oh Pottering.

Perhaps he is just cheap labor? I mean he has a whole Internet of haters. Everyone knows systemd is a piece of shit.

There alternative explanation is that Red Hat wants Linux systems to break all the time such that their consultants have something to fix, forever.

You can have my Devuan....

[Indy1]

when you pry it out of my cold dead hands.

So glad I ditched SystemD distros for my servers....

Leonard?

Isn't that "Lennart"?

Re:Leonard?

[ArchieBunker]

I pronounce it as "shit head".

Re:Leonard?

Right on, free Lennart Peltier.

Re:Leonard?

Me too! How odd is that.

Re: This is why ipv6 should be disabled by default

[jd]

IPv6 should be the only protocol running. Your router can transparently convert to legacy formats.

SystemD reminds me of all the old Emacs jokes

[jd]

Emacs was said to be a perfectly good OS with built-in text editor.

When handling modular software, one module should do one thing and do it well, but the framework is responsible for ensuring deadlocks, crashes and security defects are confined to the module suffering them. Do that and it doesn't matter how buggy a component is, there's no contagion.

Re:SystemD reminds me of all the old Emacs jokes

Emacs was said to be a perfectly good OS with built-in text editor.

Yeah, but the text editor is crap.

Give OpenBSD a shot!

[localgh0st]

I was turned off by systemD and the direction Linux distros taking by adopting it as it seems a departure from the Unix philosophy. I was also turned off by the restrictive communication/behaviour rules forced upon the FreeBSD community. So I decided to give OpenBSD a shot and was pleasantly surprised. You can perform a lot of server functions with just the base system, working with it is intuitive, and it's surprisingly up-to-date.

Re:Give OpenBSD a shot!

One of the less appreciated aspects of OpenBSD is the quality of its documentation. They spend an enormous amount of effort to make the manual pages a complete, definitive, and readable reference for the system.

Countless times I've solved a problem or performed a new task in OpenBSD only by consulting manpages, where in other systems I would be searching stackoverflow, reading an out of date random howto, or checking some shitty web forum. Until you've experienced it you don't know how much time that saves.

Re:Give OpenBSD a shot!

[TeknoHog]

Let me tell you about our Good Lord Gentoo. In his infinite wisdom, he combined the best of BSD with the hardware compatibility of the Linux kernel and the exquisite kindness of the GNU userland. The private keys to his kingdom are just an emerge away, or about seven days of compiling. (If you're going to say something clever about it, please redirect your laughs at the BSD crowd, because that's where we got the idea.)

Inteded behavior

Won't fix. Just like all other systemd bugs.

Re:Inteded behavior

[sgage]

Won't use. I do not want to have anything to do with systemd, or Lennart Poettering, if I can help it. I am very happy with Devuan.

Re:Inteded behavior

I can't understand how distros are still on the systemd bandwagon. I don't know anyone who likes it. I know lots of people who deal with it. A bunch of us used SELinux to insulate us as much as possible from systemd - but at some point - it's like re-inventing the wheel (but we were stuck with a requirement for a systemd distro in the spec).

Given the sheer kickback from the community regarding systemd and its poor track record on all bugs and there seems to be no end in sight. Devuan is nice but I tend to prefer CentOS distributions. I wonder how much longer I can get away with CentOS 6 - because I'm not touching 7 due to systemd.

Re: Inteded behavior

Because gnome practically requires it at this point. Several distros tried various workarounds to stay systemd free, but Gnome went out of their way to break them. Eventually the distros gave in because it was too hard, but they wanted gnome support to avoid pissing off users.

Re: Inteded behavior

[dryeo]

Because gnome practically requires it at this point. Several distros tried various workarounds to stay systemd free, but Gnome went out of their way to break them. Eventually the distros gave in because it was too hard, but they wanted gnome support to avoid pissing off users.

Which just raises the question of why Gnome wanted systemd

Re: Inteded behavior

[hierofalcon]

Cause Red Hat is a big benefactor.

It's the master persuader syndrome, like Trump ...

... and a certain narrow-moustached Chaplin template, but let's not get there.

It seems that when you are really really batshit insane and yet just as batshit over-confident, people bug out, and they start taking you seriously, because they can't believe that somebody that confident can be that nuts. Or it makes their heads explode. Just like the Chewbacca defense...

"Look at the monkey! Look at the silly monkey! *head explodes* -- South Park, S02E14 "Chef Aid"

You reversed "worst" and "best"

Also systemd is evil and inherently insecure.

well, to be fair

The kernel still can't handle shebangs with spaces in the interpreter's path.
Yet every common unix fs has allowed spaces in filenames for decades...

Re: This is why ipv6 should be disabled by default

IPv6 is a security nightmare. Nobody should run it. We need something better to replace IPv4.

I figured it out.

[ckatko]

It's not re-inventing that they keep doing.

It's laziness.

"Why do I have to READ someone ELSE's manual and learn some large API I can't easily understand... when I could do something FUN like parse XML's using regular expressions!"

Re:I figured it out.

[gweihir]

The hallmark of utter amateurs. All great engineers stand on the shoulders of giants. These here crawl in the mud while congratulating themselves how great they are.

Re:I figured it out.

[Rockoon]

If you think that you've solved a problem using regex, I'm here to inform you that you now have two problems.

Re:I figured it out.

[ckatko]

That was the joke. :P

Re:I love it!

[DavidRawling]

If your measure for quality is the amount spent to design it and the number of customers, you must love Windows 10.

Fuck you, Red Hat

I hope you go out of business before you fuck Linux up even more.

I used to recommend GNU/Linux

[Hallux-F-Sinister]

I find that I cannot do that anymore, conscionably. Sadly, it would seem that security is as bad or worse than competitors, and best practices have been thrown away in favor of rapid release cycles and whiz-bang, bleeding-edge bullshit. They may have attracted new fans, but old supporters are going to be obliged to switch to something else... perhaps a BSD variant.

Re:I used to recommend GNU/Linux

Well, as someone who's walked away from windows (95/98) and went to linux (red hat, debian), then went off to *BSD (freebsd 4), I wouldn't recommend the *BSDs much these days. Moreso than anything infected with poettering's crap, of course, but... only grudgingly. Sadly.

The freebsd people made some serious boo-boos and have so far only reluctantly and obliquely admitted they were wrong about the biggest of them (n:m scheduler), then proceeded to find new and interesting ways to fuck up the rest of the system. Especially "pkgng" is a clusterfuck of second system effect and denial, making for "interesting" user experiences every time you try to upgrade any installed software (as opposed to "part of the base system"; and then they started talking about pkg-izing that too). And where ports used to be reasonably well fixable if it went off the rails, pkgng got shoved in on the other end compared to "old" pkg and has become much less fixable. But of course there are many more examples, to the point that I'm really quite disappointed in them. dragonfly copied pkgng wholesale so is also off the friends list. netbsd put lua in the kernel and openbsd... is openbsd. Meaning all of them are now much less of a good idea for people who aren't prepared and capable to help themselves.

The problem here is that it's all gone unnecessarily gnarly, though to somewhat different degrees. But the bottom line is still that there's really nothing to recommend left.

Re:I used to recommend GNU/Linux

[rl117]

While I have some criticisms of FreeBSD, pkgng isn't one of them. It had some teething troubles to be sure, as did apt-get in its day, but today it seems pretty solid and I've not encountered any bugs in the dependency solver for a good couple of years now. What's conceptually so bad about packaging up the base system? freebsd-update is quite dated, and more fragile. Downloading and applying patches rather than pulling a few packages with atomic updates and rollbacks. I see that as bringing the system up to the level of Debian for robustness and ease of management.

Re: This is why ipv6 should be disabled by default

[gweihir]

Alternatively, I can still just give the finger to IPv6 and block it completely and be rid of the complexity it brings. Yes, I have several static IPv4 addresses.

Re: This is why ipv6 should be disabled by defaul

[jd]

How is it a security nightmare? It's simpler and more secure. I should know, I was one of the earliest adopters.

Re: This is why ipv6 should be disabled by defau

Unauthenticated network reconfiguration? Calling it more secure is laughable.

Re: This is why ipv6 should be disabled by defaul

[jd]

There is no extra complexity.

Fields are properly aligned and have fixed meaning, making processing easier.

Routing is strictly hierarchical, so only four bytes need ever be examined - same as IPv4.

The header has a much simpler structure.

Addresses are (protocol):(location):(unique identifier). How much simpler can you get? Technically, all you have is the identifier, which you can take between ISPs that have IPv6 correctly configured. This guarantees mobility between ISPs without losing connection.

Configuring an IPv6 network? Radvd works fine. Don't need DHCP just DDNS. That's less complexity.

Address length? Who cares, it's only visible in misconfigured networks. Besides, because of the way it is composed and because of the express mobility, a full address doesn't mean anything except for fixed servers.

Correctly-configured IPv6 suffers no fragmentation, simplifying firewalls. It supports misconfigured systems, because admins are lazy, but you don't need stateful firewalls in IPv6.

Addresses are transient, only names are permanent, which means only machines deal with addresses.

Router protocols are simpler under IPv6 because the design is simpler. Latency is reduced, too.

Because the prefix identifies protocols, your stack doesn't need to check if you're in the unicast or multicast range, it checks one byte against a case statement.

Any options in the IPv4 header that were rarely used got moved to option headers. This means you've a modular design (cleaner), you don't need to process information you probably aren't going to use, and you can often ignore the extra headers anyway. Even if you don't, it invites cleaner, simpler, code.

Sorry, whoever told you IPv6 was more complex was full of it.

Re: This is why ipv6 should be disabled by defaul

[jd]

I should add I've also several static IPv4 addresses, but also several IPv6 addresses since 1996. Please play again.

Re: This is why ipv6 should be disabled by defau

[jd]

If you have IPv6 correctly installed, all reconfiguration is strongly authenticated.

If you don't have it correctly installed, sounding like a defeated Joker won't fix your problems.

use www.devuan.org

[what+about]

It has been done to avoid all of this.

Support and donate, otherwise the systemd cancer will kill Linux

This was the plan all along

Re:use www.devuan.org

[thegarbz]

Or just run apt update && apt upgrade. You know bug fixes have been done to avoid all of this.

Re:use www.devuan.org

No apt-gettable bugfix as of this writing.
But it seems Debian doesn't even run systemd-networkd by default (at least my Stretch doesn't).
And I had already disabled IPv6.

Re:use www.devuan.org

apt-get upgrade'ing did not fix this bug until yesterday. ... and it will not fix the other bugs not yet uncovered, that exist there today. Any software has bugs, but systemd almost certainly has more of them, that have not been discovered and worked out yet.

Use Devuan - the systemd-free Debian.

Do Android and iOS use SystemD?

Do Android and iOS use SystemD? Google and Apple should let us know.

Is Microsoft Windows vulnerable to the same type of exploit? Someone qualified to answer this should let us know.

Re: This is why ipv6 should be disabled by default

[Barsteward]

you should really go back to using slate and chalk.

Re: This is why ipv6 should be disabled by defaul

[gweihir]

If that is your level of insight, I should probably give you the finger as well....

Why...

[jaredm1]

I don’t get one thing. Pottering is obviously is challenged when it comes to writing defensive code, listening to others, etc. How on earth did he get so major Linux distro maintainers convinced of systemd? One subpar human shouldn’t have been able to dupe so many. Anyone got an explanation for that?

Re:Why...

[iggymanz]

The problem started with a group of SJW feminazis on Debian that couldn't code, that were given a megaphone. You can see how everything went downhill from there.

Re:Why...

group of SJW feminazis on Debian that couldn't code

Ah, a MikeeUSA fan?

Re: This is why ipv6 should be disabled by defau

Different AC here, jiust pointing out that you failed to carry the argument when you called IPv6 simpler. Nobody, and I mean absolutely nobody, believes this, you lost your audience. I'd also note that any protocol that is insecure and only secure when configured "just so", and relies on the No True Scotsman security defense has failed as a standard.

Big blobs of code

All code has bugs. But the bigger, more complex the code is, the more likely it is to have bugs. And why re-invent the wheel just to have a "newer, shinier" wheel?

If you want systemd, just install Microsoft Windows instead. As an added "benefit", Windows also has a lot of vulnerabilities so systemd users will feel right at home.

SystemD... Now Your Computer Can Have AIDS!!

True Fact: SystemD is full of AIDS and FAIL. ([NO citation needed])

Easy fix

[Shaitan]

Stop shoving systemd down our throats.

...rewriting code for no good reason...

There is a very good reason to rewrite the stack. It puts RedHat in charge of it. In fact, they could even take their entire stack proprietary with a fork. Then every distro that relies upon their stack would be screwed.

Great business decision!

Re: This is why ipv6 should be disabled by default

[gweihir]

Only the utterly dumb equal "newer" with "better"...

Spelling

Why do we keep spelling "systemd" as "SystemD"? I don't get it. If we want to capitalize the first letter, ok, but then it's "Systemd". Otherwise, we should start writing "HttpD", "BinD", "SshD", "LpD" or "InetD" for other well-known Unix daemons.

Official source: https://www.freedesktop.org/wiki/Software/systemd/#spelling

Re:Spelling

[hierofalcon]

Cause it wasn't quite bad enough for systemF.

Close - but not quite there... yet.

QA nightmare

[gosand]

This is the tip of the iceburg as more spaghetti code will be found. Tell me again why a startup manager also does DNS resolution?

I've been in software QA since '93 and a *nix user just as long... here's where there is real danger in systemd. Because the more complex, intertwined, and less elegant the codebase, the more likely fixing bugs will introduce or uncover more. People have always ignored this aspect of the *nix philosophy, or rather maybe just inherently understood it. I don't know how many times over the years I have seen a bugfix cause havoc in a monolithic spaghetti codebase. Then of course, you try to quickly fix those "new" bugs, which also causes issues you may or may not find immediately.

Phrases like "it's a one line code change" or "it should just flow right through" or "you don't need to test that, this fix won't affect it" always put me on alert.

I'm not saying the sky is falling for systemd. I'm just saying that there should be a fallback option to it, and there is not. Considering the staggering number of servers running Linux in the world, it's simply a risk that should be considered.

martin f krafft has some crazy ideas

[CanadianMacFan]

I was reading through the discussion on the Debian bug site and Martin has some crazy ideas. He thinks that eventually the default mail router should be gmail and that /etc/resolv.conf will be removed.

Re:martin f krafft has some crazy ideas

You should adjust your irony detectors ...

Please stop maligning amateurs

We take pride in our work. Pottering is a professional, paid by Redhat.

Re:Please stop maligning amateurs

[gweihir]

My apologies. I will instead call him an utter incompetent then. Better?

Re:I love it!

If your measure for quality is the amount spent to design it and the number of customers, you must love Windows 10.

And the illiterate-fucking idiot makes a desperate attempt to use irrelevant "what-about-ism" to its defense.

Re: This is why ipv6 should be disabled by defaul

[headbulb]

This is one of the things that drives me nuts about IPv6 proponents. They go all crazy defensive if you criticize anything about their protocol, even when the criticism is fair. I haven't seen anything from you that isn't fair and I have seen the opposite from jd.

It's a fact that IPv6 is much more complicated than IPv4.I would have just made a new protocol that corrected IPv4's mistakes, addresses would be 64bit long and used CIDR notation. Broadcast would have been kept since it's stupid simple to use the last address, with all FF's for the MAC. DHCP would still exist and would be the main way for a dynamic addresses would be assigned Dhcpv6 has a cool feature, a router can request to get a routable subnet.

IPv6 has two main mistakes. Trying to do too much for the layer it is in the network stack, and not learning from past mistakes.

Re: This is why ipv6 should be disabled by defa

But but he was an early adopter. LUL.

Re: This is why ipv6 should be disabled by defaul

[gweihir]

This is one of the things that drives me nuts about IPv6 proponents. They go all crazy defensive if you criticize anything about their protocol, even when the criticism is fair. I haven't seen anything from you that isn't fair and I have seen the opposite from jd.

Thanks.

It's a fact that IPv6 is much more complicated than IPv4.I would have just made a new protocol that corrected IPv4's mistakes, addresses would be 64bit long and used CIDR notation. Broadcast would have been kept since it's stupid simple to use the last address, with all FF's for the MAC. DHCP would still exist and would be the main way for a dynamic addresses would be assigned Dhcpv6 has a cool feature, a router can request to get a routable subnet.

IPv6 has two main mistakes. Trying to do too much for the layer it is in the network stack, and not learning from past mistakes.

Indeed. Beginners mistakes. Brooks calls this "The Second System Effect". We are seeing a lot of that on the IT world.

They should basically just have extended the address range and kept everything essentially as it is with IPv4, as IPv4 is not broken.

Re: This is why ipv6 should be disabled by defaul

[headbulb]

Exactly ipv4 needed address extension and simplification. People have a hard enough time understanding VLANs and subnets. Let alone trying to figure out how to calculate how much I can works.

Systemd is nota they only one

True, all projects have problems, but those projects usually can't affect the majority of essential projects and even in those cases having alternatives helped top mitigate impact.

Thema thing ist that a systemd vulnerability is a vulnerability in all Thema other projects using ir.

Re: Systemd is nota they only one

sorry forma my bad spelling, I'm Bad at writing in mobile phones.

Re: This is why ipv6 should be disabled by defau

[jd]

I'm atheist and don't give a damn about protocol religion.

Only thing that matters is facts. Fact is, it is simpler. The primary header has word-aligned headers with simpler semantics, and none of the semantics that complicates things about IPv4. One word does one thing and does it well.

You've offered no contradiction to this, just some mysticism. IPv6 is simpler because each piece does less and there are fewer mandatory pieces.

Re: This is why ipv6 should be disabled by defaul

[jd]

How is it not CIDR?

Name a complexity added.

You claim he's being reasonable but all I see is hand-waving, abuse and mysticism. Offer something solid or admit you can't.

I use the protocol. I use both. I have experience where all you offer is allegation. You want me to take you seriously? Offer a reason for your claim. A real reason.

Extended IPv4 was rejected for many good reasons. You never bothered to look them up, I see. I tend to listen to those who bother. Even if I disagree, I'll listen to those who bother.

Bit aligned fields are not simple.
Fragmentation is not simple.
IPv4 multicast is complicated.
IPv4 anycast doesn't exist.
IPv4 MobileIP is complicated.
IPv4 DHCP is complicated, insecure and unreliable.
IPv4 routing is slow and memory hungry.

These are reasons.

Re: This is why ipv6 should be disabled by defaul

[gweihir]

I don't think you are quipped to understand my reasons. Sorry, KISS is for advanced players only. And no, experience does not make you an advanced player, what you learn from experience may or may not make you one. Hence I will not waste time on this and you get the satisfaction to cry "But you do not have any actual arguments!" loudly. I do not really care.

A Scotty Quote Comes to Mind

[Sol+Rosinberg]

"The more they overthink the plumbing, the easier it is to stop up the drain." SystemD is undoubtedly severely overthought plumbing. I don't know why someone thought they could improve on SysVInit with start-stop-daemon, but they were quite badly mistaken.