And all this simply proves just how deluded these terrorists truly are. The deaths of our soldiers is tragic, but do they really think bumping off some of our politicians will get under Canadian's skin? I think not. We might even thank them.
Humour aside, I am nothing but impressed by the security response on the Hill. Within 4 minutes of the first shot being fired, the assailant was dead on the ground. Aside from the initial victim, there were no other serious injuries.
I used to be an activist, and had occasion to protest (and get arrested) on Parliament Hill. Ask any activist and they will tell you that the Hill cops (who are all federal, not city police) are the ones you want to arrest you. They are trained and highly skilled, and know everything there is to know about appropriate response.
Coincidentally, I once met the man responsible for Hill security only a few weeks after his people had arrested a friend of mine. In spite of being ideologically opposite, I found myself respecting the man immensely. It was a successor of his who stopped the madman this time, but his behaviour was exemplary as well. He shouted a clearly audible warning three times, then engaged the assailant, firing 4 individual, aimed shots.
The discipline and response of the police and security forces to an unknown situation that was clearly targeting Parliament was, I think, exactly what anyone would have wanted. Let's not let the politicians - some of whom owe these people their life - spoil things by capitalising on the event.
Remember this before ranting too much on Lennart. He is not in any position to force any distribution to do anything. Distributions choose to use his software because it actually is better than the stuff that came before it.
Yes, of course Lennart's just a developer with a better idea. He's never seen software development as a means to a larger political end.
Except when he has:
Getting a clear message out what Linux is supposed to be is definitely a social issue, but to make that happen the Linux platform needs to be streamlined first, and that's a technical task, and not done yet.
All of these disingenuous statements that there's no other agenda in place are just bullshit. They're simply and self-evidently not true, because you can't do system design without some kind of vision of what you want. And you don't change the system design unless you don't like the one you've got. Lennart's vision, as he says, is a 'streamlined' Linux, which is to say catholic, not agnostic, unified rather than pluralistic, with fewer options rather than more. And when you cut away all the cruft, it's his stuff that remains.
Poettering and his acolytes can argue all they like that their vision is simply better. I disagree, but I accept that this is always an argument worth having. But when you start arguing that POSIX is a constraint and that Linux should be 'leading' the way (and that POSIX can just catch up, thank you), you're taking a stance that is not simply in opposition to others, it cannot coexist with the others because the alternatives have become mutually exclusive within a particular space.
POSIX is a limiting factor. That's true. Its limitation is that we've all agreed on a basic subset of behaviours in order that we all have enough in common to interact. So when you discard POSIX, you have effectively announced that you do not see the value of playing nicely with the other children. From that moment, your 'better idea' is being implemented at the expense of interoperability.
Which is a really fucking bad idea.
(The quote above is from an interview with Lennart, linked from his Wikipedia page.)
Lastly, to respond directly to the assertion that he is not in a position to force any distro to do anything. The tight web of dependencies, his position at RedHat and the support and assistance provided on the corporate level is perhaps not sufficient literally to force a distro to use his software, but it's enough to raise the question that undue influence is being brought to bear and that rather questionable tactics are being indulged in expressly because Lennart and his cohorts think that doing the right thing does not imply contributing in an open[*] and inclusive way.
-----------------
[*] Lennart's idea of openness is allowing others to interact with his software, but fuck you if you want him to take a second look at your requirements. And then, of course, to act shocked (shocked!) when others get upset.
The issue is the balance between public safety and personal privacy. Denying the citizen of any democracy the right to encryption of their personal communication is not an appropriate response to the perceived threat to public safety that same encryption would bring.
...there's no evidence that encryption hampers criminal investigations in any serious way. In 2013, encryption foiled the police nine times, up from four in 2012 -- and the investigations proceeded in some other way.
There never is any reason to remove a citizen's right to privacy except to extend the power of the state. You can argue the reasons for and against this, but historically, we've always found that more respect for individual rights contributes significantly to better governance.
If you think I've misinterpreted the problem, please tell me exactly where.
Right here:
You know the kind of shabby security joke that Windows turned into? The same thing has happened to linux and BSD
The security problems that afflict Linux, Mac OS X and, to a much lesser extent, *BSD are fundamentally different in the way they manifest.
We have yet to see the systemic infestation that characterised Windows in the late '90s and early '00s. There was a time mid-decade when the time it took to for an unattended, freshly installed Windows box to get pwned was estimated to be 20 minutes.
Heartbleed, Shellshock, the Debian SSH debacle (can't forget that one) and numerous other problems are symptomatic of weaknesses in aspects of the FOSS environment that people used to think (unrealistically) were invulnerable. Instead, what we've discovered is that they're quite susceptible to targeted attack. This difference should not be understated. Windows is an infected system - basically, you can't run it without antivirus. Linux, Mac OS X and numerous other OSes are easily attacked individually, but there are not as yet any exploits that subvert the entire ecosystem.
None of this is to dismiss how serious the potential threat is. I just want to make it clear that, so far, the danger that we see is different from what we are living with in the Windows world. It's different in quantity and quality.
Well, full marks for that clever little bit of sleight of hand that allowed them to set up persistent connectivity without hard-coding addresses. I like the way they use the combination of port and sequence number to determine the remote address, and packet window size to set the remote port. It was also pretty interesting that the software could take its sweet time between 'magic' packets, allowing it to obscure itself in incoming traffic.
But yeah, it's a clever riff on well-known rootkit tools. And it's nothing that shouldn't have been discovered in a moderately well-run security environment. I mean, we are talking about an altered boot script, new rules running in iptables, and additional new binaries on the system. You would expect that sort of thing to be found before too long.
But one thing I would very much like to know is how this rootkit got installed in the first place. There's nothing about that in TFA.
not unlike the Unix way touted by the opposite camp.
Wow, once again, Poe's Law rears its ugly head.
What follows is not for your benefit, but because somewhere out there on the wilds of the internet, there might still be some youngster with a clue who needs to get this:
Systemd, OOP and a number of other technologies have been touted by people who have a curious mixture of cleverness and a lack of imagination or experience (something altogether too common in the world of software development). They claim that because they have solved a problem, they are therefore entitled to use the same approach to Solve All Problems Ever. So instead of exercising a little humility and moving their work ahead in a way that's accepting of other approaches, they charge in full speed, damn the torpedoes and devil take the hindmost.
It happened with Microsoft and ActiveX. It happened with Object Oriented Programming languages - most notably with Java: there was a time when it was hard to find work programming in anything else. It happened, to a smaller degree, with design patterns. You can find numerous other examples if you search for them.
It's happening again today with systemd.
Now, parent here is implying that the conflict between The Unix Way and systemd's kitchen-sink approach is a contest between equal ideologies. In other words, each represents a single thing, one of which is old and full of faults, the other of which is new and shiny and presumably lacking in faults. The only choice we have, then, is to weigh each in the balance and choose the one that's superior.
There's a fly in that ointment, though: You see, the Unix Way is a process, not a product. It states that it is better to take a toolkit approach - that is, chain together a series of tools that do one thing and do that one thing in a well-defined, simple manner. Systemd, on the other hand, is a particular set of services. Its implementation is antithetical to the Unix Way, because although it's contrived out of dozens of smaller executables, they really only work when they're chained together. You currently can't, in other words, use journald outside of systemd (you'd have to build a completely new interface), or use systemd without journald.
The people who like systemd are willing to discard the decades of experience that brought us the awkward-but-workable Unix world, full of text files, single-purpose utilities, shims on shims on shims.... They see it as ugly and awkward and ungainly. It is all of those things. The place where they go wrong, though, is that they think they can do better in one simple stroke. They think that they're good enough to design a system *cough* that inhabits the space between kernel and userland, and that they can do it in the course of a few short years. That's admirable. I applaud their ambition.
But....
But there is no way in Hell that I would let someone with that kind of confidence get within a mile of my machines. That would be Daedalus and Icarus all over again. (Google it; I'm not your nanny.) What systemd supporters fail to understand is that The Unix Way is the way of humility. It's essentially a way of expressing our own understanding that we cannot do everything well. Therefore, we do the one thing that we can do, and we do it simply (which is not always as well as it might be, but will at least work reliably).
Empirically, systemd does things neither well enough, nor simply. For reasons that are particular to each of them, most adherents are incapable of admitting to either of those things. For example:
> Its detractors are ridiculed as hidebound old neckbeards[*] who don't know any way of doing things but their own.
Its detractors rarely comment on technical merits/shortcomings, 99% of the time they only throw "pid1", "monolitic", "poettering blight", "binary logs" and "they took our jerbs^wkludgy init scripts!" around.
You honestly do sound like an angry neckbeard. You might want to get some therapy or something. That rage isn't helpful.
You know the part where I said there are people who don't know the difference between an argument and a quarrel?
You might want to read it again.
If you can't respond substantively, why respond at all? I've offered a little insight into history so that you can draw a parallel between present and previous conflicts in the software world, and all you can do is call me names that you know are infuriating to me, and you suggest I get therapy?
systemd is the wave of the future. Or at least something similar to systemd that they'll probably hate just as much.
I haven't seen this much hate since OOP started getting popular and old school devs were dragged into it kicking and screaming. But guess what, OOP was the wave of the future.
Considering where the OOP-For-Everything crowd got us, and how long it took us to recover from the fact that it was the hammer for every nail for far too long, considering that we're finally emerging into a sane world where OOP has its place, as one approach among many....
... I'd say you're right about systemd:
It's being touted as The One True Way. Its detractors are ridiculed as hidebound old neckbeards[*] who don't know any way of doing things but their own. Its adherents are clever, antisocial alphas whose faith in their own intelligence is far too complete, and who don't know the difference between an argument and a quarrel.
Yep, it is OOP vs The World all over again. Dog help us all.
--------
[*] Seriously: I will punch the first person who uses that term in my presence.
Whew! I feel so safe in the good old USA, the shining beacon of freedom. And I fully expect our FBI to hack down the repressive firewalls of censorship, without a warrant, and ram some of our great freedoms down their commie throats.
I know where you're coming from (literally - I'm North American), but some beacons of freedom shine more brightly than others. In Fiji, a country which I visit professionally on a fairly regular basis, this story about a man hospitalised by military intelligence has raised some eyebrows.
Ever since the military take-over some years ago, there have been rumours of wholesale surveillance. Numerous people who for whatever reason objected to the post-coup regime reported being contacted by police or military on the day before a gathering (for example), and asked questions about things that they could only know about by eavesdropping on their communications. Soldiers reputedly beat up a large number of people in order to intimidate them into silence. There has indeed been video released of police torturing their prisoners. [Find it yourself; I'm not going to gratify your prurience.]
But this appears to be the first time a person has explicitly been detained tortured and imprisoned because of text messages sent complaining about the regime's leader (and lo and behold, newly-elected prime minister).
So yes, sending authorisation keys via text message is a Very Bad Idea in some places.
It isn't a contradiction, it's that you said that to continue supporting init would require significant manpower and that systemd is pushed by a minority.
That's a fucking contradiction by any definition of the word (albeit a contradiction that you constructed, and that only you can see). You are clearly deficient in your capacity to conduct a conversation, so I'll just leave off here.
In parting, and just because reading comprehension seems to be a shortcoming with you: I never once alluded to manpower. I referred to the 'pain' involved in replacing it. But you needed 'manpower' in order to construct that thing which you are adamant is not a perceived contradiction, so you can have it. If you can find the place where it fits... outside of your own imagined version of what I'm arguing, that is.
No, I said how is there not enough manpower to maintain a fork that doesn't have a dependency on systemd and uses init instead?
You're talking right past me. Are you now saying that you do NOT see any contradiction? Because 'one the one hand... on the other....', used as you used it, generally implies a perceived contradiction.
Read the analogy and you have your answer. It's not about manpower. It's about role.
Make no mistake: systemd integration is a textbook example of antidemocratic approaches, of how the commons can be soiled by a very small minority of the people using it.
So how is it there isn't enough manpower to maintain a fork with init rather than systemd? On the one hand you claim it's too much work to not use systemd but then simultaneously say systemd is pushed by a minority.
You seriously see a contradiction there? That a core part of a larger system has a new dependency, meaning that one is suddenly put in the position of considering whether it's more pain to keep it than to undo the damage? That this same core part could have been written by a very small group of people who have a track record of not playing nicely with the other children?
... Because if you can't even conceive of the nature of the problem, there's no point at all in responding to the rest of your quibbles.
As a gendankenexperiment, imagine one valve of your heart deciding it wants to change its rhythm. The others can choose to remain as they were, or adopt the new rhythm. Right and wrong are only peripherally part of the decision; what matters first and foremost is not falling out of step. The other components can reason all they like, but if the recalcitrant one doesn't budge, they're stuck either accepting the ultimatum or taking radical steps. The rest of the body parts are, for all intents and purposes, just along for the ride, no matter how the decision affects them.
And that, my child, is the choice the Debian had foisted on them.
And the reason for including libmicrohttpd is so that people can get http access to their log files.
I read that a few times and I still do do a Poe's Law double take at the end.
This is only used by the journald gateway deamon (so not by systemd at all)
But by 'not systemd at all' you mean, 'by one of the few core packages that cannot be removed from systemd?
and also only if you explicitly enable it with "systemctl enable systemd-journal-gatewayd.service".
Yes, because unsafe code lying available on the system has never been made part of a compromise originating from another source. Or are you okay with losing the crown jewels as long as someone else takes part of the blame?
I think you have to practice your Google-fu a bit there pal.
Google can't cure your brand of refusal to come to grips with reality, chum.
Please RTFA, he is saying people even make life threats.
Yeah, that sucks. It's really juvenile and stupidly cruel.
It's not a thing of "I want to be married by church but they don't accept gay marriage", it's "The KKK burned down my house because I kissed my significant other in the park".
No, it's a case of, 'I piss on my neighbours lawn every day. Yeah, there's a little dead patch on the grass where I do it, but now he's trying to shoot me.'
The first step in remedying this situation is, 'Call the cops.' The second step in this process is 'Stop pissing on your neighbour's lawn.'
Systemd was taken up, because it was the better solution for distros.
No it fucking was not. It was taken up because the pain of living with it was judged to be less than the pain of excising it. Other, equally wrong developers decided to make it a requirement, with the effect that in order to stay with init, we would have to retrofit core elements of GNOME, which would have required significant manpower.
Make no mistake: systemd integration is a textbook example of antidemocratic approaches, of how the commons can be soiled by a very small minority of the people using it. The fact that there was a closely split decision on whether to integrate systemd into Debian should have been read as a damning indictment, and at very least should have given the developers pause. But no, it got chalked up as a victory - which is exactly the kind of thinking that got this shit into our operating systems in the first place.
Any self-respecting developer would have realised that the best way to move systemd forward would be to take an incremental approach, to offer it as an optional component. Any reasonable developer would have had the fucking humility to accept that something so integral to the system cannot be made mature and robust except over the course of time. And until that time, he should perhaps quit fucking saying how sweet his shit smells.
Poettering is not a troll. He's a software developer, who has the unforunateness of writing lots of great software that a lot of people simply do not like.
See, this, right here, is why people lose it when they deal with Lennart.
This is not a matter of 'like' or 'do not like'. If it were, we could tell Lennart his software sucks and move on. But no, he's so fucking clever he not only has to be right, he has to foist his rightness onto systems before it's anywhere near mature.
And then.... and then, to add insult to injury, he refuses to accept that integrating core software, which in his own words claims to offer a one-stop-shop for kernel-userland interaction, without extensive use in real world conditions, might reasonably be thought a little rash. No, he has to go and accuse the entire software establishment of bias, an unwillingness to change (without even beginning to address where that inclination comes from), and ultimately, of a simple lack of ability to see and accept just how fucking right he is.
Amazingly, astonishingly to abso-fucking-lutely no one, his actions give rise to more than a little rancour. And now he has the gall to say that he was right all along, that his opponents are irrational and that it's a problem with the rest of the world.
What he's saying, put bluntly, is that most of the people making comments obviously have no understanding at all of how Carrier grade networks actually operate.
I kind of got that, in spite of some random wanker modding me troll for my troubles.
My point, however, is that that is not actually how the process works. That's how the process is dressed up, but in actuality, the FCC has become a political creature, and will reliably support the party that appointed the majority of commissioners. This rather important element was only barely alluded to in the article.
... so where is the systematic, reliable evidence that not being neutral in the way you treat traffic is somehow better for the future of the Internet?
These networks are owned by the ISPs. It seems to me that government, before it steps in and tells them how best to run their networks, should have the burden of showing how net neutrality is better for the network than prioritization schemes.
You've got your cart on the wrong side of your horse, young man.
It's up to the ISPs to demonstrate to the people (via government) that they're using the resources —to which they have been granted limited monopoly rights— in the public interest, and that their pursuit of profits is not leading them into anti-consumer activity such as creating artificial scarcity for extortionary purposes when negotiating with other network operators, holding their users hostage, arbitrarily throttling bandwidth to customers whom they have testified are causing network congestion when in fact no such congestion exists.
For example.
Network Neutrality is the neutral position. It's not telling ISPs how to run their network - it's telling them to stop fucking with their customers' traffic. It's telling the ISPs to stop indulging in funny business and get back to making money the old-fashioned way: by providing an actual fucking service.
But yeah, fuck big government and Ayn Rand and America Fuck Yeah and all that because... Oh, I don't know, because who the fuck cares any more? This stopped being a dialogue years ago.
... so where is the systematic, reliable evidence that not being neutral in the way you treat traffic is somehow better for the future of the Internet?
This is the part that grabbed my attention. The whole piece is pretty disingenuous in the way it frames the issue. Just check out this quotation from an FCC staffer:
"I find the whole rulemaking context almost hilarious in many instances, because you know you're reading something, and you know it's not true. And you're guessing, you know, the person is hallucinating." Ordinary comments were, in other words, prone to error and lacked truthfulness, in the eyes of many of the Commission's staff.
It's a subtle bit of work, but the author of the piece implies not only that:
a) The FCC gets to ignore most comments because its rules require arguments to be made on technical grounds (true); but also that
b) The public opinion is not just wrong, it's 'hallucinating' (false).
The paternalistic tone of the article was a little much, too. Allow me to fisk it:
In the interviews I conducted for my dissertation [just had to get that in, didn't you?], FCC commissioners and a handful of staffers (e.g., civil servants, as opposed to political appointees) [so... staffers, then?] explained that the rulemaking process does not function like a popular democracy. [It's not a vote. Got it.] In other words, you can't expect that the comment you submit opposing a particular regulation will function like a vote. [Right. Not a vote. Got it.] Rulemaking is more akin to a court proceeding. Changes require systematic, reliable evidence, not emotional expressions. [Yeah. It's not a vote. I fucking got it.] And with the exception of Democrat Commissioners Copps and Adelstein, the people I spoke with at the FCC considered citizen input during the media ownership proceeding as emotional and superficial content. [Ah so it's not really like a court, then. 'Cause courts aren't politicised.]
Not once - not once in this article does the author admit what's central to the entire fucking issue - this is a politicised process. It's not a popular issue only because the power brokers don't want it to be. Though truth be told, they're fine with appearing to support the popular will when it coincides with whatever's politically expedient for them.
Capitalism developed as a response to whydontijusttakeitandrapeyourdaughterwhileimatitalism. The seductive power of a pile of cash is not changed when you change the system. The only thing that changes is the standard means of obtaining that pile of cash.
Time to put on some pants, UNIX/Linux geeks: ain't no operating system out there immune to error.
No fucking kidding, software has bugs. And this is a doozy. It's not the first WTF moment we've seen, and it probably won't be the last.
As with the Y2K problem, though, the proof of the pudding is in the tasting. The real test will come when we look back and measure the impact. Will we see a digital wasteland, a web devastated by shellshock-ing predators? Will we find ourselves living in an online New Jersey of the soul, wretched, empty bit-badlands stretching out to the horizon in every direction? Will the Evil Bit finally be flipped? Or will this be like the day when the public library almost burnt down, but we saved all the books by forming a bucket brigade? It's too early to say, right now. But my guess is that, unlike Microsoft's legacy, the fall-out from this event will be the stuff of a cautionary tale for young systems developers, explaining how all the cleverness in the world won't save you from stupidity, so the only really good system is one that can be patched quickly, effectively and simply.
Kant might also have admitted that, while no straight thing was ever made, quite a few bent things were subsequently straightened.
Slashdot Mirror
Heh... poker much?
Poker?!? I hardly even know 'er!
Why shouldn't they? If you want it included in the distro, why is it the distro's responsibility for maintaining the package?
Because that's what fucking distros do. Maintain the fucking package.
And all this simply proves just how deluded these terrorists truly are. The deaths of our soldiers is tragic, but do they really think bumping off some of our politicians will get under Canadian's skin? I think not. We might even thank them.
Humour aside, I am nothing but impressed by the security response on the Hill. Within 4 minutes of the first shot being fired, the assailant was dead on the ground. Aside from the initial victim, there were no other serious injuries.
I used to be an activist, and had occasion to protest (and get arrested) on Parliament Hill. Ask any activist and they will tell you that the Hill cops (who are all federal, not city police) are the ones you want to arrest you. They are trained and highly skilled, and know everything there is to know about appropriate response.
Coincidentally, I once met the man responsible for Hill security only a few weeks after his people had arrested a friend of mine. In spite of being ideologically opposite, I found myself respecting the man immensely. It was a successor of his who stopped the madman this time, but his behaviour was exemplary as well. He shouted a clearly audible warning three times, then engaged the assailant, firing 4 individual, aimed shots.
The discipline and response of the police and security forces to an unknown situation that was clearly targeting Parliament was, I think, exactly what anyone would have wanted. Let's not let the politicians - some of whom owe these people their life - spoil things by capitalising on the event.
Remember this before ranting too much on Lennart. He is not in any position to force any distribution to do anything. Distributions choose to use his software because it actually is better than the stuff that came before it.
Yes, of course Lennart's just a developer with a better idea. He's never seen software development as a means to a larger political end.
Except when he has:
All of these disingenuous statements that there's no other agenda in place are just bullshit. They're simply and self-evidently not true, because you can't do system design without some kind of vision of what you want. And you don't change the system design unless you don't like the one you've got. Lennart's vision, as he says, is a 'streamlined' Linux, which is to say catholic, not agnostic, unified rather than pluralistic, with fewer options rather than more. And when you cut away all the cruft, it's his stuff that remains.
Poettering and his acolytes can argue all they like that their vision is simply better. I disagree, but I accept that this is always an argument worth having. But when you start arguing that POSIX is a constraint and that Linux should be 'leading' the way (and that POSIX can just catch up, thank you), you're taking a stance that is not simply in opposition to others, it cannot coexist with the others because the alternatives have become mutually exclusive within a particular space.
POSIX is a limiting factor. That's true. Its limitation is that we've all agreed on a basic subset of behaviours in order that we all have enough in common to interact. So when you discard POSIX, you have effectively announced that you do not see the value of playing nicely with the other children. From that moment, your 'better idea' is being implemented at the expense of interoperability.
Which is a really fucking bad idea.
(The quote above is from an interview with Lennart, linked from his Wikipedia page.)
Lastly, to respond directly to the assertion that he is not in a position to force any distro to do anything. The tight web of dependencies, his position at RedHat and the support and assistance provided on the corporate level is perhaps not sufficient literally to force a distro to use his software, but it's enough to raise the question that undue influence is being brought to bear and that rather questionable tactics are being indulged in expressly because Lennart and his cohorts think that doing the right thing does not imply contributing in an open[*] and inclusive way.
-----------------
[*] Lennart's idea of openness is allowing others to interact with his software, but fuck you if you want him to take a second look at your requirements. And then, of course, to act shocked (shocked!) when others get upset.
The issue is the balance between public safety and personal privacy. Denying the citizen of any democracy the right to encryption of their personal communication is not an appropriate response to the perceived threat to public safety that same encryption would bring.
Quoth Schneier:
There never is any reason to remove a citizen's right to privacy except to extend the power of the state. You can argue the reasons for and against this, but historically, we've always found that more respect for individual rights contributes significantly to better governance.
If you think I've misinterpreted the problem, please tell me exactly where.
Right here:
You know the kind of shabby security joke that Windows turned into? The same thing has happened to linux and BSD
The security problems that afflict Linux, Mac OS X and, to a much lesser extent, *BSD are fundamentally different in the way they manifest.
We have yet to see the systemic infestation that characterised Windows in the late '90s and early '00s. There was a time mid-decade when the time it took to for an unattended, freshly installed Windows box to get pwned was estimated to be 20 minutes.
Heartbleed, Shellshock, the Debian SSH debacle (can't forget that one) and numerous other problems are symptomatic of weaknesses in aspects of the FOSS environment that people used to think (unrealistically) were invulnerable. Instead, what we've discovered is that they're quite susceptible to targeted attack. This difference should not be understated. Windows is an infected system - basically, you can't run it without antivirus. Linux, Mac OS X and numerous other OSes are easily attacked individually, but there are not as yet any exploits that subvert the entire ecosystem.
None of this is to dismiss how serious the potential threat is. I just want to make it clear that, so far, the danger that we see is different from what we are living with in the Windows world. It's different in quantity and quality.
Doesn't seem so special after all.
Well, full marks for that clever little bit of sleight of hand that allowed them to set up persistent connectivity without hard-coding addresses. I like the way they use the combination of port and sequence number to determine the remote address, and packet window size to set the remote port. It was also pretty interesting that the software could take its sweet time between 'magic' packets, allowing it to obscure itself in incoming traffic.
But yeah, it's a clever riff on well-known rootkit tools. And it's nothing that shouldn't have been discovered in a moderately well-run security environment. I mean, we are talking about an altered boot script, new rules running in iptables, and additional new binaries on the system. You would expect that sort of thing to be found before too long.
But one thing I would very much like to know is how this rootkit got installed in the first place. There's nothing about that in TFA.
> It's being touted as The One True Way.
not unlike the Unix way touted by the opposite camp.
Wow, once again, Poe's Law rears its ugly head.
What follows is not for your benefit, but because somewhere out there on the wilds of the internet, there might still be some youngster with a clue who needs to get this:
Systemd, OOP and a number of other technologies have been touted by people who have a curious mixture of cleverness and a lack of imagination or experience (something altogether too common in the world of software development). They claim that because they have solved a problem, they are therefore entitled to use the same approach to Solve All Problems Ever. So instead of exercising a little humility and moving their work ahead in a way that's accepting of other approaches, they charge in full speed, damn the torpedoes and devil take the hindmost.
It happened with Microsoft and ActiveX. It happened with Object Oriented Programming languages - most notably with Java: there was a time when it was hard to find work programming in anything else. It happened, to a smaller degree, with design patterns. You can find numerous other examples if you search for them.
It's happening again today with systemd.
Now, parent here is implying that the conflict between The Unix Way and systemd's kitchen-sink approach is a contest between equal ideologies. In other words, each represents a single thing, one of which is old and full of faults, the other of which is new and shiny and presumably lacking in faults. The only choice we have, then, is to weigh each in the balance and choose the one that's superior.
There's a fly in that ointment, though: You see, the Unix Way is a process, not a product. It states that it is better to take a toolkit approach - that is, chain together a series of tools that do one thing and do that one thing in a well-defined, simple manner. Systemd, on the other hand, is a particular set of services. Its implementation is antithetical to the Unix Way, because although it's contrived out of dozens of smaller executables, they really only work when they're chained together. You currently can't, in other words, use journald outside of systemd (you'd have to build a completely new interface), or use systemd without journald.
The people who like systemd are willing to discard the decades of experience that brought us the awkward-but-workable Unix world, full of text files, single-purpose utilities, shims on shims on shims.... They see it as ugly and awkward and ungainly. It is all of those things. The place where they go wrong, though, is that they think they can do better in one simple stroke. They think that they're good enough to design a system *cough* that inhabits the space between kernel and userland, and that they can do it in the course of a few short years. That's admirable. I applaud their ambition.
But....
But there is no way in Hell that I would let someone with that kind of confidence get within a mile of my machines. That would be Daedalus and Icarus all over again. (Google it; I'm not your nanny.) What systemd supporters fail to understand is that The Unix Way is the way of humility. It's essentially a way of expressing our own understanding that we cannot do everything well. Therefore, we do the one thing that we can do, and we do it simply (which is not always as well as it might be, but will at least work reliably).
Empirically, systemd does things neither well enough, nor simply. For reasons that are particular to each of them, most adherents are incapable of admitting to either of those things. For example:
> Its detractors are ridiculed as hidebound old neckbeards[*] who don't know any way of doing things but their own.
Its detractors rarely comment on technical merits/shortcomings, 99% of the time they only throw "pid1", "monolitic", "poettering blight", "binary logs" and "they took our jerbs^wkludgy init scripts!" around.
You honestly do sound like an angry neckbeard. You might want to get some therapy or something. That rage isn't helpful.
You know the part where I said there are people who don't know the difference between an argument and a quarrel?
You might want to read it again.
If you can't respond substantively, why respond at all? I've offered a little insight into history so that you can draw a parallel between present and previous conflicts in the software world, and all you can do is call me names that you know are infuriating to me, and you suggest I get therapy?
systemd is the wave of the future. Or at least something similar to systemd that they'll probably hate just as much.
I haven't seen this much hate since OOP started getting popular and old school devs were dragged into it kicking and screaming. But guess what, OOP was the wave of the future.
Considering where the OOP-For-Everything crowd got us, and how long it took us to recover from the fact that it was the hammer for every nail for far too long, considering that we're finally emerging into a sane world where OOP has its place, as one approach among many....
... I'd say you're right about systemd:
It's being touted as The One True Way. Its detractors are ridiculed as hidebound old neckbeards[*] who don't know any way of doing things but their own. Its adherents are clever, antisocial alphas whose faith in their own intelligence is far too complete, and who don't know the difference between an argument and a quarrel.
Yep, it is OOP vs The World all over again. Dog help us all.
--------
[*] Seriously: I will punch the first person who uses that term in my presence.
Whew! I feel so safe in the good old USA, the shining beacon of freedom. And I fully expect our FBI to hack down the repressive firewalls of censorship, without a warrant, and ram some of our great freedoms down their commie throats.
I know where you're coming from (literally - I'm North American), but some beacons of freedom shine more brightly than others. In Fiji, a country which I visit professionally on a fairly regular basis, this story about a man hospitalised by military intelligence has raised some eyebrows.
Ever since the military take-over some years ago, there have been rumours of wholesale surveillance. Numerous people who for whatever reason objected to the post-coup regime reported being contacted by police or military on the day before a gathering (for example), and asked questions about things that they could only know about by eavesdropping on their communications. Soldiers reputedly beat up a large number of people in order to intimidate them into silence. There has indeed been video released of police torturing their prisoners. [Find it yourself; I'm not going to gratify your prurience.]
But this appears to be the first time a person has explicitly been detained tortured and imprisoned because of text messages sent complaining about the regime's leader (and lo and behold, newly-elected prime minister).
So yes, sending authorisation keys via text message is a Very Bad Idea in some places.
Oh fuck me. I'm wrong on that last point. I did say manpower. Sorry.
It isn't a contradiction, it's that you said that to continue supporting init would require significant manpower and that systemd is pushed by a minority.
That's a fucking contradiction by any definition of the word (albeit a contradiction that you constructed, and that only you can see). You are clearly deficient in your capacity to conduct a conversation, so I'll just leave off here.
In parting, and just because reading comprehension seems to be a shortcoming with you: I never once alluded to manpower. I referred to the 'pain' involved in replacing it. But you needed 'manpower' in order to construct that thing which you are adamant is not a perceived contradiction, so you can have it. If you can find the place where it fits... outside of your own imagined version of what I'm arguing, that is.
HTH HAND
You seriously see a contradiction there?
No, I said how is there not enough manpower to maintain a fork that doesn't have a dependency on systemd and uses init instead?
You're talking right past me. Are you now saying that you do NOT see any contradiction? Because 'one the one hand... on the other....', used as you used it, generally implies a perceived contradiction.
Read the analogy and you have your answer. It's not about manpower. It's about role.
Make no mistake: systemd integration is a textbook example of antidemocratic approaches, of how the commons can be soiled by a very small minority of the people using it.
So how is it there isn't enough manpower to maintain a fork with init rather than systemd? On the one hand you claim it's too much work to not use systemd but then simultaneously say systemd is pushed by a minority.
You seriously see a contradiction there? That a core part of a larger system has a new dependency, meaning that one is suddenly put in the position of considering whether it's more pain to keep it than to undo the damage? That this same core part could have been written by a very small group of people who have a track record of not playing nicely with the other children?
... Because if you can't even conceive of the nature of the problem, there's no point at all in responding to the rest of your quibbles.
As a gendankenexperiment, imagine one valve of your heart deciding it wants to change its rhythm. The others can choose to remain as they were, or adopt the new rhythm. Right and wrong are only peripherally part of the decision; what matters first and foremost is not falling out of step. The other components can reason all they like, but if the recalcitrant one doesn't budge, they're stuck either accepting the ultimatum or taking radical steps. The rest of the body parts are, for all intents and purposes, just along for the ride, no matter how the decision affects them.
And that, my child, is the choice the Debian had foisted on them.
And the reason for including libmicrohttpd is so that people can get http access to their log files.
I read that a few times and I still do do a Poe's Law double take at the end.
This is only used by the journald gateway deamon (so not by systemd at all)
But by 'not systemd at all' you mean, 'by one of the few core packages that cannot be removed from systemd?
and also only if you explicitly enable it with "systemctl enable systemd-journal-gatewayd.service".
Yes, because unsafe code lying available on the system has never been made part of a compromise originating from another source. Or are you okay with losing the crown jewels as long as someone else takes part of the blame?
I think you have to practice your Google-fu a bit there pal.
Google can't cure your brand of refusal to come to grips with reality, chum.
Please RTFA, he is saying people even make life threats.
Yeah, that sucks. It's really juvenile and stupidly cruel.
It's not a thing of "I want to be married by church but they don't accept gay marriage", it's "The KKK burned down my house because I kissed my significant other in the park".
No, it's a case of, 'I piss on my neighbours lawn every day. Yeah, there's a little dead patch on the grass where I do it, but now he's trying to shoot me.'
The first step in remedying this situation is, 'Call the cops.' The second step in this process is 'Stop pissing on your neighbour's lawn.'
Systemd was taken up, because it was the better solution for distros.
No it fucking was not. It was taken up because the pain of living with it was judged to be less than the pain of excising it. Other, equally wrong developers decided to make it a requirement, with the effect that in order to stay with init, we would have to retrofit core elements of GNOME, which would have required significant manpower.
Make no mistake: systemd integration is a textbook example of antidemocratic approaches, of how the commons can be soiled by a very small minority of the people using it. The fact that there was a closely split decision on whether to integrate systemd into Debian should have been read as a damning indictment, and at very least should have given the developers pause. But no, it got chalked up as a victory - which is exactly the kind of thinking that got this shit into our operating systems in the first place.
Any self-respecting developer would have realised that the best way to move systemd forward would be to take an incremental approach, to offer it as an optional component. Any reasonable developer would have had the fucking humility to accept that something so integral to the system cannot be made mature and robust except over the course of time. And until that time, he should perhaps quit fucking saying how sweet his shit smells.
Poettering is not a troll. He's a software developer, who has the unforunateness of writing lots of great software that a lot of people simply do not like.
See, this, right here, is why people lose it when they deal with Lennart.
This is not a matter of 'like' or 'do not like'. If it were, we could tell Lennart his software sucks and move on. But no, he's so fucking clever he not only has to be right, he has to foist his rightness onto systems before it's anywhere near mature.
And then.... and then, to add insult to injury, he refuses to accept that integrating core software, which in his own words claims to offer a one-stop-shop for kernel-userland interaction, without extensive use in real world conditions, might reasonably be thought a little rash. No, he has to go and accuse the entire software establishment of bias, an unwillingness to change (without even beginning to address where that inclination comes from), and ultimately, of a simple lack of ability to see and accept just how fucking right he is.
Amazingly, astonishingly to abso-fucking-lutely no one, his actions give rise to more than a little rancour. And now he has the gall to say that he was right all along, that his opponents are irrational and that it's a problem with the rest of the world.
To which I can only reply: seek help.
What he's saying, put bluntly, is that most of the people making comments obviously have no understanding at all of how Carrier grade networks actually operate.
I kind of got that, in spite of some random wanker modding me troll for my troubles.
My point, however, is that that is not actually how the process works. That's how the process is dressed up, but in actuality, the FCC has become a political creature, and will reliably support the party that appointed the majority of commissioners. This rather important element was only barely alluded to in the article.
These networks are owned by the ISPs. It seems to me that government, before it steps in and tells them how best to run their networks, should have the burden of showing how net neutrality is better for the network than prioritization schemes.
You've got your cart on the wrong side of your horse, young man.
It's up to the ISPs to demonstrate to the people (via government) that they're using the resources —to which they have been granted limited monopoly rights— in the public interest, and that their pursuit of profits is not leading them into anti-consumer activity such as creating artificial scarcity for extortionary purposes when negotiating with other network operators, holding their users hostage, arbitrarily throttling bandwidth to customers whom they have testified are causing network congestion when in fact no such congestion exists.
For example.
Network Neutrality is the neutral position. It's not telling ISPs how to run their network - it's telling them to stop fucking with their customers' traffic. It's telling the ISPs to stop indulging in funny business and get back to making money the old-fashioned way: by providing an actual fucking service.
But yeah, fuck big government and Ayn Rand and America Fuck Yeah and all that because... Oh, I don't know, because who the fuck cares any more? This stopped being a dialogue years ago.
... so where is the systematic, reliable evidence that not being neutral in the way you treat traffic is somehow better for the future of the Internet?
This is the part that grabbed my attention. The whole piece is pretty disingenuous in the way it frames the issue. Just check out this quotation from an FCC staffer:
"I find the whole rulemaking context almost hilarious in many instances, because you know you're reading something, and you know it's not true. And you're guessing, you know, the person is hallucinating." Ordinary comments were, in other words, prone to error and lacked truthfulness, in the eyes of many of the Commission's staff.
It's a subtle bit of work, but the author of the piece implies not only that:
a) The FCC gets to ignore most comments because its rules require arguments to be made on technical grounds (true); but also that
b) The public opinion is not just wrong, it's 'hallucinating' (false).
The paternalistic tone of the article was a little much, too. Allow me to fisk it:
In the interviews I conducted for my dissertation [just had to get that in, didn't you?], FCC commissioners and a handful of staffers (e.g., civil servants, as opposed to political appointees) [so... staffers, then?] explained that the rulemaking process does not function like a popular democracy. [It's not a vote. Got it.] In other words, you can't expect that the comment you submit opposing a particular regulation will function like a vote. [Right. Not a vote. Got it.] Rulemaking is more akin to a court proceeding. Changes require systematic, reliable evidence, not emotional expressions. [Yeah. It's not a vote. I fucking got it.] And with the exception of Democrat Commissioners Copps and Adelstein, the people I spoke with at the FCC considered citizen input during the media ownership proceeding as emotional and superficial content. [Ah so it's not really like a court, then. 'Cause courts aren't politicised.]
Not once - not once in this article does the author admit what's central to the entire fucking issue - this is a politicised process. It's not a popular issue only because the power brokers don't want it to be. Though truth be told, they're fine with appearing to support the popular will when it coincides with whatever's politically expedient for them.
Capitalism developed as a response to whydontijusttakeitandrapeyourdaughterwhileimatitalism. The seductive power of a pile of cash is not changed when you change the system. The only thing that changes is the standard means of obtaining that pile of cash.
Knowing how the US government works, they'd probably try to impose a $1000 fine per picture.
Actually, that's per copy per picture. They're counting on Ansel Adams to pay down the national debt.
Time to put on some pants, UNIX/Linux geeks: ain't no operating system out there immune to error.
No fucking kidding, software has bugs. And this is a doozy. It's not the first WTF moment we've seen, and it probably won't be the last.
As with the Y2K problem, though, the proof of the pudding is in the tasting. The real test will come when we look back and measure the impact. Will we see a digital wasteland, a web devastated by shellshock-ing predators? Will we find ourselves living in an online New Jersey of the soul, wretched, empty bit-badlands stretching out to the horizon in every direction? Will the Evil Bit finally be flipped? Or will this be like the day when the public library almost burnt down, but we saved all the books by forming a bucket brigade? It's too early to say, right now. But my guess is that, unlike Microsoft's legacy, the fall-out from this event will be the stuff of a cautionary tale for young systems developers, explaining how all the cleverness in the world won't save you from stupidity, so the only really good system is one that can be patched quickly, effectively and simply.
Kant might also have admitted that, while no straight thing was ever made, quite a few bent things were subsequently straightened.