Announcement

Collapse
No announcement yet.

Systemd's Plan For Stateless Systems, Factory Resets

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Systemd's Plan For Stateless Systems, Factory Resets

    Phoronix: Systemd's Plan For Stateless Systems, Factory Resets

    Following the exciting systemd 214 release that worked on new sandboxing features and other improvements toward a stateless Linux system, Lennart Poettering has blogged about the latest features and their plans going forward...

    http://www.phoronix.com/vr.php?view=MTcyMjQ

  • #2
    This sounds amazing! Still, where do systemd guys expect applications to be installed (like in years from now if their ideas catch on). Still in /usr? It would be cool to reinstall the OS without losing apps and data (like if the system is unusable because it shutdown in the middle of an update).

    I ask because this is the most I can find on the subject from the blog post:

    For end-user machines like desktops, tablets or mobile phones, we want a generic way to implement factory reset, which the user can make use of when the system is broken (saves you support costs), or when he wants to sell it and get rid of his private data, and renew that "fresh car smell".
    But this sounds like the opposite of what I am asking about.
    Last edited by CTown; 06-17-2014, 02:56 PM.

    Comment


    • #3
      anyone else went for popcorn when seeing title? systemd topics are so amusing on phoronix. but, trolls are so late... c'mon it's been minutes already

      Comment


      • #4
        Originally posted by CTown View Post
        This sounds amazing! Still, where do systemd guys expect applications to be installed (like in years from now if their ideas catch on). Still in /usr? It would be cool to reinstall the OS without losing apps and data (like if the system is unusable because it shutdown in the middle of an update).

        I ask because this is the most I can find on the subject from the blog post:

        But this sounds like the opposite of what I am asking about.
        if i would have to guess, the applications will probably reside in both usr and home as part of http://www.superlectures.com/guadec2...ions-for-gnome

        Comment


        • #5
          See, this is why having a consistent base system is useful!

          People keep moaning about systemd 'breaking' their bizarre single-case hacks that had strange edge-cases anyway, and then ignore the fact that we get consistent, reliable, cross-distro features that are useful to everyone.

          Comment


          • #6
            Originally posted by CTown View Post
            This sounds amazing! Still, where do systemd guys expect applications to be installed (like in years from now if their ideas catch on). Still in /usr? It would be cool to reinstall the OS without losing apps and data (like if the system is unusable because it shutdown in the middle of an update).

            I ask because this is the most I can find on the subject from the blog post:
            Looking into the crystal ball, the future seems to be that will be two kinds of "apps": the normal ones as we know it, in form of a rpm or deb package, and "sand boxed" apps that are developed via a special SDK, and runs in an environment that are totally independent of the underlying OS.

            Such SB apps can in theory run unmodified on any Linux distribution that support the sand boxing environment. Such apps could in theory be carried over to a new OS (either OS upgrade or another brand) without modification and without loss of data and configuration.
            There still needs a lot of work to make this happens, like kdbus in the kernel etc, so this is mostly theoretical at this point.

            AFAIK, you can just install normal apps either system wide in the "golden master" image (persistent) or in a running OS container if you got the right user permissions (might not be persistent across boots, depending of model.)


            I especially like the "Verifiable System". Security is so damn hard to get right on the Internet and every system exposed is under a constant attack. It would be nice if only a sand boxed container OS was exposed to the net, that could be verified as not-compromised (AV-scanners etc. aren't much help against this these days, and Tripwire and similar also have its problems).

            Comment


            • #7
              I acknowledge that I was wrong. They don't want to turn Linux into Windows. They want to turn it into iOS.

              Comment


              • #8
                * Systemd's plan for hijacking your system...

                Comment


                • #9
                  Originally posted by FLHerne View Post
                  useful to everyone.
                  You're not everyone, my friend. This crap isn't useful to me in the slightest. The only thing that systemd would change for me is that I would have to run twice as fast just to stay where I am now with sysvinit.

                  Comment


                  • #10
                    Originally posted by prodigy_ View Post
                    I acknowledge that I was wrong. They don't want to turn Linux into Windows. They want to turn it into iOS.
                    It's amazing how awful Linux has become. It's like Linus has totally phoned it in and is off on perpetual scuba diving vacations.

                    Comment


                    • #11
                      Originally posted by prodigy_ View Post
                      I acknowledge that I was wrong. They don't want to turn Linux into Windows. They want to turn it into iOS.
                      Just wait and watch all these peasants go ahead and die defending it...

                      Comment


                      • #12
                        Difference Between....

                        Originally posted by justmy2cents View Post
                        anyone else went for popcorn when seeing title? systemd topics are so amusing on phoronix. but, trolls are so late... c'mon it's been minutes already
                        The above comment makes reflect on the difference between Phoronix forums and /. forums....one of them is owned by DICE.

                        Comment


                        • #13
                          Originally posted by interested View Post
                          Looking into the crystal ball, the future seems to be that will be two kinds of "apps": the normal ones as we know it, in form of a rpm or deb package, and "sand boxed" apps that are developed via a special SDK, and runs in an environment that are totally independent of the underlying OS
                          at least how i get it, i think there is no need for special SDK. making package would be the matter of build tools, where you specify target aka. "i want to run this on everything up from CentOS 5". build tools should simply make the package that will contain all the libraries needed to run on desired targets. no matter if you'll run it on distro that would already supply most of required ones.

                          as far as SDK for sandboxing goes, again there should be no need for that. that is matter of sandbox it self, not your application. you need port 34534 for example, your socket code is just as usual, no difference. but, unless you specified sandbox to open it for you, sandbox simply won't allow it to pass trough. beside security, it also gives great overview of what application will do before it can do it. unlike half assed sandboxing in android for example

                          not all applications would make sense to deploy like that, hell... i love package distribution. but for a lot... it's a way to go. it's also a way to get commercial development on board since targets are not restricted to singular distribution and you can provide long term support without the need to patch it every week just because some OSS project changed. not to mention the flaw of package management, usually you get constricted to specified version of app for whole life time of that distro, where installing newer can be rather painful experience.

                          Comment


                          • #14
                            Originally posted by NotMine999 View Post
                            The above comment makes reflect on the difference between Phoronix forums and /. forums....one of them is owned by DICE.
                            if that was any other topic, aka. not systemd. i'd agree in heartbeat. in systemd news, phoronix sometimes feels even more amusing than hardest /. troll fest

                            Originally posted by atari314 View Post
                            Just wait and watch all these peasants go ahead and die defending it...
                            what is there to defend against? poster is obviously still in 1985 and way to scared to proceed to reality
                            Last edited by justmy2cents; 06-17-2014, 04:25 PM.

                            Comment


                            • #15
                              Originally posted by justmy2cents View Post
                              at least how i get it, i think there is no need for special SDK. making package would be the matter of build tools, where you specify target aka. "i want to run this on everything up from CentOS 5". build tools should simply make the package that will contain all the libraries needed to run on desired targets. no matter if you'll run it on distro that would already supply most of required ones.

                              as far as SDK for sandboxing goes, again there should be no need for that. that is matter of sandbox it self, not your application. you need port 34534 for example, your socket code is just as usual, no difference. but, unless you specified sandbox to open it for you, sandbox simply won't allow it to pass trough. beside security, it also gives great overview of what application will do before it can do it. unlike half assed sandboxing in android for example

                              not all applications would make sense to deploy like that, hell... i love package distribution. but for a lot... it's a way to go. it's also a way to get commercial development on board since targets are not restricted to singular distribution and you can provide long term support without the need to patch it every week just because some OSS project changed. not to mention the flaw of package management, usually you get constricted to specified version of app for whole life time of that distro, where installing newer can be rather painful experience.
                              As I understand it the application container would be build against a certain profile, which determins which libraries are bundled up with the container. The sandboxing would be handled by the kernel via kdbus, cgroups etc. Just having a single portable app container file format for userspace applications would already be immensely helpful for Linux. There would be no need for developers to think about how they'll publish their softwar (package it as a deb or rpm? Or just a source tarball and hope some maintaier packages it for distro x?) They'd just make the container and can be sure it runs on every Linux distro the same way it does on his development machine. Applications would never break the system through shared library updates. You could easily mix old and new software and rollback to previous versions, without downgrading a lot of other stuff aswell.

                              Comment

                              Working...
                              X