Announcement

Collapse
No announcement yet.

Systemd-Free Debian "Devuan" Planning Their First Developer Gathering This Spring

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by Weasel View Post
    Indeed, since believe it or not
    i don't need to believe anything given that i know for sure that <ou are one of the dumbest animals walking on two legs

    Comment


    • Originally posted by hreindl View Post
      i don't need to believe anything given that i know for sure that <ou are one of the dumbest animals walking on two legs
      Did you just assume my species?

      Requesting ban for his offensive and speciesist remarks. Racist.

      FYI I'm an attack helicopter and I don't even have legs.

      Comment


      • Originally posted by Weasel View Post
        Did you just assume my species?
        Requesting ban for his offensive and speciesist remarks. Racist.
        racist? are you drunken?

        your species is idiot, no matter from where you come



        Comment


        • Originally posted by hreindl View Post
          problem is your biased view and the loud cry of some fools, on every other software updates are installed and people move on
          https://resources.whitesourcesoftwar...lities-in-2018

          * Mon Feb 25 2019
          - Linux v4.20.12
          - Fix CVE-2019-8980 (rhbz 1679972 1679974)

          * Wed Feb 20 2019
          - Linux v4.20.11
          - Fix CVE-2019-8912 (rhbz 1678685 1678686)

          * Fri Feb 15 2019
          - Linux v4.20.10

          * Tue Feb 12 2019
          - Linux v4.20.8
          - Fixes CVE-2019-7221 (rhbz 1671904 1673676)
          - Fixes CVE-2019-6974 (rhbz 1671913 1673681)
          - Fixes CVE-2019-7222 (rhbz 1671930 1673686)

          * Mon Jan 28 2019
          - Linux v4.20.5
          - Fix CVE-2018-16880 (rhbz 1656472 1669545)

          * Mon Jan 14 2019
          - Linux v4.19.15
          - Fix CVE-2019-3459 and CVE-2019-3460 (rbhz 1663176 1663179 1665925)

          * Wed Jan 09 2019
          - Fix CVE-2019-3701 (rhbz 1663729 1663730)
          Bias? Indeed? Compare apples and oranges.
          Linux kernel is project far larger than systemd. It should be somewhere around 30MLOC. It's guaranteed to have more bugs purely due to it's larger total size.

          Originally posted by arokh View Post
          You haven't pointed out a single technical problem with systemd (not one!), only misconceptions and personal opinion. And sorry, your basic code snippets does not give you any authority in claims like "Wrong approach to development." regarding a major open source system and service manager.
          Actually, I gave you even a list. If you chose to ignore it, it's your problem. Systemd's project size in itself is a problem, to start with. Smaller projects (like individual components systemd has replaced) are much easier to manage than single monster project. Statistical tendency is such that as the projects increase, amount of bugs does as well. I've seen multiple theories about it, some claim 3-4bugs per 1kLOC is good quality code, some claim 10-20 are "normal". So, how many hundreds of thousands of lines of code systemd is at, currently? I see close to 1000 unresolved bugs in github as of now. Following the optimistic idea of 3-4bugs per 1kLOC, there's good bunch still being not found.
          Originally posted by arokh View Post
          At the end of the day, you simply have no clue about open source and how the players within work. Systemd has been chosen because it's technically superior. It's simply more effective than the projects it's "annexed". Every distribution could choose to not use systemd or just use parts of it. This notion that Redhat is somehow forcing it on people is completely absurd.
          Do you have a clue? Lot's of words, accusations and insults. Haven't seen bit of solid knowledge yet TBH.

          Originally posted by arokh View Post
          50k LOC..... Do you even github? Do you have a single line of public code? Have you participated in any open source projects?
          Yes, I actually do have github, though until recently I found very little use for it, except for sending in patches, because unpaid account did not allow for private repos. Shit I wrote for money's been always closed source.

          About the latter question, that forum post should provide sufficient answer.
          https://forums.freebsd.org/threads/f...0/#post-368909

          Originally posted by arokh View Post
          Oh and btw, I'm not raging I am writing this with a perfect 40 beats per minute pulse and a smile on my face sipping my coffee.
          Either you are trying to brag or you have heart condition called bradycardia. In the latter case, go see cardiologist. Considering the amount of time you seem to spend behind computer, I suspect former.

          Comment


          • Originally posted by aht0 View Post
            Actually, I gave you even a list. If you chose to ignore it, it's your problem. Systemd's project size in itself is a problem, to start with.
            you need to understand that that systemd is not driven by two people and that every component has it's primary maintainers to begin with

            Originally posted by aht0 View Post
            Smaller projects (like individual components systemd has replaced) are much easier to manage than single monster project.
            the opposite is true when they interact and have dependencies given that refactoring and share code via private API's in a big repo is much easier

            at the end of teh day the code for the same functionality is way smaller than in your small projects and you biased view forgets that the replaced ones didn't have the same functionality in many cases

            Originally posted by aht0 View Post
            Statistical tendency is such that as the projects increase, amount of bugs does as well. I've seen multiple theories about it, some claim 3-4bugs per 1kLOC is good quality code, some claim 10-20 are "normal". So, how many hundreds of thousands of lines of code systemd is at, currently?
            again: biased view!

            i don't run networkd, timesyncd and a lot of other components at all so a bug there won't affect me and on the other hand the heavily shared private library is fro sure one of the m,ost maintained peices of software out there and even bugs in context of components only a small part of users are actively using leads to another review

            Originally posted by aht0 View Post
            I see close to 1000 unresolved bugs in github as of now. Following the optimistic idea of 3-4bugs per 1kLOC, there's good bunch still being not found.
            how many of them are discussed if it's even a bug at all and even if in which component and context
            how many of them are even bugreports because "issue" can be a lot

            how many of them are simply not true and nobody wasted it's time to close them?
            imagine people like you are reporting bugs there while PEBCAK

            Comment


            • Originally posted by hreindl View Post
              you need to understand that that systemd is not driven by two people and that every component has it's primary maintainers to begin with
              Overwhelming amount of commits are by bare handful of people. For example, yesterday Poettering alone commited 19 changes, which makes 62.3% of total yesterday's commits. When you look at total history of commits, it's dominated by just about five people, with huge scissors between first and fifth place.

              Originally posted by hreindl View Post
              the opposite is true when they interact and have dependencies given that refactoring and share code via private API's in a big repo is much easier

              at the end of teh day the code for the same functionality is way smaller than in your small projects and you biased view forgets that the replaced ones didn't have the same functionality in many cases
              In many cases, replaced ones had properly working functionalities, instead of oddball errors cropping up at random places.

              Originally posted by hreindl View Post
              again: biased view!

              i don't run networkd, timesyncd and a lot of other components at all so a bug there won't affect me and on the other hand the heavily shared private library is fro sure one of the m,ost maintained peices of software out there and even bugs in context of components only a small part of users are actively using leads to another review
              Just one question: if you find it necessary to exclude one or more modules, what's the point of the thing overall? Necessity of disabling parts of it, negates it's efficiency because you have to spend extra time getting it re-worked to your particular needs. So, you are spending time in any case. Might as well go the way of simpler OS design, which logically would give less issues long-term.

              Originally posted by hreindl View Post
              how many of them are discussed if it's even a bug at all and even if in which component and context
              how many of them are even bugreports because "issue" can be a lot
              how many of them are simply not true and nobody wasted it's time to close them?
              imagine people like you are reporting bugs there while PEBCAK
              This project is infamous for not admitting it's bugs as bugs nor caring about fixes. Thus I just took "open issues" and settled with it. It's more or less stable number near one thousand. Yesterday it deviated between 996 and 982, today it shows me 991.

              Cherry on the cake for you: What the hell should one think about developer who would reply something like this to bug report:

              Poettering:To make this work we'd need a patch, as nobody of us tests this
              Last edited by aht0; 03-15-2019, 08:08 AM.

              Comment


              • Originally posted by aht0 View Post
                Overwhelming amount of commits are by bare handful of people. For example, yesterday Poettering alone commited 19 changes, which makes 62.3% of total yesterday's commits. When you look at total history of commits, it's dominated by just about five people, with huge scissors between first and fifth place.
                did you ever hear about external patches reviewed and commited by a few people instead have the world randomly commit waht ever it thinks?

                frankly your lacking knoweldge about the project and sofwtare development at all is annoying

                Originally posted by aht0 View Post
                In many cases, replaced ones had properly working functionalities, instead of oddball errors cropping up at random places.
                the point is that you are not willing or able to cope with changes and when someone si not willing to begin with it won't work well

                Originally posted by aht0 View Post
                Just one question: if you find it necessary to exclude one or more modules, what's the point of the thing overall? Necessity of disabling parts of it, negates it's efficiency because you have to spend extra time getting it re-worked to your particular needs. So, you are spending time in any case. Might as well go the way of simpler OS design, which logically would give less issues long-term.
                networkd: i run my own oneshot-systemd unit with iptables-restore, ip.commands, route commands, bridiging/bonding
                timesyncd: my machines either get their time from the host or are ntp servers for a whole network

                if disable something you don't need is worth any words for you just quit the IT!

                you likely refuse the beauty of the unit below and what "systemctl status" gives you for each of the commands in case something goes wrong which makes it superiour to a shellscrpt or the old netwerok-service or networkmanager/networkd in case of *static* configured machines, but anyways, here you go

                the - prefix is a design decision in case of something fails try to setup as much as possible instead let the whole unit fail and depends on the machine and for me it's way easier to confogure firewall and the whole network in one unit given that this unit-files are central maintained and deployed, if something needs a static route, well: "ExecStart=/usr/sbin/ip route add.." at the right place

                Code:
                [Unit]
                Description=Network
                After=systemd-udev-trigger.service systemd-udev-settle.service
                Wants=systemd-udev-trigger.service systemd-udev-settle.service
                PartOf=network-online.target
                
                [Service]
                Type=oneshot
                RemainAfterExit=yes
                SuccessExitStatus=80
                
                ExecStart=/usr/sbin/iptables-restore /etc/sysconfig/iptables
                ExecStart=-/etc/sysconfig/sysctl-conntrack.sh
                
                ExecStart=-/usr/sbin/ethtool -K eth-lan0 tso on gro on rx on tx on
                ExecStart=-/usr/sbin/ethtool -G eth-lan0 rx 2048 tx 2048
                ExecStart=-/usr/sbin/ethtool -K eth-lan1 tso on gro on rx on tx on
                ExecStart=-/usr/sbin/ethtool -G eth-lan1 rx 2048 tx 2048
                ExecStart=-/usr/sbin/ethtool -K eth-nfs0 tso on gro on rx on tx on
                ExecStart=-/usr/sbin/ethtool -G eth-nfs0 rx 2048 tx 2048
                ExecStart=-/usr/sbin/ethtool -K eth-nfs1 tso on gro on rx on tx on
                ExecStart=-/usr/sbin/ethtool -G eth-nfs1 rx 2048 tx 2048
                
                ExecStart=-/usr/sbin/modprobe bonding mode=1 miimon=50 downdelay=100 primary=eth-lan0
                ExecStart=-/usr/sbin/ip link add name bond0 type bond
                ExecStart=-/usr/sbin/ip link set eth-lan0 master bond0
                ExecStart=-/usr/sbin/ip link set eth-lan1 master bond0
                ExecStart=-/usr/sbin/ip link set dev eth-lan0 txqueuelen 2000 mtu 1500 up
                ExecStart=-/usr/sbin/ip link set dev eth-lan1 txqueuelen 2000 mtu 1500 up
                ExecStart=-/usr/sbin/ip addr add 192.168.196.116/255.255.255.0 broadcast 192.168.196.255 dev bond0
                ExecStart=-/usr/sbin/ip link set dev bond0 mtu 1500 up
                
                ExecStart=-/usr/sbin/ip link add name br-nfs type bridge
                ExecStart=-/usr/sbin/ip link set dev eth-nfs0 master br-nfs
                ExecStart=-/usr/sbin/ip link set dev eth-nfs1 master br-nfs
                ExecStart=-/usr/sbin/ip link set dev eth-nfs0 txqueuelen 2000 mtu 9000 up
                ExecStart=-/usr/sbin/ip link set dev eth-nfs1 txqueuelen 2000 mtu 9000 up
                ExecStart=-/usr/sbin/ip a add 172.23.130.1/255.255.255.0 broadcast 172.23.30.255 dev br-nfs
                ExecStart=-/usr/sbin/ip link set dev br-nfs mtu 9000 up
                
                ExecStart=-/usr/sbin/ip route add default via 192.168.196.1
                ExecStart=-/usr/sbin/sysctl -e -p -q
                
                [Install]
                WantedBy=network-online.target
                WantedBy=multi-user.target
                Originally posted by aht0 View Post
                This project is infamous for not admitting it's bugs as bugs nor caring about fixes. Thus I just took "open issues" and settled with it. It's more or less stable number near one thousand. Yesterday it deviated between 996 and 982, today it shows me 991.

                Cherry on the cake for you: What the hell should one think about developer who would reply something like this to bug report:

                Poettering:To make this work we'd need a patch, as nobody of us tests this
                that he is at least honest and that you are completly wrong when you think that it's much different in other projects, no matter opensource or closed source - pretty sure some functionality which was a feature request with a patch which was reviewed and accepted and now someone comes up with different needs

                nobody says all is perfect, it's not and it's also not in many other projects

                at least it works and it works the last 7 years way better than anything before which likely is here the case because other than you instead of fighting against i look at it's capabilities/opportunities and make heavy use of them

                and until you come up with a *relieable* initscript starting a service like below which i do for years for every service (yes adopted for it#s needs) leave me fuck in peace

                Code:
                Restart=always
                RestartSec=1
                
                CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID
                LockPersonality=yes
                MemoryDenyWriteExecute=yes
                NoNewPrivileges=yes
                PrivateDevices=yes
                PrivateTmp=yes
                RestrictNamespaces=yes
                RestrictAddressFamilies=AF_INET AF_INET6 AF_LOCAL AF_UNIX
                RestrictRealtime=yes
                SystemCallArchitectures=x86-64
                [email protected] @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
                
                ProtectSystem=strict
                ProtectHome=yes
                ProtectControlGroups=yes
                ProtectKernelModules=yes
                ProtectKernelTunables=yes
                
                ReadWritePaths=-/run
                ReadWritePaths=-/tmp
                ReadWritePaths=-/var/cache
                ReadWritePaths=-/var/lib
                ReadWritePaths=-/var/log
                Last edited by hreindl; 03-15-2019, 08:49 AM.

                Comment


                • Originally posted by hreindl View Post
                  did you ever hear about external patches reviewed and commited by a few people instead have the world randomly commit waht ever it thinks?
                  External patches are relatively far and few between compared what main devs write. Since I took up yesterday's stats, out of thirtish commits, 4 were external merges.

                  Originally posted by hreindl View Post
                  frankly your lacking knoweldge about the project and sofwtare development at all is annoying
                  Me thinks, you are running out of excuses and arguments.

                  Originally posted by hreindl View Post
                  the point is that you are not willing or able to cope with changes and when someone si not willing to begin with it won't work well
                  When it gets on my way, sure, I dislike any change. When it fixes something broken for me, I am fine with it.

                  Originally posted by hreindl View Post
                  networkd: i run my own oneshot-systemd unit with iptables-restore, ip.commands, route commands, bridiging/bonding
                  timesyncd: my machines either get their time from the host or are ntp servers for a whole network

                  if disable something you don't need is worth any words for you just quit the IT!

                  you likely refuse the beauty of the unit below and what "systemctl status" gives you for each of the commands in case something goes wrong which makes it superiour to a shellscrpt or the old netwerok-service or networkmanager/networkd in case of *static* configured machines, but anyways, here you go
                  Frankly, I cant really see any beauty in this unit file. It's a bunch of cryptic strings without consulting documentation first. For reading.

                  OpenRC init script for your perusal ('PF' firewall). THAT I'd be able to write from beginning to an end without considering suicide first.
                  #!/sbin/openrc-run
                  # Copyright (c) 2007-2015 The OpenRC Authors.
                  # See the Authors file at the top-level directory of this distribution and
                  # https://github.com/OpenRC/openrc/blob/master/AUTHORS
                  #
                  # This file is part of OpenRC. It is subject to the license terms in
                  # the LICENSE file found in the top-level directory of this
                  # distribution and at https://github.com/OpenRC/openrc/blob/master/LICENSE
                  # This file may not be copied, modified, propagated, or distributed
                  # except according to the terms contained in the LICENSE file.

                  name="Packet Filter"
                  : ${pf_conf:=${pf_rules:-/etc/pf.conf}}
                  required_files=$pf_conf

                  extra_commands="checkconfig showstatus"
                  extra_started_commands="reload"

                  depend() {
                  need localmount
                  keyword -jail -prefix -stop -shutdown
                  }

                  start()
                  {
                  ebegin "Starting $name"
                  load_kld pf 2>/dev/null
                  pfctl -q -F all
                  pfctl -q -f "$pf_conf" $pf_args
                  pfctl -q -e
                  eend $?
                  }

                  stop()
                  {
                  ebegin "Stopping $name"
                  pfctl -q -d
                  eend $?
                  }

                  checkconfig()
                  {
                  ebegin "Checking $name configuration"
                  pfctl -n -f "$pf_conf"
                  eend $?
                  }
                  Originally posted by hreindl View Post
                  that he is at least honest and that you are completly wrong when you think that it's much different in other projects, no matter opensource or closed source - pretty sure some functionality which was a feature request with a patch which was reviewed and accepted and now someone comes up with different needs

                  nobody says all is perfect, it's not and it's also not in many other projects

                  at least it works and it works the last 7 years way better than anything before which likely is here the case because other than you instead of fighting against i look at it's capabilities/opportunities and make heavy use of them

                  and until you come up with a *relieable* initscript starting a service like below which i do for years for every service (yes adopted for it#s needs) leave me fuck in peace
                  Honest or not, such attitude is unacceptable when project in question is a service manager for an operating system. It's bugs and problems affect the whole system.

                  At the moment, I am getting a feeling, you have until now seen only SysV init (I admit it's cross-linking of files was pretty horrendous) and systemd. Nothing else. And mainly like systemd-init because it's indeed flat out superior to old SysV init. I agree here with you - anything is better than this mess was.
                  At the same time, there were bunch of other alternatives, which worked all better than SysV init and could have been used without fucking adding fifty-binary-kitchensink to 9 out of 10 Linuxes with it's inherent problems and bugs.

                  So, one German dude invented experimental rocketship for going into milk store and everybody + their dogs are singing hosianna.. when traditional alternative solutions already existed but were not considered because NIH syndrome, which is the curse of Linux.

                  Comment


                  • Originally posted by aht0 View Post
                    Frankly, I cant really see any beauty in this unit file. It's a bunch of cryptic strings without consulting documentation first. For reading.
                    which cryptig strings?
                    ExecStart?
                    really?

                    and when you mean things like "PrivateDevices" you have nothing similar in your crap, surely you need to consult documentation for hardening options not available anywhere else which are *optional* to use - what else? it's laughable how you argue all the time and think you have a single point while everybody which had really worked with systemd sees that you have no idea what you are talking about

                    the /usr/sbin/ip calls and the other ExecStart stuff are just plain commands and you don't realize it
                    practically as they would be in a shellscript without the "ExecStart="

                    the difference is that you get error handling for free in systemctl status, you see which command failed and you have the journalctl output of recent events on bottom containing stdout/stderr of the processes and so get the fucking reason without any additional line of code, for everything

                    Code:
                    [[email protected]:~]$ systemctl status network-up.service
                    ‚óŹ network-up.service - Network
                       Loaded: loaded (/etc/systemd/system/network-up.service; enabled; vendor preset: disabled)
                       Active: active (exited) since Fri 2019-03-15 12:37:33 CET; 4h 26min ago
                      Process: 554 ExecStart=/usr/sbin/tc qdisc add dev wan1 parent 1:1 handle 11: fq_codel (code=exited, status=0/SUCCESS)
                      Process: 553 ExecStart=/usr/sbin/tc class add dev wan1 parent 1: classid 1:1 hfsc sc rate 200Mbit ul rate 200Mbit (code=exited, status=0/SUCCESS)
                      Process: 550 ExecStart=/usr/sbin/tc qdisc add dev wan1 root handle 1 hfsc default 1 (code=exited, status=0/SUCCESS)
                      Process: 549 ExecStart=/usr/sbin/sysctl -e -p -q (code=exited, status=0/SUCCESS)
                      Process: 548 ExecStart=/usr/sbin/sysctl -e -w net.bridge.bridge-nf-call-arptables=0 (code=exited, status=0/SUCCESS)
                      Process: 547 ExecStart=/usr/sbin/sysctl -e -w net.bridge.bridge-nf-call-iptables=0 (code=exited, status=0/SUCCESS)
                      Process: 546 ExecStart=/usr/sbin/ip link set dev lan multicast off allmulticast off up (code=exited, status=0/SUCCESS)
                      Process: 545 ExecStart=/usr/sbin/ip addr add 172.16.0.1/255.255.255.0 dev lan (code=exited, status=0/SUCCESS)
                      Process: 544 ExecStart=/usr/sbin/ethtool -K lan gso off tso off lro off gro off rxvlan off txvlan off (code=exited, status=0/SUCCESS)
                      Process: 543 ExecStart=/usr/sbin/ethtool -G lan rx-mini 0 (code=exited, status=0/SUCCESS)
                      Process: 542 ExecStart=/usr/sbin/ip route add default via 192.168.196.2 dev wan (code=exited, status=0/SUCCESS)
                      Process: 541 ExecStart=/usr/sbin/ip link set dev wan multicast off allmulticast off up (code=exited, status=0/SUCCESS)
                      Process: 540 ExecStart=/usr/sbin/ip a add 192.168.196.5/255.255.255.0 dev wan (code=exited, status=0/SUCCESS)
                      Process: 538 ExecStart=/usr/sbin/ip link set dev wan1 master wan multicast off allmulticast off up (code=exited, status=0/SUCCESS)
                      Process: 537 ExecStart=/usr/sbin/ethtool -K wan1 gso off tso off lro off gro off rxvlan off txvlan off (code=exited, status=0/SUCCESS)
                      Process: 536 ExecStart=/usr/sbin/ethtool -G wan1 rx-mini 0 (code=exited, status=0/SUCCESS)
                      Process: 533 ExecStart=/usr/sbin/ethtool -K wan gso off tso off gro off txvlan off (code=exited, status=0/SUCCESS)
                      Process: 528 ExecStart=/usr/sbin/ip link add name wan type bridge (code=exited, status=0/SUCCESS)
                      Process: 523 ExecStart=/etc/sysconfig/sysctl-conntrack.sh (code=exited, status=0/SUCCESS)
                      Process: 488 ExecStart=/usr/sbin/iptables-restore /etc/sysconfig/iptables (code=exited, status=0/SUCCESS)
                      Process: 479 ExecStart=/usr/sbin/ipset -file /etc/sysconfig/ipset restore (code=exited, status=0/SUCCESS)
                      Process: 476 ExecStart=/usr/sbin/modprobe nf_nat_ftp (code=exited, status=0/SUCCESS)
                      Process: 466 ExecStart=/usr/sbin/modprobe nf_conntrack_ftp (code=exited, status=0/SUCCESS)
                     Main PID: 554 (code=exited, status=0/SUCCESS)
                    your openrc script is as ugly as the night is dark and the same without documentation
                    nobody right in his mind wants such a crap with repeated boilerplate code in 2019

                    Originally posted by aht0 View Post
                    Honest or not, such attitude is unacceptable when project in question is a service manager for an operating system. It's bugs and problems affect the whole system.
                    you don't realize that systemd is not only the service manager and not everything is touching the service manager as it's own
                    Last edited by hreindl; 03-15-2019, 12:07 PM.

                    Comment


                    • Originally posted by hreindl View Post
                      which cryptig strings?
                      ExecStart?
                      really?

                      and when you mean things like "PrivateDevices" you have nothing similar in your crap, surely you need to consult documentation for hardening options not available anywhere else which are *optional* to use - what else? it's laughable how you argue all the time and think you have a single point while everybody which had really worked with systemd sees that you have no idea what you are talking about

                      the /usr/sbin/ip calls and the other ExecStart stuff are just plain commands and you don't realize it
                      practically as they would be in a shellscript without the "ExecStart="

                      the difference is that you get error handling for free in systemctl status, you see which command failed and you have the journalctl output of recent events on bottom containing stdout/stderr of the processes and so get the fucking reason without any additional line of code, for everything
                      It is said "Beauty is in the eyes of beholder". Shorter and more concise it is, more beautiful it becomes. Mine is shorter, both line-wise and by character count. Precise network details I would specify differently. Systemd replaced legacy network configuration utilities like "ifconfig", I'd use these. As a result, init itself has less possible points of failure. Because init's main task is to initialize the boot, not trying to do hundred other things simultaneously on background at the same time. Most reliablie tools, both in software and hardware, always follow the KISS principle. Keep It Simple, Stupid.

                      Privatedevices analogue would be "jails". Notice "keyword -jail -prefix -stop -shutdown". This file was taken from FreeBSD box with an OpenRC init. The fact that something might carry different name, does not mean your "hardening" is not present. About possible error messages, I'd get these from syslog - a non-issue.

                      You won't see shit like "Timeout for 1min 30sec" in OpenRC, which is so common with systemd when it has hit some rocks and shoals and tries to figure out how to proceed.
                      OpenRC just boots. I've gotten FreeBSD to below 10 seconds boot with it-which is awesome considering it's normally like 30 seconds with traditional RC init. Alpine Linux does it even much faster (also OpenRC). When I have to install OpenSUSE (systemd distro) I am waiting 1-5min pretty much on first boot after install and then have to start figuring out what the hell is causing disruption. Efficient ? No, because it almost always would require manual modifications.
                      And it always requires modifications when I changed something about local file systems or drives. I have wife and mother-in-law doing their nagging, I don't need some system manager adding to it.
                      Last edited by aht0; 03-16-2019, 05:22 AM.

                      Comment

                      Working...
                      X