Announcement

Collapse
No announcement yet.

Debian May Need To Re-Evaluate Its Interest In "Init System Diversity"

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • I wait for the day when Linux software stops resisting change and integrate better with systemd.
    It brings So Many features that Linux needs, especially when it comes to security...

    Comment


    • Originally posted by andrnils View Post
      Is the author of systemd any better than rms? Probably not, and neither is his view of "Linux or nothing". Systemd is completely the wrong way to go about compatibility, but what is required for the lackeys to realize that?
      Systemd is first about ease of management and application development, second about compatibility between the major Linux distros. It has never claimed to do anything for compatibility between Linux and ***BSD, or about making things easier for Joe Random's very own me-too-distro-without-systemd, because, like it or not, those are not the issues that worry those users that actually matter (i.e. those that pay for the development and/or contribute substantially to the Linux community).

      Comment


      • Originally posted by Alliancemd View Post
        I wait for the day when Linux software stops resisting change and integrate better with systemd.
        It brings So Many features that Linux needs, especially when it comes to security...
        To the former, Linux software is an epithome to a change. To the ridiculous idea of change for the sake of change itself. New features are more important than fixing older issues. Nature of the evolutionary software. You just keep forgetting that evolution itself is Darwinian in principle - mutate too far or specialize too deeply and your resounding success might become story of extinction when conditions change. Because you can no longer neither turn back or adapt yet more. It's also a path of spiraling history and making same mistakes over and over again.

        To the latter.. Lol what? Rule of thumb: less code, less potential bugs, more security. Few million loc internally interlocked APIs, kept intentionally obscure and in constant change - to make harder not to use systemd is somehow "secure" for you?? Holy naivety..

        Comment


        • Originally posted by aht0 View Post
          To the latter.. Lol what? Rule of thumb: less code, less potential bugs, more security. Few million loc internally interlocked APIs, kept intentionally obscure and in constant change - to make harder not to use systemd is somehow "secure" for you?? Holy naivety..
          There is a horrible reality here if you in fact totally up all the lines of code to make a sysvinit system have all the features that systemd provides its in fact 40 times the number of lines of code of systemd. Yes systemd is in fact smaller that what it has replaced. So less code, less potential bugs and more security is in fact in systemd favor over sysvinit solutions.

          Same with a lot of the other broken solutions. Openrc maybe able to be competitive when with the same features as systemd on lines of code.

          Of course I would like to see init system with better security design from the get go right down to using sel4 mathematically secured in code off the start line.

          Comment


          • Originally posted by oiaohm View Post
            There is a horrible reality here if you in fact totally up all the lines of code to make a sysvinit system have all the features that systemd provides its in fact 40 times the number of lines of code of systemd (a). Yes systemd is in fact smaller that what it has replaced. So less code, less potential bugs and more security is in fact in systemd (b) favor over sysvinit solutions.
            You base your argument first on a purely hypothetical guess (a), then proceed claiming that systemd has less code than this 'hypothetically equally functional' sysvinit would have (b).. And because of this, systemd is certainly more secure? That's one solid argument there.
            Question tho: do most people need most features by systemd? Or not? Because they do get all it's potential risks regardless.

            Originally posted by oiaohm View Post
            Same with a lot of the other broken solutions. Openrc maybe able to be competitive when with the same features as systemd on lines of code.
            Of course I would like to see init system with better security design from the get go right down to using sel4 mathematically secured in code off the start line.
            For some reason 'sel4' is not the path chosen by OpenBSD folks, who are chasing namely security. They are doing it by keeping code base minimal, auditing it relentlessly and REMOVING features they think either not needed or potentially risky. So, which approach is more secure?

            Comment


            • Originally posted by anarki2 View Post
              Wait what? A single init system reduces maintenance burden? And multiple init systems actually increase it? Developer time is not infinite and free? Really?

              Shock horror. We've been only saying this for like 5 years. The delusional guys at Devuan et al feel free to toy around for a few years more. Delaying the inevitable sure is a fruitful effort, time well spent. Let the duplication of efforts continue!
              The one thing, and I won't be humble here at all, that most tech/nerd types lack is humility and they collectively seem to suffer from NIH, and I don't think it gets better with age either, they just get more coy about it.

              Comment


              • Wow, I've read some truly dumb shit in this thread, "the one true way", "deunixification", "systemd is a init", "security through complexity".... jesus fuckin christ! Are systemd zealots really this fuckin stupid??? Apparently yes...

                Comment


                • Originally posted by aht0 View Post
                  You base your argument first on a purely hypothetical guess (a), then proceed claiming that systemd has less code than this 'hypothetically equally functional' sysvinit would have (b).. And because of this, systemd is certainly more secure? That's one solid argument there.
                  Question tho: do most people need most features by systemd? Or not? Because they do get all it's potential risks regardless.



                  For some reason 'sel4' is not the path chosen by OpenBSD folks, who are chasing namely security. They are doing it by keeping code base minimal, auditing it relentlessly and REMOVING features they think either not needed or potentially risky. So, which approach is more secure?
                  Ok, but systemd makes -no- attempt to abstract internal interfaces. It's a horrible, completely incomprehensible mess of spaghetti code. Sure it has less lines of code, but it damn sure isn't elegant. It's a horribly complex pile of slop. Incomprehensible code has no chance in any hell of being secure. I would love to see some fuzzing results.
                  Last edited by duby229; 09-25-2019, 03:30 PM.

                  Comment


                  • Originally posted by duby229 View Post

                    Ok, but systemd makes -no- attempt to abstract internal interfaces. It's a horrible, completely incomprehensible mess of spaghetti code. Sure it has less lines of code, but it damn sure isn't elegant. It's a horribly complex pile of slop. Incomprehensible code has no chance in any hell of being secure. I would love to see some fuzzing results.
                    I think you meant to quote the other guy

                    Comment


                    • Originally posted by aht0 View Post
                      You base your argument first on a purely hypothetical guess (a), then proceed claiming that systemd has less code than this 'hypothetically equally functional' sysvinit would have (b).. And because of this, systemd is certainly more secure? That's one solid argument there.
                      Question tho: do most people need most features by systemd? Or not? Because they do get all it's potential risks regardless.
                      1 I was not the one who based argument on lines of code.

                      Like or not embedded developers have sized up systemd multi times. Systemd many build options that distributions don't get.

                      Of course I would like to see init system with better security design from the get go right down to using sel4 mathematically secured in code off the start line.

                      This line of min is because I am not happy by systemd construction.

                      Originally posted by aht0 View Post
                      For some reason 'sel4' is not the path chosen by OpenBSD folks, who are chasing namely security. They are doing it by keeping code base minimal, auditing it relentlessly and REMOVING features they think either not needed or potentially risky. So, which approach is more secure?
                      This is the scary thing systemd can at build time have features removed. The smallest functional systemd is smaller than dash/bash. Yes that has fun cgroups around services timers and other things.

                      So on lines of code in a solution if you cut systemd to size with build options systemd wins over sysvinit every single time. Lines of code for security is a really bad metric.

                      Systemd removing functionality to improve security is in fact a option. OpenBSD claim is also bogus thinking they were backing openssl and other over-bloated items that had not been properly code audited.

                      Sel4 method of code auditing/developing is modern newer than OpenBSD development rules.


                      Originally posted by duby229 View Post
                      Ok, but systemd makes -no- attempt to abstract internal interfaces. It's a horrible, completely incomprehensible mess of spaghetti code. Sure it has less lines of code, but it damn sure isn't elegant. It's a horribly complex pile of slop. Incomprehensible code has no chance in any hell of being secure. I would love to see some fuzzing results.
                      Those results are interesting. IOT devices that have been fuzzed if the item is sysvinit exploits are more likely than systemd ones. The danger of a shell is overlooked.

                      Lets say something makes the choice of using bash as there shell in a iot device because that is what the sysvinit scripts they have to work with.
                      https://www.tldp.org/LDP/abs/html/devref1.html
                      Yep bash has direct means to use TCP. So can download stuff straight from initnet
                      Lets say we go busybox including command wget so infection can still download more.
                      What about the alternative toybox it has wget as well.

                      So how are you going to run your sysvinit without making it a security disaster.

                      The shells sysvinit solutions depend on are a horrible complex pile of slop of incomprehensible code. With a lot of features added to shells over the years that come highly dangerous.

                      It a surprise to a lot people that in lines of code you need to use to start a system with systemd is quite light. Systemd in a lot of ways does not have too many lines of code for what it does. Systemd in most cases does not have enough lines of code its too small. One thing about poorly coded code is that is can be ultra compact.

                      Big thing with systemd is all the parts you need to init and service manage a system are in fact included in 1 project so you get to see how many lines of code you are in fact using really clearly. The number of lines of C and other parts sysvinit solutions need to work is a lot bigger than the scripts its really simple to forget to count the shell and the add on programs that those scripts are using.

                      We are in real need of a properly designed from the ground up secure init and service management.

                      Comment

                      Working...
                      X