Announcement

Collapse
No announcement yet.

systemd Rolling Out "run0" As sudo Alternative

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by holunder View Post

    Mastodon•social has a rather slow moderation, much spam accounts and typically rather bans more left-wing accounts in conflicts rather than the right-wingers with hate agenda. Also, it’s federating with Meta’s "Threads", allowing queer-hating ("queerphobic") accounts like "Libs of TikTok" to interact with the fediverse.
    Can you recommend an alternative(s) to me? I don't like the sound of any of that. I'm still new to mastodon and trying to figure everything out. I figured mastodon.social would be a safe bet just since it's the "default"

    Comment


    • #22
      Originally posted by holunder View Post

      Mastodon•social has a rather slow moderation, much spam accounts and typically rather bans more left-wing accounts in conflicts rather than the right-wingers with hate agenda. Also, it’s federating with Meta’s "Threads", allowing queer-hating ("queerphobic") accounts like "Libs of TikTok" to interact with the fediverse.
      I wonder why? The only death threats I ever got were from queer activists because I cautioned them about their aggressive tone and tactics and stated that people like me get estranged by this.

      Comment


      • #23
        Originally posted by slalomsk8er View Post

        I wonder why? The only death threats I ever got were from queer activists because I cautioned them about their aggressive tone and tactics and stated that people like me get estranged by this.
        please understand that these hyper-online people aren't representative of the IRL LGBT+ community. We're a very diverse community, with differences of opinions that have led to many divides. These people usually seem to represent (the extreme end) of just one faction in our community.

        Comment


        • #24
          Originally posted by nvaert1986 View Post
          I don't understand why there's so much hatred against systemd. There's nothing or nobody forcing you to use a specific feature. There's alternatives for those that don't want to use systemd explicitly, but I'm actually a Gentoo user with systemd, because everything just integrates better and makes my life easier, but that doesn't mean I'm using everything.
          You're not using everything, but the way systemD is built large parts of it are so inter-dependent they're like beads on a string. You can't have one specific thing without a chain of dependencies and due to being created to replace something truly ancient and genuinely in need of replacement you can't really avoid it entirely. If you want to run modern Linux, you have little choice but to use many of the core components.

          Its not just bad design that it's ended up functionally monolithic, there's also the ability to leverage vulnerabilities across multiple components. Something which was quite poignantly demonstrated in the wild with the supply chain attack on XZ, which went completely unnoticed by Pottering & Co.

          All of the above is my personal choice and no-one else's.
          That's kind of the contention people have with systemD; Wanting to use "A", you end up having to replace "X" with SystemD component "B", "Y" with systemD component "C" because they're all so tightly interlinked they may as well be entirely monolithic. This is specially aggravating when systemD was first created to replace something that genuinely needed to be replaced and has used its functionally monolithic nature to crowbar its way into more and more parts of the OS like its the Master Control Program (the villain) from the original Tron.

          I also understand why they're picking 1 standard to support from a developers perspective
          That'd make sense if Linux and open source was still where it was back in the late 90s. However its basically taken over everything that isn't a desktop computer or a small embedded RTOS device so there absolutely are enough developer resources that you don't have to settle for something that's "Not good, but good enough".

          Specially when its now been conclusively and poignantly proven that its functionally monolithic nature has made it highly vulnerable to supply chain attacks and the developers found to have been totally asleep at the wheel regarding them.
          Last edited by L_A_G; 30 April 2024, 08:31 AM.
          "Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."

          Comment


          • #25
            To hell with topic derailment and complete lack of moderation on these forums starting from the very first page of comments. Zero interventions regarding security and robustness. I'm not a security guy, but this sounds neat. Poettering is always interesting and pleasant to read; that being said, I hate this trend of writing multiple comments on lame social thingies instead of writing actual articles, especially since he's got a blog already.

            Comment


            • #26
              Originally posted by Artim View Post

              Unmaintainable, pretty much not readable scripts. It's called progress. Live with it or do better. I doubt very much the likes of SysV Init are stronger reviewed than systemd that's used by everyone. Sure, those scripts are way older, but since they are phased out in any productive environment, you can't really tell them "under strong review" as nobody cares about them anymore.
              [ me saying, boot up procedure of systemd modules is not that obvious with systemd (or intuitively adjustable), but configuring&maintaining boot logs and adjusting individual distribution in-|dependent service tools is more standardized and 'easier' for application accustomed users, with suitable instruction/manuals(?)

              another POV on 'systemd-run0'
              "run0 may be used to temporarily and interactively acquire elevated or different privileges. It serves a similar purpose as sudo(8), but operates differently in a couple of key areas:
              • No execution or security context credentials are inherited from the caller into the invoked commands, as they are invoked from a fresh, isolated service forked off the service manager.
              • Authentication takes place via polkit, thus isolating the authentication prompt from the terminal (if possible).
              • An independent pseudo-tty is allocated for the invoked command, detaching its lifecycle and isolating it for security.
              • No SetUID/SetGID file access bit functionality is used for the implementation.
              Altogether this should provide a safer and more robust alternative to the sudo mechanism, in particular in OS environments where SetUID/SetGID support is not available (for example by setting the NoNewPrivileges= variable in systemd-system.conf(5)).

              Any session invoked via run0 will run through the "systemd-run0" PAM stack.

              Note that run0 is implemented as an alternative multi-call invocation of systemd-run(1)." ]
              Last edited by back2未來; 30 April 2024, 08:57 AM. Reason: more obvious formal separation of items

              Comment


              • #27
                back2未來you really should learn to make comments that actually make sense and not just stringing a few words and quotes together without any context.

                Comment


                • #28
                  Originally posted by Noitatsidem View Post
                  please understand that these hyper-online people aren't representative of the IRL LGBT+ community. We're a very diverse community, with differences of opinions that have led to many divides. These people usually seem to represent (the extreme end) of just one faction in our community.
                  I don't want to get too off-topic here, and don't worry I think my posting here is fair and non-inflammatory for sure. One thing I have come to learn these last few years is that the most extreme voices tend to "shout" the loudest. Same for the far left as it is for the far right, and vice-versa.

                  I have become more and more of a "live and let live" kind of person. In the end, the most important characteristic in somebody is whether or not they are a decent person. Not perfect, but decent and isn't out causing harm to other people. I have become more conservative as I have gotten older, but ultimately that is on an issue by issue basis. I try to look at all issues and see them independently, think about how I might feel about them each independent of each other. The last thing I want to do is subscribe to a "weekly email list" that updates me on how I should feel about things, most of them not related to each other and should be evaluated on their own. That is why I do not subscribe to myself any capital letter labels (e.g. Conservative, Liberal, Republican, Democrat, etc.)

                  In the end, people tend to gravitate to others for all sorts of different reasons, and I strongly believe in the rights for personal free association. But anyone who is just doing their thing and not harming other people deserve to be treated fairly and be allowed to do the same. There are always going to be disagreements about where the line of harm is etc., but if people are just being people, and they are pleasant and not causing issues, then I tend not to have any issues myself no matter who they are. It has been a much better way to be for me, and I intend to stick to some form of this course.

                  Comment


                  • #29
                    I ran out of popcorn

                    Comment


                    • #30
                      Originally posted by Artim View Post
                      back2未來you really should learn to make comments that actually make sense and not just stringing a few words and quotes together without any context.
                      [ btw, how tell people Earth is not center of a solarsystem, if 99% are told so and believing on it; but in reality progress followed ]

                      Comment

                      Working...
                      X