As a system admin who has experience with almost every modern UNIX with the exceptions of Oracle Solaris, NetBSD, QNX, AIX and a few obscure variants who's names escape me at the moment, I have to say systemd is not something I enjoy using.

No wonder your link points to RedHat website. And no wonder systemd is their creation. Of course they don't want Linux to be about choice. They want to get all the money and total control over the ecosystem while the community does the bulk of the kernel and userland development for free.

Have you ever heard the concept of "Attack Surface"? here you can read about it: http://en.wikipedia.org/wiki/Attack_surface
A system deamon that has lots of features, runs as system process, and has its own built-in network services is a intruder's wet dream.

IMHO, as I explained, it is highly likely in a couple of years the vast majority of Gnome apps will be shipping on the Gnome App Store and will therefore depend on the Gnome app runtime environment in systemd. iOS and Android already proved that this model works better than the traditional Linux model, so it's not a massive surprise that the Gnome developers want to bypass the Linux distributions and ship their apps direct to users.

By making it all about boot times, as if that's all systemd has to offer, your argument loses a lot of merit. It loses even more merit by your attack on Lennart.

Making cheap pot shots will not stop distros and DEs from adopting systemd.

Well, it's good then that systemd does not have built-in network services. networkd is a separate daemon, it's not in PID1. PID1 basically just contains the service manager, which includes cgroup handling. The rest is outside PID1.

I just wanted to take a sec and say that I did not copy your post contents one bit. Here I am mentioning attack surface and glory holes and you come up with almost the exact same thing. Its odd. I guess people who hate systemd think alike. What OS do you use, I'm curious.

I have heard of attack surface... do you know how to read? How many times has it been said on here, on blogs, on mailing lists, and god knows where else, that the only thing that runs as pid 1 is the service manager? Everything else is its own binary with its own permissions.

As a system admin who has experience with almost every modern UNIX with the exceptions of Oracle Solaris, NetBSD, QNX, AIX and a few obscure variants who's names escape me at the moment, I have to say systemd is not something I enjoy using. This is for countless reasons, but for consciseness I will keep it to three main points:

1. The performance gains of systemd are far outclassed by the complexity and insecurity drawbacks of it. Security has a multitude of approaches, but I like to approach it by taking a single point of failure caused by a monolithic program or process and break it up into several small programs. This reduces the attack surface from a huge monolith to a bunch of ants, more or less. The issue is, I don't like that systemd handles a good deal of unnecessary things in PID 1. This means a security exploit in those routines or roles can spread to the role of init, which means your machine or server is toast. BSD has an init system ( no, not BSD- style sysvinit ) which does the absolute bare minimum needed: starting and stopping the system from a set of run commands and handles zombie processes. Windows has the exact same issue, everything process related is handled by only a few programs, and need I say how many security exploits target their equivalent of init? Needless complexities are why OpenBSD and the other BEDs like FreeBSD would not want systemd even if it was portable.

2. It's completely unsuitable for servers and it is not even the above reason why. For a server everything is about fault tolerance, reliability, and ease of debugging. Shell scripts are easy to debug as they're basically a text file full of automated commands run by rc to start up and shut down By comparison systemd's .service files have a lot less of the code and basically contains parameters for start up and shut down, not the actual process followed by systemd. If there is a bug in a shell script I can easily run through it and review what it is doing and fix it right then and there. If you find its not a parameter issue with systemd then you have to learn C or hope that the error is in the logs, and even then you need to know what to search for. Its just a train wreck waiting to happen for a server.

3. Finally I think systemd is not the answer to the problems with process supervising in UNIX. Upstart was somewhat better, but an ideal system should leave init alone entirely, just using a standard BSD rc init is fine, and instead use supervision isolated from PID 1, and it should still use shell scripts, and have a modular design, meaning different packages for different applications.

So yes this is why I don't like systemd and why I am moving to BSD for most applications. I think if this systemd dependency BS continues then BSD will develop its own alternative. Look at LibreSSL and OpenSSH, both are forks or alternatives to inadequate solutions.

Red Hat writes 10% of the kernel commits.

dismiss

1. The performance gains of systemd are far outclassed by the complexity and insecurity drawbacks of it. Security has a multitude of approaches, but I like to approach it by taking a single point of failure caused by a monolithic program or process and break it up into several small programs. This reduces the attack surface from a huge monolith to a bunch of ants, more or less. The issue is, I don't like that systemd handles a good deal of unnecessary things in PID 1. This means a security exploit in those routines or roles can spread to the role of init, which means your machine or server is toast. BSD has an init system ( no, not BSD- style sysvinit ) which does the absolute bare minimum needed: starting and stopping the system from a set of run commands and handles zombie processes. Windows has the exact same issue, everything process related is handled by only a few programs, and need I say how many security exploits target their equivalent of init? Needless complexities are why OpenBSD and the other BEDs like FreeBSD would not want systemd even if it was portable.

2. It's completely unsuitable for servers and it is not even the above reason why. For a server everything is about fault tolerance, reliability, and ease of debugging. Shell scripts are easy to debug as they're basically a text file full of automated commands run by rc to start up and shut down By comparison systemd's .service files have a lot less of the code and basically contains parameters for start up and shut down, not the actual process followed by systemd. If there is a bug in a shell script I can easily run through it and review what it is doing and fix it right then and there. If you find its not a parameter issue with systemd then you have to learn C or hope that the error is in the logs, and even then you need to know what to search for. Its just a train wreck waiting to happen for a server.

3. Finally I think systemd is not the answer to the problems with process supervising in UNIX. Upstart was somewhat better, but an ideal system should leave init alone entirely, just using a standard BSD rc init is fine, and instead use supervision isolated from PID 1, and it should still use shell scripts, and have a modular design, meaning different packages for different applications.

This is the key word.

Systemd fanboys don't argue with you. They dismiss your reality and replace it with their fantasies (usually about how systemd is modular and easy to manage).