Announcement

**interested** · 18 June 2014, 02:11 PM

Originally posted by paradis View Post

Linux systems that just work is a nightmare for many. systemd is perhaps the biggest threat to linux job security in many years,
this is the #1 reason for all the angry and desperate trolls.

If you mean that lazy sysadmins who hadn't bothered to learn systemd or refuse to learn it, may face job insecurity, then yes.

systemd will create stronger commercial opportunities for Linux on the long term, simply because it saves cost by eg. enabling more services on the same hardware units, more and faster OS containers, better security, and much better and faster scaling when it comes to deployment, and of course easier mass service maintenance. That will create more Linux jobs.

On a related note, then there seems to some opportunities created by systemd. At the moment there lack some good documentation on how to use systemd for those who aren't total Linux beginners and have experience with Linux administration. There is Lennart's blog, but more examples are needed, especially beyond basic use.

So a good book on systemd (not just the usual rewriting of man pages) aimed at SA's will probably sell quite well.

There will probably be a bottleneck shortage of SA's with good and deep knowledge of systemd the next couple of years. So it is an opportunity for those looking for a promotion/new job. It will look good to have "extensive systemd experience" on the CV in the future.

**CTown** · 18 June 2014, 05:43 PM

Originally posted by justmy2cents View Post

at least as far as i get it. yes,... and... no. if you watch that video link, he mentions how you select target. so, if i selected target like fedora 20, then probably yes. but, if i selected centos5, then it would bundle all libraries needed which means app wouldn't use the ones in system.

i could also imagine that one could make utility that would strip original sandbox like you ask. don't know that for sure, pure guess

ahh, and i did one mistake when saying you never need any special SDK. if you have completely locked down sandbox, then you need special SDK. watch the part where it explains how app would access file. except, that isn't some library with its API like usual, but rather known IPC provider for that feature. video is really worth watching, explains whole lot

Wow, it's sort of surprising to hear how humble Lennart sounds. Especially considering how successful his projects have been and all of the negative things people say about him (I need to remember to read opinions not to absorb them). Perhaps, I need to start watching more of these events! Thanks.

Originally posted by jonnor View Post

Current thinking is that sandboxed applications will be developed against a profile, containing a set of libraries and services that must be present on system claiming to support this profile. These will be more high-level and much more coarse grained than package library dependencies.
Yes, at least the libraries that are part of the profile it targets. I actually hope thatthe media got to me libraries that are on available on a given system, but not part of the target profile.

The proposed profiles so far are something like "libc" (just kernel API + libc), "LSB" (all libraries in Linux Standard Base) and "GNOME" (everything part of the GNOME platform). If consensus can be made, no reason we cannot define ever wider profiles. Though the more packages it includes, the harder to agree on versions etc.
Personally, I hope the mechanism used to implement a profile will make it easy to expose different libraries in the profile compare to what is used as part of the core OS. This would simplify agreeing on versions, because core OS needs will not be in conflict with profile needs. And hopefully make it easy for third-parties to add profile support to an OS when the OS vendor has not.

JavaScript applications that run in the browser, only have access to the things that a regular website does. Which means no filesystem, no raw network sockets, no direct access to device drivers.
They cannot even programmatically access servers different from the one they are served from, unless the server has enabled CORS.

However, JS can be used to develop native apps to, with Node.js or GJS (used in Gnome Shell and some apps), and there browser restrictions do not apply. Chrome, Firefox also offer additional APIs with more access to apps which come from their app stores. This can include filesystem and raw network traffic.

Thanks for the answers. I hope other profiles get included eventually. kdelibs had binary compatibility for like 6 years now after all. Though, it does seem like Gnome tends to do the lower level things, where KDE uses those lower layers and abstracts them in order to get long term API stability.

**liam** · 18 June 2014, 11:11 PM

Originally posted by CTown View Post

That last part sounds like an amazing use case. That does sound a lot like Android's content providers (which makes use of Android Intents).

Though that makes me wonder; can Javascript apps like Dropbox and Gmail actually read my files at any given moment, or just the ones I chose using the file chooser?

Thanks for the anwsers justmy2cents and interested.

You can sandbox now. Start your browser from the commandline with sandbox -Xt sandbox_web_t firefox.
Warning, this uses selinux and xephyr.

**jimbohale** · 19 June 2014, 04:31 AM

Originally posted by liam View Post

You can sandbox now. Start your browser from the commandline with sandbox -Xt sandbox_web_t firefox.
Warning, this uses selinux and xephyr.

Who the fuck wants to go through the trouble? Not me. Xephyr? LMFAO I'd rather break my hard drives than run that. Another layer of turd on the pre-existing turd that is X11.

**doom_Oo7** · 19 June 2014, 08:00 AM

Originally posted by prodigy_ View Post

IPeople say that I'm a hater or a troll. The truth is that I'm neither. Life has taught me not to break things that work.

Silly revolutionaries, why break monarchy when it was working, eh ?

**erendorn** · 19 June 2014, 12:11 PM

Originally posted by doom_Oo7 View Post

Silly revolutionaries, why break monarchy when it was working, eh ?

revolutions are poor examples IMHO, as they tend to end in dictatorship more often than not.
That, and obviously monarchy wasn't working for the revolutionaries, it's not even a good analogy.

Still, steam trains worked, and were replaced. Punched card worked, and were replaced. Copper lanes work and are being replaced. So it does happen all the time.

**prodigy_** · 19 June 2014, 11:39 PM

Originally posted by erendorn View Post

dictatorship

You said it.

**CTown** · 20 June 2014, 01:07 AM

"Working" is not enough. You still have to factor in the efficiency of each system, maintenance, and whether or not keeping the service running in the first place is worth it. Companies like Red Hat make changes to offer a better product in order to attract a greater following and get paid. From there, other communities can build upon these blocks to make something (such as your favorite desktop environment).

First, change has to happen. Change can even include a project disappearing. People who maintain the software we use come and go. As a new generation of maintainers and coders come, who have newer tools and a more sophisticated understanding of the hardware that is actually being used in the real world become the maintainers of an older project, they see a better way of doing things. Perhaps, it's just because they are not attached to the code as the original author.
Two example's of this are

(1) Plasma was originally thought of by KDE3's Kicker final maintainer, Aaron Seigo (but coding Plasma itself was a team effort)
(2) and the guys who eventually became X.org's maintainers drafted the Wayland protocol.

If they see the limitations of the original software, well, it's probably for good reason. They are MUCH more familiar with the code. And, through, their expertise, they lead the project into a new beginning while following the mantras of the original project as best as they can. Let's not forget many of Systemd's new sandboxing features are to compete with Android; an OS that is only a few years old and killing when it comes to adoption and market penetration.

**stiiixy** · 20 June 2014, 01:29 AM

'Dictatorships' actually work in certain scenarios, like warzones. The officer is a dictator. When it comes to lives, you dont fuck around. Similar with a business situation. You're a boss, you're tasked with a project from bigger bosses and handed a time-frame with finite resource. Like 99% of projects. You're not going to run a democratic state if you have a team of guns who know their roles, and you're relying on them to do it. It's not as if dictator's don't listen totheir advisors. How many did Hitler have? 13 (unlucky number, eh)?

Same goes with communism which has actually worked very well in smaller circles.

Don't ask me to cite the sources, as this is all historical stuff amd freely available, but it remains true nonetheless =)

**prodigy_** · 20 June 2014, 01:29 AM

Originally posted by CTown View Post

Let's not forget many of Systemd's new sandboxing features are to compete with Android; an OS that is only a few years old and killing when it comes to adoption and market penetration.

You must be on drugs, pal. The last thing I want on my desktop (let alone on my servers) is an Android-wannabe pseudo-OS.

Announcement

Systemd's Plan For Stateless Systems, Factory Resets

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment