Systemd inserted a lot of flaws, many of them highly unsecure, for basically no reason other than “easier”,
The main developer being a microslop emoyee and getting windfall from other corporate entities didn’t sync up that great for integrity or security conscious people.
I’m so tired of reading this stupid argument. “People only dislike systemd because they’re afraid of change.” No, there are plenty of other concerning issues about it. I could probably write about a lot of problems with systemd (like the fact that my work laptop never fucking shuts down properly), but here’s the real issue:
Do you really think it’s a good idea for Red Hat to have total control over the most important component of every mainstream distro in existence?
Let’s consider an analogy: in 2008, Chrome was the shit. Everyone loved it, thought it was great and started using it, and adoption reached ~20-30% overnight. Alternatives started falling by the wayside. Then adoption accelerated thanks to shady tactics like bundling, silently changing users’ default browser, marketing it everywhere and downranking websites that didn’t conform to its “standards” in Google search. And next, Chrome adopted all kinds of absurdly complex standards forcing all other browser engines to shut down and adopt Chrome’s engine instead because nobody could keep up with the development effort. And once they achieved world domination, then we started facing things like adblockers being banned, browser-exclusive DRM, and hardware attestation.
That’s exactly what Red Hat is trying to pull in systemd. Same adoption story - started out as a nice product, definitely better than the original default (SysVInit). Then started pushing adoption aggressively by campaigning major distros to adopt it (Debian in particular). Then started absorbing other standard utilities like logind and udev. Leveraging Gnome to push systemd as a hard dependency.
Now systemd is at the world domination stage. Nobody knew what Chrome was going to do when it was at this point a decade ago, but now that we have the benefit of hindsight, we can clearly see that monoculture was clearly not a good idea. Are people so fucking stupid that they think that systemd/Red Hat will buck that trend and be benevolent curators of the open source Linux ecosystem in perpetuity? Who knows what nefarious things they could possibly do…
Red Hay has helped a lot the Linux system, I doubt desktop systems would be a good viable idea by now without their contribution.
Does your analogy imply that you think Red Hat made systemd to eventually break it and thus make Linux not viable? I doubt they could do that without losing all their customers.
I mean, systemd can indeed do a lot of things but it mostly is used for startup and service management. And I prefer systems services to a cronjob.
Btw, i’m stealing your summary of browser monoculture, alright?
Of course! The EEE pattern is crystal clear at this point. The loss of the WWW to the current browser monoculture we’re experiencing is the biggest technological tragedy of our times. I would hate to see it happen with our open source revolution as well.
It uses a completely different paradigm of process chaining and management than POSIX and the underlying Unix architecture.
That’s not to say it’s bad, just a different design. It’s actually very similar to what Apple did with OS X.
On the plus side, it’s much easier to understand from a security model perspective, but it breaks some of the underlying assumptions about how scheduling and running processes works on Linux.
So: more elegant in itself, but an ugly wart on the overall systems architecture design.
It uses a completely different paradigm of process chaining and management than POSIX and the underlying Unix architecture.
I think that’s exactly it for most people. The socket, mount, timer unit files; the path/socket activations; the After=, Wants=, Requires= dependency graph, and the overall architecture as a more unified ‘event’ manager are what feels really different than most everything else in the Linux world.
That coupled with the ini-style VerboseConfigurationNamesForThatOneThing and the binary journals made me choose a non-systemd distro for personal use - where I can tinker around and it all feels nice and unix-y. On the other hand I am really thankful to have systemd in the server space and for professional work.
I’m not great at any init things, but systemd has made my home server stuff relatively seamless. I have two NASs that I mount, and my server starts up WAY faster than both of them, and I (stupidly) have one mount within the other. So I set requirements that nasB doesn’t mount until nasA has, then docker doesn’t start until after nasB is mounted. Works way better than going in after 5 minutes and remounting and restarting.
Of course, I did just double my previous storage on A, so I could migrate all of Bs stuff back. But that would require a small amount of effort.
I have a wait-for-ping service that pings nas A, once it gets a successful response it tries to mount.
I lifted it from a time when I needed to ping my router because Debian had a network-online service bug. I adapted it to my nas because the network-online issue eventually got fixed and mounting my shares became the next biggest issue.
It seems like this person might have grabbed that same fix for what I eventually did because our files are…oddly almost exactly the same.
Do you mean a hang on boot when trying to mount? For that I use the nofail option in fstab. I also use the x-systemd.automount option so if something is not mounted for whatever reason, it tries to mount it when something attempts to access it.
I’ve started doing podman quadlets recently, and the ini config style is ugly as hell compared to yaml (even lol) in docker compose. The benefits outweigh that though imho.
I agree that quadlets are pretty ugly but I’m not sure that’s the ini style’s fault. In general I find yaml incredibly frustrating to understand, but toml/ini style is pretty fluent to me. Maybe just a preference, IDK.
Technically, sysv everything was just a file full of instructions for the shell to parse and initialize. Human readable “technically”. It was simple and light weight. SystemD is a bit heavier and more complex as a system service binary. But that load and complexity is generally offset by added features that are extremely nice to have. Providing much more standardized targets and configuration iirc.
I had to search and dig trying to figure out how to set up services properly for my distro, back in the 90s. And when/how to start/restart them. There wasn’t one way to do it all. SysD made it all much more standard, simple, and clear. It’s biggest sin, is that it’s one more binary attack surface that might be exploited.
Yeah, sysv init is all just scripts under the hood, and it’s a bit fragile/arcane. You have to write a bunch of files by hand, reference them correctly, and place and link them in the right directories. Systemd is a bit better, I have to admit that.
Init scripts are just scripts. Technically, they don’t introduce any unique vulnerabilities of their own. Just the flaws in the shell itself or server binaries. A poorly written script absolutely can and will still fuck your day up.
SystemD is a program. Which could introduce its own unique buffer overflows or use after free opportunities. I’ve not heard of any. But its possible. However, its standard set of interfaces and systems make the risks of writing your own bad scripts or just using other people’s random bad scripts like we used to much less an issue.
I honestly don’t get what people were so up in arms about, besides just not wanting to change what already worked for them.
Systemd inserted a lot of flaws, many of them highly unsecure, for basically no reason other than “easier”,
The main developer being a microslop emoyee and getting windfall from other corporate entities didn’t sync up that great for integrity or security conscious people.
https://www.jfr.im/blog/2024/03/systemd-discourse-sucks/
I’m so tired of reading this stupid argument. “People only dislike systemd because they’re afraid of change.” No, there are plenty of other concerning issues about it. I could probably write about a lot of problems with systemd (like the fact that my work laptop never fucking shuts down properly), but here’s the real issue:
Do you really think it’s a good idea for Red Hat to have total control over the most important component of every mainstream distro in existence?
Let’s consider an analogy: in 2008, Chrome was the shit. Everyone loved it, thought it was great and started using it, and adoption reached ~20-30% overnight. Alternatives started falling by the wayside. Then adoption accelerated thanks to shady tactics like bundling, silently changing users’ default browser, marketing it everywhere and downranking websites that didn’t conform to its “standards” in Google search. And next, Chrome adopted all kinds of absurdly complex standards forcing all other browser engines to shut down and adopt Chrome’s engine instead because nobody could keep up with the development effort. And once they achieved world domination, then we started facing things like adblockers being banned, browser-exclusive DRM, and hardware attestation.
That’s exactly what Red Hat is trying to pull in systemd. Same adoption story - started out as a nice product, definitely better than the original default (SysVInit). Then started pushing adoption aggressively by campaigning major distros to adopt it (Debian in particular). Then started absorbing other standard utilities like logind and udev. Leveraging Gnome to push systemd as a hard dependency.
Now systemd is at the world domination stage. Nobody knew what Chrome was going to do when it was at this point a decade ago, but now that we have the benefit of hindsight, we can clearly see that monoculture was clearly not a good idea. Are people so fucking stupid that they think that systemd/Red Hat will buck that trend and be benevolent curators of the open source Linux ecosystem in perpetuity? Who knows what nefarious things they could possibly do…
But there are hints, I suppose. By the way, check out Poettering’s new startup: https://news.ycombinator.com/item?id=46784572
Red Hay has helped a lot the Linux system, I doubt desktop systems would be a good viable idea by now without their contribution. Does your analogy imply that you think Red Hat made systemd to eventually break it and thus make Linux not viable? I doubt they could do that without losing all their customers.
I mean, systemd can indeed do a lot of things but it mostly is used for startup and service management. And I prefer systems services to a cronjob.
Amutable - verifiable system integrity
Btw, i’m stealing your summary of browser monoculture, alright?
Of course! The EEE pattern is crystal clear at this point. The loss of the WWW to the current browser monoculture we’re experiencing is the biggest technological tragedy of our times. I would hate to see it happen with our open source revolution as well.
There are now multiple alternatives that do a better job at what Systemd does.
What is it always with Systemd-is-the-only-alternative (vs. SysV scripts)? That’s 15 years out of date.
Also, you don’t need sockets.
It uses a completely different paradigm of process chaining and management than POSIX and the underlying Unix architecture.
That’s not to say it’s bad, just a different design. It’s actually very similar to what Apple did with OS X.
On the plus side, it’s much easier to understand from a security model perspective, but it breaks some of the underlying assumptions about how scheduling and running processes works on Linux.
So: more elegant in itself, but an ugly wart on the overall systems architecture design.
Lol, no. Way more code in Systemd. Also more CVE per year than in some bad (now dead) init/svc’ lifetime.
I think that’s exactly it for most people. The socket, mount, timer unit files; the path/socket activations; the
After=,Wants=,Requires=dependency graph, and the overall architecture as a more unified ‘event’ manager are what feels really different than most everything else in the Linux world.That coupled with the ini-style VerboseConfigurationNamesForThatOneThing and the binary journals made me choose a non-systemd distro for personal use - where I can tinker around and it all feels nice and unix-y. On the other hand I am really thankful to have systemd in the server space and for professional work.
I’m not great at any init things, but systemd has made my home server stuff relatively seamless. I have two NASs that I mount, and my server starts up WAY faster than both of them, and I (stupidly) have one mount within the other. So I set requirements that nasB doesn’t mount until nasA has, then docker doesn’t start until after nasB is mounted. Works way better than going in after 5 minutes and remounting and restarting.
Of course, I did just double my previous storage on A, so I could migrate all of Bs stuff back. But that would require a small amount of effort.
what do you use as a prerequisite for the nas A mount? or does it iust keep trying in a loop?
I have a wait-for-ping service that pings nas A, once it gets a successful response it tries to mount.
I lifted it from a time when I needed to ping my router because Debian had a network-online service bug. I adapted it to my nas because the network-online issue eventually got fixed and mounting my shares became the next biggest issue.
It seems like this person might have grabbed that same fix for what I eventually did because our files are…oddly almost exactly the same.
https://cweiske.de/tagebuch/systemd-wait-nfs.htm
thanks!
do you perhaps also have a solution for hanging accesses to network mounts when the server is inaccessible?
Do you mean a hang on boot when trying to mount? For that I use the
nofailoption in fstab. I also use thex-systemd.automountoption so if something is not mounted for whatever reason, it tries to mount it when something attempts to access it.no, I mean the system has been up for a long time, but the server went down, and connection was lost
I’ve started doing podman quadlets recently, and the ini config style is ugly as hell compared to yaml (even lol) in docker compose. The benefits outweigh that though imho.
I agree that quadlets are pretty ugly but I’m not sure that’s the ini style’s fault. In general I find yaml incredibly frustrating to understand, but toml/ini style is pretty fluent to me. Maybe just a preference, IDK.
Technically, sysv everything was just a file full of instructions for the shell to parse and initialize. Human readable “technically”. It was simple and light weight. SystemD is a bit heavier and more complex as a system service binary. But that load and complexity is generally offset by added features that are extremely nice to have. Providing much more standardized targets and configuration iirc.
I had to search and dig trying to figure out how to set up services properly for my distro, back in the 90s. And when/how to start/restart them. There wasn’t one way to do it all. SysD made it all much more standard, simple, and clear. It’s biggest sin, is that it’s one more binary attack surface that might be exploited.
Yeah, sysv init is all just scripts under the hood, and it’s a bit fragile/arcane. You have to write a bunch of files by hand, reference them correctly, and place and link them in the right directories. Systemd is a bit better, I have to admit that.
Why are binaries uniquely attackable in a way that init scripts aren’t?
Init scripts are just scripts. Technically, they don’t introduce any unique vulnerabilities of their own. Just the flaws in the shell itself or server binaries. A poorly written script absolutely can and will still fuck your day up.
SystemD is a program. Which could introduce its own unique buffer overflows or use after free opportunities. I’ve not heard of any. But its possible. However, its standard set of interfaces and systems make the risks of writing your own bad scripts or just using other people’s random bad scripts like we used to much less an issue.