Was not systemD introduced as a unification of hosts and their API and also as an easy method to pawn them and control from hardware agencies trojans too (virtualization bootkits in UEFI, boot storage controllers, may be injected by proprietary software like browsers, etc.) ?

It is laughable when all systemD problems are thought as Pottering mistakes, he is just a general employee under control of RedHat and their sponsors  and can be replaced in a single day if they wanted, though it would not change anything.

What happens to users of systemD is a big agenda from far above its current developer.

Btw, it is my post number 42

May be it is a good idea to isolate almost all programs and services like Qubes does, but using many dedicated single boards with SoC CPUs immune to Spectre like Cortex A7 instead of XEN for everything on the same board?

As much as possible can be brought out to several boards with OpenBSD (say DNS, anonymous tunnel, different proxies, SSH gateways to local X86 servers, everything non significant what you see in pstree on your localhost now).

And the things where OBSD is not enough we can run on many Linuxes with a patched libre kernel like grsec or @anthrax and add different mandate controls like AppArmour and other?

Actually Linux is generally needed only for relatively high performance X86 boards to run WINE and some heavy applications, even a desktop can run on a dedicated OpenBSD single board with Xenocara X11 and several sub X11 per each non trusted application like IRC client, browsers, etc.
X11 host can be used for remote rendering without actual application running on it.

What do you think about following OpenBSD criticism?

https://web.archive.org/web/20200509022 … enbsd.html

I think it may be some type of a discord of another nature like following:

If we look at OpenBSD community and talk to them, we will know that they prohibit USA citizens to work on OBSD crypto at least because of USA export restrictions on cryptography, they see Linux sponsors often being controlled by USA and NSA, they recommend to NOT use Libreboot and GNU code as it may be infected by hardly visible NSA backdoors. The most obvious backdoor is systemD, btw.

I think such open source GNU backdoors are targeted at modern hardware closed source trojans, UEFI plugins and other bootkits. But then OpenBSD may include some software backdoors from GB MI5/MI6?

If we look at american Whonix they promote Linux, undocumented security patches by @anthrax and GNU software welcomed by NSA.

Of course I may be wrong, just an idea.

Also add here China (often sponsored by London) vs USA commercial collisions (if they are not just a political theater).

But there is some strange situation with package dependency lists which are present only in Salix derivative if I understood correctly that puzzle.

Slackware derivatives:

Many opinions about Slackware:

https://web.archive.org/web/20200509091 … e-in-2018/

One of them, e.g.:

Can you please argue your above statement? Alpine apk is fast, yes, but in most other terms I would prefer well established dpkg based tools like apt, wajig, etc.
Actually the only most significant disadvantage of apk for me is a lack of analogue of debsums.

But as for Slackware package manager - I do NOT like anything about it, the only good thing about Slackware - its stability and non rolling release cycles which could be useful only if some day in the future we lose Devuan and Alpine, most likely it will not happen, hopefully long life for Devuan and Alpine.

Salix is a Slackware with automatic resolution of package dependencies, I guess it shall be a good stable server distro.
You can evaluate Salix popularity looking at their forum at: https://forum.salixos.org/
For me Salix total forum activity looks comparable to Devuan forum.
Take into account that Salix is completely compatible with famous Slackware on which it is based (packages, settings, etc.) for which there are even much larger forum areas.
If I understood correctly the only thing Salix adds over Slackware is a list of dependencies for packages.
Do you know any public online forum with more messages about Alpine than Salix? And for Slackware a spread in popularity will be even more if counting only standalone installations (not containers).
Slackware v15 is still not ready for over 4 years since v14.2 release already though there are rumors it is on the way and will be released in about a year finally.
Most likely that is why there is less activity on Salix forums in the last year.

Actually I am interested only in server distributions since I am very happy with Trinity Desktop even on now relatively old Devuan ASCII.
Even Beowulf release of Devuan would be an overkill for my already excellent (for me) desktop.

If I need some new shiny program I can start it in a VM with rendering on my ASCII Trinity desktop, just: ssh -X guest "new_prog"

Just for a short testing period I would even suffer if a guest program would be in a systemD based distro.
Though provided with Gentoo and Arch guests it is not actually needed, almost always they can provide me anything I need with OpenRC init in a guest VM running on Devuan host.

These two rolling distros (Gentoo and Arch) have so fresh packages and I never care if they break some day in a guest VM on a rock solid Devuan host, if needed I can just zfs rollback a guest zvol to an earlier snapshot state.

Devuan ASCII is super stable for me, I have never seen original Debian so stable on my desktop. Sometimes earlier Debian desktop hanged  at least about once per 1-2 weeks of continuous work in KDE. Though not sure what is the reason of improved stability now, stable Devuan free from systemD, Trinity instead of often updated KDE or something else. My desktop computer can work now with many GUI programs for months without any need to reboot or reset. On the other hand for servers even Debian was always very stable, Devuan of course too.

I can easily configure services in any distro free from systemD, it is relatively non time consuming task, example (Devuan ASCII):

But there is much more security in OpenBSD, then just minimum amount of services, if I would compare OpenBSD to Linux I would mention at least following manual config actions for Linux needed:

Kernel needs to be Libre and sometimes patches needed with many compile time and startup time options for enabling different security settings.
Need to configure AppArmor.
Settings in sysctl
/etc/ configs of services often need to be customized for better security.

Distros look for me like following list now:

Stable main OS: Devuan, OpenBSD
Alternative main OS: Alpine, Salix
Guest OS: ^above, Parabola, Gentoo, GUIX
Legacy usable OS: Debian v4-v7, RH/Centos v4-v6
Unusable shit OS: any distro nailed to systemD

Distros look for me like following list now:

Main OS: Devuan, OpenBSD (non Linux)
Alternative main OS: Alpine, Salix
Guest OS: ^above, Parabola, Gentoo, GUIX

All mentioned above distributions except OpenBSD and GUIX support at least OpenRC init system, and some of them provide more options for their init system. None of them forces you to use systemD without your choice.
So OpenRC is supported in: Devuan, Alpine, Salix (Slackware), Parabola and Gentoo.

Devuan, Alpine, Salix and OpenBSD have release model suitable for stability in production usage.
Parabola and Gentoo are rolling distributions without release cycles, so they provide more recent, fresh versions of the software but not always stable enough, therefore they are only good for experimenting, e.g. as VM guests.

Legacy usable OS: Debian v4-v7, RH/Centos v4-v6
Unusable shit OS: any distro nailed to systemD without a choice to replace it with something else like OpenRC or at least sysv.

Gentoo still has a so called hardened profile though without PAX. It is most likely a set of some compiler options.

I wonder if Devuan security level is worse than Gentoo hardened profile?

Btw, is it possible to rebuild a complete workable subset (like for a mini debootstrap) of Devuan/Debian packages for i586? Only for text mode SSH session?
In Gentoo I can rebuild world for i586 (and even for i486).

If we look at https://forums.whonix.org/c/news
there is so much work is done for improving distro security, unfortunately it is based on Debian instead of Devuan.

There are so many hardening manuals for Linux, like for Windows too.
Why not having a Linux distro with default configuration similar to OpenBSD, which is the most secure by default and any custom change would be an opt out of security rather than opt in?

Devuan+OpenRC+IceWM+ZFS, only 256Mb of total 2GB RAM used on a 64bit Core2Duo PC:

root@backup1:/# free
              total        used        free      shared  buff/cache   available
Mem:        2002032      251196     1673404        7948       77432     1632964
Swap:             0           0           0
root@backup1:/# pstree
init─┬─cron
     ├─2*[dbus-daemon]
     ├─dbus-launch
     ├─6*[getty]
     ├─matchbox-deskto
     ├─nodm─┬─Xorg─┬─{InputThread}
     │      │      └─2*[{Xorg:disk$0}]
     │      └─nodm───x-session-manag───sakura─┬─bash
     │                                        ├─{gmain}
     │                                        └─{sakura:disk$0}
     ├─rsyslogd─┬─{in:imklog}
     │          ├─{in:imuxsock}
     │          └─{rs:main Q:Reg}
     ├─screen───sh───sleep
     ├─sshd─┬─sshd───bash───pstree
     │      └─sshd───bash───watch
     ├─udevd
     └─zed───{zed}

root@backup1:/# zpool list
NAME      SIZE  ALLOC   FREE  EXPANDSZ   FRAG    CAP  DEDUP  
Backup  5.44T  5.22T   227G         -     9%    95%  1.00x  
system   57.5G  15.2G  42.3G         -     3%    26%  1.00x