You are not logged in.
There is a lot I could say about this news article, but I'll let it speak for itself.
https://www.theregister.co.uk/2017/07/0 … _accounts/
I will say "Thank You!" to everyone involved with Devuan, from the dev team all the way down to the forum staff and my fellow users. With out all of your efforts GNU/Linux would be on a dead end road to over complexity, mediocrity, insecurity, and instability.
lazlo
Last edited by lazlo (2017-07-06 02:36:31)
Offline
In my experience, Microsoft did on occasion drag their feet, but never flat-out refused to fix a bug in public view.
Over time, their larger-$ customers (and later some persistent white-hat hackers) forced many clean-ups.
We should also acknowledge that several other distribitions (and several non-Linux operating systems) have avoided such code.
We are not alone.
Last edited by Somewhat Reticent (2017-07-06 03:52:51)
Offline
I'm beginning to get the feeling that he, (Lennart Poettering), is secretly working for Microsoft, seems all his software has bugs that he calls features.
Last edited by FOSSuser (2017-07-06 07:58:11)
Offline
I'm beginning to get the feeling that he, (Lennart Poettering), is secretly working for Microsoft, seems all his software has bugs that he calls features.
More like pissy Microsoft wannabe, but never good enough to make the cut to make the big bucks in Redmond or Cupertino. Gnome devs=same thing.
They despise people having any choices, want to further close the source and commercialize linux and give it unremoveable "branding", these people are the very antithesis of everything open-source stands for, and a clear and present danger to free software going forward.
https://sourceforge.net/projects/vuu-do/
Vuu-do GNU/Linux, minimal Devuan-based openbox systems to build on, maximal versions if you prefer your linux fully-loaded.
Please donate to support Devuan and init freedom! https://devuan.org/os/donate
Offline
They despise people having any choices, want to further close the source and commercialize linux and give it unremoveable "branding", these people are the very antithesis of everything open-source stands for, and a clear and present danger to free software going forward.
Mate, you took the words right out of my mouth.
=>Commercialisation <==> Compartmentalisation <==> Capture<=
Worse it breeds bad code, with shallow assumptions, and rent seeking behaviours.
(sorry its a bit early for thinking
Last edited by PeteGozz (2017-07-09 00:51:48)
Offline
They despise people having any choices, want to further close the source and commercialize linux and give it unremoveable "branding", these people are the very antithesis of everything open-source stands for, and a clear and present danger to free software going forward.
Their fascination with all things from that west coast forbidden fruit company is a dead giveaway. When they show up at a Linux/Open Source conference with their Macbook and then proceed to show Linux running in a VM to show $COOL_FEATURE, it's another dead giveaway that they're not of, by, or for the community. Or, more worrying, they respond to a bug report with, "What's an Xfce?"
They are paid hacks, doing what they're paid to do and trying to pass themselves off as members of the community. There is now a line that must be drawn between the community as we've known it and those who are something else (I'm not sure what to call them). To be sure, I have no problem with being paid to develop Free Software, so long as such software fits the philosophy and spirit of The Unix Way. When it follows some other way, especially in the base system, a user desktop app not so much, then it's time to call its usefulness into question.
Last edited by Nate (2017-07-09 17:16:42)
Offline
Meanwhile...
In the real world.
Offline
Meanwhile...
In the real world.
If this were a first-person shooter game, this is what we would call a headshot:
"....And yes, a large part of this may be that I no longer feel like I can
trust "init" to do the sane thing. You all presumably know why."Linus
BOOM.
Rock on Devuan!
https://sourceforge.net/projects/vuu-do/
Vuu-do GNU/Linux, minimal Devuan-based openbox systems to build on, maximal versions if you prefer your linux fully-loaded.
Please donate to support Devuan and init freedom! https://devuan.org/os/donate
Offline
There is a lot I could say about this news article, but I'll let it speak for itself.
https://www.theregister.co.uk/2017/07/0 … _accounts/
I will say "Thank You!" to everyone involved with Devuan, from the dev team all the way down to the forum staff and my fellow users. With out all of your efforts GNU/Linux would be on a dead end road to over complexity, mediocrity, insecurity, and instability.
lazlo
Mediocrity, complexity, mediocrity, insecurity, and instability?
That sounds like proprietary operating systems... which reminds me...
how can something libre like systemd be as crappy as proprietary software?
That is some feat to make libre software suck as much as proprietary software.
Not a good one though, very awful, but a feat nonetheless...
Last edited by zapper (2017-07-11 19:09:52)
Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!
Offline
Here is a good article written by a very mature sys-admin and critic of systemd on the analogy of a system with systemd to a bicycle brake system.
http://troubleshooters.com/linux/systemd/bikebrakes.htm
He is also the author for what some believe as the top of the line manual for sys-administrators anywhere.
Needless to say that I still can't understand 90% of it.
Offline
I do not think that a "it took 2 years to change" is any useful metric at all.
People have real lives and things can get into the way. Devuan is also more
like debian 2.0 rather than "just" an init-freedom system and things take
time. Would it have been possible to work faster? I suppose so. Lots of
people could have helped too in theory, but in practice? And who pays them?
People who have reallife jobs and have to make a living to sustain their family
can invest ... how much time?
How old is systemd in comparison? 5 years? Actually it was started in 2010, so that
is 7 years old by now. And it still has problems such as 0day root exploits such as the
one linked in above, despite having tons of developers (Poettering is not the only
one, there are more red hat drones working on it). They also have tons of
incompetent developers, as otherwise this stream of massive bugs wouldn't
happen.
I think that the more general, bigger problem is that corporate hackers took
away a huge part of Linux. And the quality of software stack suffered
immensely as a consequence; see Gnome 3, see Unity (officially now
failed), see KDE5. See the recent switch by GTK to transition into meson
and ninja. Why? Not because the users wanted it but because the developers
wanted it. The same of course applies to the systemd take-over of debian too,
by the way, and I come to believe that the root cause of all evil are several
indivdual, lazy, snobbish and egoistic developers. Most of them may be
corporate drones but I think that it is more general that their ego gets into
the way.
Last edited by shevy (2017-08-16 01:51:19)
Offline
I thought that the justification for the vulnerability would be that to install or activate a unit you must be root already, that's why they're not giving it much attention. But imagine having bad behaving software with a root privilege granted by systemd's vulnerability! Your good day systemd.
Last edited by direprobs (2017-09-25 12:53:20)
Offline
greenjeans wrote:They despise people having any choices, want to further close the source and commercialize linux and give it unremoveable "branding", these people are the very antithesis of everything open-source stands for, and a clear and present danger to free software going forward.
Their fascination with all things from that west coast forbidden fruit company is a dead giveaway. When they show up at a Linux/Open Source conference with their Macbook and then proceed to show Linux running in a VM to show $COOL_FEATURE, it's another dead giveaway that they're not of, by, or for the community. Or, more worrying, they respond to a bug report with, "What's an Xfce?"
They are paid hacks, doing what they're paid to do and trying to pass themselves off as members of the community. There is now a line that must be drawn between the community as we've known it and those who are something else (I'm not sure what to call them). To be sure, I have no problem with being paid to develop Free Software, so long as such software fits the philosophy and spirit of The Unix Way. When it follows some other way, especially in the base system, a user desktop app not so much, then it's time to call its usefulness into question.
I agree with you. I recall that one of them, in a keynote I watched, someone asked if systemd can be removed and replaced with another init. The systemd guy said, no it's Linux and systemd. It's really highly integrated in such a way that you can't manipulate it. Imagine a future where all your essential daemons integrated with systemd, what a nightmare! I can't even understand why an init implements daemons, just why? Are the traditional Unix daemons suck for example? Bffff!
Offline
Talking about community and non-community you must remember how things are working globally.
Universities that mass produce IT professionals are no longer utilizing their internal manpower to handle things. They lease hardware that come with service and maintenance contracts. With the exception of CS/EE research projects, the rest of the system is run by private consulting and service subcontractors. This way MS and Debian servers and systems are "mandated" on everyone but the very elit of CS/EE. When the mass produced "product" gets consumed by gov/priv. organizations, that is all they know and feel confortable with, they will not recommend something "foreign". So the plague has its carriers and its victims.
To break the monotony you hear some minor examples especially in 3rd world countries that interests of domination have not yet reached using what the "community" prefers. You go talk like this in Debian and RedHat forums and they will find a reason to ban you.
This leaves a very "small community".
Offline
Linux is/was a good OS, but certain interests are contaminating it, taking away our freedom to use it how we want to, & this goes against the unix principle freedoms that it is/was based on. I keep my hand in with BSD, just in case.
Offline
My project (Vuu-do) is certainly not a bully pulpit and I don't use it as such...but some days I just can't help but slide in an opinion somewhere obscure that only a wandering geek would find.....
https://sourceforge.net/projects/vuu-do/
Vuu-do GNU/Linux, minimal Devuan-based openbox systems to build on, maximal versions if you prefer your linux fully-loaded.
Please donate to support Devuan and init freedom! https://devuan.org/os/donate
Offline
Now that's funny!
Online
I didn't know I had /var/lib/sytemd/deb-systemd-helper-enabled, but I do. Pardon my ignorance, but why would a Devuan installation have/need that?
Yuck, I feel like I just stepped on a pile of dog poop.
Last edited by GNUser (2017-09-27 19:25:19)
Offline
I'm beginning to get the feeling that he, (Lennart Poettering), is secretly working for Microsoft, seems all his software has bugs that he calls features.
I'd be more inclined to say Poettering is NSA, as they're the biggest funders of Red Hat if you follow the money trail (in-fact, Red Hat's biggest customers are all primarily US government, including the likes of DISA and DoD).
Microsoft has been trying to take out Linux for years, and it seems a bit suspicious that 'now' they would succeed when they're opting to adopt Linux technology (Azure, SONiC, Ubuntu in Windows 10, etc). It strikes me in reality that Microsoft have actually given up and finally gotten onboard with open-source (like a lot of corporations before them). The fact Lennart Poettering is explicitly telling you that the insecurity is an intended feature seems to be his very poor way of dropping a hint, IE that insecurity is by design. And there's only one organisation that dabbles in insecurity by backdoors.
(And no, it isn't Microsoft. They're only interested in profits at the end of the day. Bad security means bad PR which means a loss of profits. Unless of course there's government money to be had. Wonder how much they paid for Windows 10?)
Offline
They despise people having any choices, want to further close the source and commercialize linux and give it unremoveable "branding", these people are the very antithesis of everything open-source stands for, and a clear and present danger to free software going forward.
Corporations have a vested interested in preventing systemd (didn't Google air some reservation over systemd?) because having it restricted defeats the point of both open collaboration (IE shared resources) and choice orientated (IE the ability to customise it to your particular needs). One of the major issues a lot of organisations are having with systemd is it's abusive practices on logging.
Specifically, systemd is such that it either 'logs everything' or it 'logs nothing' (my first reading of this is what prompted alarm bells it's surveillance state technology). For companies, this isn't acceptable, because logging more than you have to (IE user interactions) creates a legal liability, in the sense that if an agent turns up with a warrant, you can't honestly say you don't collect that information because all they'd have to do is point to systemd, point to the fact it logs everything (and if logging is disabled then good luck debugging anything) and handwave towards a judge.
If you had a pre-systemd configuration, you could set logging to specified levels and not capture what you're not interested in, so when a warrant turns up you can genuinely say you don't have that information on record.
Companies want less legal liability, not more. So why they aren't actively teaming up to defeat this monstrosity that is systemd (which will eventually pollute every specialist endeavour such as embedded systems and specialist services) is beyond me. Methinks the closed doors approach and removal of the ability of the average users to vote in how Linux as a whole is developed is part and parcel of this, and there's no denying there's clear vested interests involved (clearly both government and corporate), but if the other companies don't start siding with the anti-systemd crowd, if they're not careful, systemd might be the only 'viable' choice, between that and Windows 10.
I can always ditch my computer. Large scale server infrastructure? Not so much.
Offline
You are forgetting BSD, it is what was used prior to Linux development, is still available freely, & is totally free of the systemd bug.
Offline
You are forgetting BSD, it is what was used prior to Linux development, is still available freely, & is totally free of the systemd bug.
Do you mean like OpenBSD and FreeBSD? Me and a friend were digging into various OSes to see which ones don't have systemd.
I eyeballed Alpine whilst my friend eyeballed OpenBSD and Gentoo. Surprisingly enough, all had traces of systemd. Alpine doesn't have systemd initially (great if you like 1980s text command interface with no real functionality, I guess?), but the moment you install XFCE (seemingly the only desktop environment you can get working on there), udev dependencies come flying in along with systemd references. In the case of OpenBSD I was told by my friend that folders (/lib/systemd etc) were found on there, and in the case of Gentoo systemd was a running process(!).
In both Alpine and Gentoo's case they make a point of stating they're systemd-free, so it's quite surprising. OpenBSD not so much, but I regularly hear how BSD is systemd free.
I probably should download an ISO of FreeBSD and take a look. Perhaps people's ideas of 'systemd-free' is different to mine; I mean in the sense of absolutely no dependencies, files or folders referencing such a thing (even if such a thing isn't installed per se), what I'd call 'certifiably systemd-free'. If there's still a file poking it's head up, for all I know it might be creating yet another system vulnerability that just hasn't been discovered yet.
(Call me paranoid if you will, but paranoia kept me from moving onto a systemd based OS, and the DNS remote code execution and admin root privilege 'it's a feature not a bug' along with... other questionable practices means paranoia gets more screen time when it comes to OS decision making.)
Last edited by JoshuaFlynn (2017-10-03 00:17:18)
Offline
That surprises me about OpenBSD, it's Canadian based, & when I use it, it is with Fluxbox & Firefox, it must be the programs that are added bringing it in.
Offline
That surprises me about OpenBSD, it's Canadian based, & when I use it, it is with Fluxbox & Firefox, it must be the programs that are added bringing it in.
Quite a few things pull it in implicitly. Udev is a big culprit, but XFCE and KDE leave hanging libraries for it too.
I don't suspect BSD up to no good, I just don't think they realise systemd is trying to get in via the backdoor IE via higher system packages.
Edit: I'm told initially OpenBSD didn't have it initially with it's default desktop, but because it (the desktop environment) was 'unusable' ('comically unusable' - their words) they had to install XFCE (which had hanging dependencies for systemd - unclear if it's actually there). They argue might be useful as a server (without the XFCE desktop environment), but from a desktop user POV not ideal.
Last edited by JoshuaFlynn (2017-10-03 22:19:01)
Offline
OpenBSD is more for the user who likes a WM rather than a DE, if I remember they have TWM or CWM as their base WM, perfectly usable, but I always use my standard WM (Fluxbox) when I use it.
Offline