[Arm-netbook] A suggestion why Systemd may be bad

zap zapper at openmailbox.org
Thu Feb 16 15:15:30 GMT 2017



On 02/16/2017 06:06 AM, Philip Hands wrote:
> Luke Kenneth Casson Leighton <lkcl at lkcl.net> writes:
>
>> ---
>> crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
>>
>>
>> On Thu, Feb 16, 2017 at 9:12 AM, Philip Hands <phil at hands.com> wrote:
>>> Luke Kenneth Casson Leighton <lkcl at lkcl.net> writes:
>>>
>>>>  if systemd is so bloated and all-encompassing that it in effect
>>>> demands *all* privileges (it doesn't, but you know what i mean), it
>>>> utterly defeats the object of having the security system in the first
>>>> place.
>>> This appears to be another instance of you conflating the init process
>>> with the project, but perhaps I'm misunderstanding you.
>>>
>>> Are you claiming that systemd (the init) uses forks where sysvinit uses
>>> execs?
>>  i don't know how you conclude i would say that when i don't mention
>> sysvinit.  why would there be an implication of sysvinit being
>> involved when it's not mentioned?
> Well, if you're saying that systemd is bad, it must be bad relative to
> something else since if the nearest likely alternative e.g. sysvinit does
> pretty-much the same thing then you're really saying very little.
>
> The Daily Mail will cheerfully tell you that Coffee causes cancer, which
> is probably true, but only at about the same rate as pretty much
> everything else one could imagine consuming, so ... no news.
>

Coffee cures cancer? Sounds like you have been listening to todd talks
too much.

sorry couldn't resist. ;)

>> i'm saying that SE/Linux's security model is based on the isolation
>> of exec.  but, that if the sheer overwhelming number of programs being
>> exec'd is so huge, it becomes pretty pointless to even *have* such
>> isolation.
> Systemd execs a lot of things by dint of it being the system's init,
> does it not?  This sounds almost like you're claiming that SElinux isn't
> capable of modeling any implementation of the init task.
>
> That's why I was trying to tease out something about what makes this
> unique to sytemd from you.  Hence the mention of sysvinit.
>
>>  i provide this as a guide *without* spending the time to assess
>> actual instances... because it's not my job to do so.  and, also, with
>> the sheer overwhelming number of *other* factors (all of them
>> individually low-probability events), when combined using
>> demster-shafer information theory, you don't *need* to go in-depth: to
>> do so is completely pointless.
>>
>>  basically i'm saying, phil, knocking down one skittle by spending the
>> time to track down one "hole" in what i say, is pointless.  the entire
>> design and deployment of systemd is like a dam made of swiss cheese.
>>
>>  there simply aren't enough fingers to plug all the hundreds of
>> flaws... so there's little point in trying.  this response (one of a
>> long line of reasons why i will never *ever* use systemd) is just one
>> response from a different angle, one that i have had at least one
>> person publicly express gratitude for taking the time to explain, and
>> one privately.  who knows well enough and is old enough and ugly
>> enough *not* to get involved in the cluster-fuck known as systemd.
> I'm not trying to knock down skittles -- I'm trying to see whether what
> you're saying has any substance behind it, or is simply hand waving.
>
> Cheers, Phil.

We should trust Luke okay? now can we all please drop this entire
subject now? please?

>
>
> _______________________________________________
> arm-netbook mailing list arm-netbook at lists.phcomp.co.uk
> http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook
> Send large attachments to arm-netbook at files.phcomp.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phcomp.co.uk/pipermail/arm-netbook/attachments/20170216/53fd3db9/attachment.html>


More information about the arm-netbook mailing list