> ma...@mohawksoft.com said on Fri, 31 May 2024 09:37:38 -0400 > > > >>The xz thing is totally different. That was a masterful bit of >>espionage. It was two years in the making, and if we don't think this >>is elsewhere as well, unrelated to systemd, then I'm sure we are >>kidding ourselves. > > Hi Markw, > > I read, understood, believe and respect what you said about not being a > systemd fan and am not trying to imply otherwise. All I'm doing is to > provide a viewpoint on your paragraph quoted above...
Like I said, I understand what systemd is intended to do and it is not without merit, but it is the most "Windows" of all the code in unux. > > Instead of the paragraph above, imagine saying it about bicycle locks. > "If we don't think bicycle theft happens even without bicycle > locks, then I'm sure we're kidding ourselves." Although this is > factually true, it leaves out the point that an unlocked bicycle is > stealable by a much less skilled thief, and in a bike rack full of > locked bikes, it will be the first to go. And if a lot of people > don't lock their bikes, it brings many more bike thieves into the > "industry". Systemd makes exploits easier, and easier exploits > encourage more script kiddies to get into the game. > > (snipped) I totally get the dislike of systemd, but the reality is that, absence of systemd, we'd still have the problem of security. I'm 61 this year. I've been programming computers since I was 15. I've been involved with everything from CP/M, dos, windows, VMS, unix, bsd, linux, NT and a host of other systems. At the beginning, computers we self contained and security was a door lock. Then dial-up services, DARPA, then the internet, now this thing that looks like the internet but is really crazy town. Every link in every part of the operation of piece of software in under attack. If you have hyper-threading enabled in your processor, there is code to steal data from programs that happen to be running in a different thread on the same core. Fixed address location's during program load can be exploited. I could go on, but to be honest, I forget all the various vulnerabilities. I've been managing the security of our product for a more than a few years and it is crazy how many novel vulnerabilities there are. The "systemd" process performs a lot of functions, we may not like the implementation, but functions will still need to be done. Whether or not it is done with "init" scripts or "make" or what ever, there will be vulnerabilities in what ever we do. Disliking systemd is kind of unreasonable. It is here, it is in a lot of systems, and you have to deal with it. I don't particularly like java but I have to know how to program in it. Same with rust, go, perl, python, and others. These days, when all is said and done, security is no longer the part of the programming you do at the end of a project, but it is an objective that has to be part of the project from the beginning. Whether it is systemd or init or some other system, if security isn't part of the design, it can't be made secure. _______________________________________________ Discuss mailing list Discuss@driftwood.blu.org https://driftwood.blu.org/mailman/listinfo/discuss
