So I was sent this off list, I will let the rest of you imply why that is. On Sat, Nov 28, 2015 at 2:51 PM, Keith Lofstrom <kei...@gate.kl-ic.com> wrote:
> On Sat, Nov 28, 2015 at 12:27:51PM -0800, benjamin barber wrote: > > This is filled with platitudes, but doesn't address any of the > > substantitive questions. > > > > For example, is it wise to have an init system also control su as well as > > DHCPd. ? > > I am not bothering to reply on the list. I am writing to you personally > because the attitude you express is barbaric. > Are you implying that its "barbaric" to question an engineering choice that has actual security implications? is this the same sort of "linus is a toxic" rhetoric I hear frequently? And the "we need a safe space from any sort of criticism that makes us feel bad" philosophy. Lets say there is some security vulnerability with DHCPd, and I am able to execute arbirtrary code to get SU access, I can then make the infection opaque to outside inspection, as now you have malicious code that controls every part of the inputs and outputs of the system. http://c2.com/cgi/wiki?TheKenThompsonHack https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf > > The world does not revolve around init systems, su, and DHCPd. If you > want to change how init works, YOU will have to contribute to the work > that helps make the transition a painless path for people who don't > give a rats ass about such things, who merely want what worked for > them last week to mostly work a decade from now. Like everything else > in their lives that is designed by competent engineers and craftspeople. > > Instead of say a bunch of financial interests in the industry forcing out a new standard, which then breaks compatibility so that everyone else must conform to, because of a myriad of broken dependencies without backwards compatibility. Which has effectively put a moat around the implementation of the linux kernel used by the majority of the community, meanwhile abandoning the concept of the linux standard base and forcing devs into 'lennartix', while also destroying software compatibility with BSD variants. > There are many suitable replacements for the older linux startup > system, and systemd can be one of those replacements, IF its > proponents do the work of (1) bringing it to the same completeness > level as the old system, and (2) provide the tools for 99% of users > to make the transition effortlessly. I am willing to throw 1% of > the users off the boat, but not 50%. > In reality only systemd can be one of those replacements, because people in redhat and canonical decided it was so, despite alot of objections from users and devs, while being less 'complete' than an aggregate of independent modules, which could have been modularly upgraded/replaced instead software made incompatible with "lennartix" dependencies. > > If you think systemd is effortless for that 99% (or even for 50%), > show me the data. The anectdotal evidence I've seen (very smart > people like Russell who hack kernels for fun) is that systemd in > its current pre-alpha state breaks important stuff. Core software > should not be mass-released without mass testing on the same group > of people it is intended for. > I don't think its effortless, its broken alot of my embedded software stuff, and I agree that it shouldn't have been pushed out early, much less chosen as a default that violates the unix philosophy and backwards compatibility. > > In my version of hell, those who would enforce such changes on the > vast majority who have other talents than deep sysadmin should get > all their wall sockets changed to something safer but incompatable > with any existing device plug. If they want to plug anything in, > they should design and build new adapters with hand tools. Then > they might realize the value of decades-old standards, and realize > that improvements can be made that are back-compatable and schedulable. > Agreed, standards and backward compatibility are important for the longevity of software and data, the tech industry needs to think about reliability and stability in terms of centuries instead of decades. I hear far too much about reinventing the wheel constantly, because someone wants to put their name on a shiny new thing, instead of improving stability, reliability and performance of existing systems. > But then, you may not give a rip about the troubles faced by others, > even the troubles you instigate. Google for "sociopath". > > Because clearly anyone who are blunt are disingenuous sociopaths, it doesn't matter how many selfless things they do, they disagreed with someone on the internet the wrong way. > > also, are we transitioning from gnu-linux to lennartix by ditching the > unix > > philosophy ? > > quite frankly this seems like the typical practice of embrace - extend - > > extinguish. > > Unless you haven't noticed, there have been a quite a few... opportunists in the open source movement. You forget that companies like redhat and canonical have a fiduciary duty to shareholders not the community. There have been quite a few people who've been trying to implement defacto control of open source communities, and quite a few see systemd as a good example of this sort of things in practice, because it removes software choice by breaking compatibility. > Speaking of platitudes ... I was describing a problem so that people > like you might understand it. Apparently that is not possible. > > Keith > > -- > Keith Lofstrom kei...@keithl.com > _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug