this post was submitted on 28 Aug 2023
69 points (82.9% liked)
Linux
48077 readers
925 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't see any fundamental reason why systemd would be insecure. If anything, I would expect it to be less prone to security bugs than the conglomerations of shell scripts that used to be used for init systems.
The bloated argument seems to mostly come from people who don't understand systemd init is a separate thing from all the other systemd components. You can use just the init part and not the rest if you want. Also, systemd performs way better than the old init systems anyway. I suspect many of the those complaining online didn't really have first hand experience with the old init systems.
If a different init suits your needs better, then sure go with it. But for the vast majority of typical desktop/server stuff, systemd is probably the best option. That's why most distributions use it.
You mean aside how the author answer to CVEs, right ?
Not sure. In the end the shell script were just an easy and consistent way to start/stop programs. If the programs were secure (read: checked the input and sanitize it, did the check for permissions and so on) there is not a big difference.
In what regards ? Boot faster ? Fine, but on a server it does not mean anything, a server does not reboot that often; for a desktop it not that the 5 seconds you gain are a fundamental gain.
One problem I see is with the logs: it is true that the format is documented, but a text format is always readable while a binary format... (been here, done that 🤬 )
I agree those CVE responses are not great. Those are from quite a few years ago though. Has their handling of CVEs improved since?
Boot times are not that big of a deal to me either, but some people seem to care about it a lot.
I've never personally had any problems with binary logs. You could always forward to a different logging daemon if that's a concern.
I had it and I am sure that I could have solved the problem faster if I could have solved it faster if I did not needed to first understand how to access the logs on a damaged system.
This does not solve the problem, it only move it to somewhere else.
Are you sure it doesn't mean anything? It means to a LOT of people.
Anyways are you aware of
systemd-analyze
and that you can profile your boot and services even with graphical representations? Have a look at https://www.apertis.org/guides/boot_optimisation/ and https://opensource.com/article/20/9/systemd-startup-configurationFine, still not understanding why something that I should run once in a while (on a server) or it is not that critical seems to be so important. Look, I had way bigger gain moving from a HDD to a SDD than switching to Systemd from the old init.
I refuse to belive that for a desktop user a 5 seconds longer boot time is that important. I could understand on a server where, if you work with it, you can have fines for downtime but even in this case it is a thing that could be handled in different ways.
Good, but I am not interested in booting my laptop 5 second faster and for my server I have not fines if it start in 20 seconds instead of 10 😁
systemd-analyze
isn't only about reducing your boot time by 5 seconds, it's about when you've problems knowing exactly what is happening and when and also about having a clear view of dependencies between services.At this point I am not that interested in these aspects, for what I need I am ok if the system boot and I can work 😀
But thanks anyway, it is a good thing to know if I ever need it.
If that’s the case you can simply run systemd configured as it comes with most distritos and enjoy.