Systemd Named 'Lamest Vendor' At Pwnie Security Awards (theregister.co.uk) 436
Long-time Slashdot reader darkpixel2k shares a highlight from the Black Hat USA security conference. The Register reports:
The annual Pwnie Awards for serious security screw-ups saw hardly anyone collecting their prize at this year's ceremony in Las Vegas... The gongs are divided into categories, and nominations in each section are voted on by the hacker community... The award for best server-side bug went to the NSA's Equation Group, whose Windows SMB exploits were stolen and leaked online this year by the Shadow Brokers...
And finally, the lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement: 5998, 6225, 6214, 5144, and 6237... "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message," reads the Pwnie nomination for Systemd, referring to the open-source project's allergy to assigning CVE numbers. "But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"
CSO has more coverage -- and presumably there will eventually be an official announcement up at Pwnies.com.
And finally, the lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement: 5998, 6225, 6214, 5144, and 6237... "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message," reads the Pwnie nomination for Systemd, referring to the open-source project's allergy to assigning CVE numbers. "But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"
CSO has more coverage -- and presumably there will eventually be an official announcement up at Pwnies.com.
Already been closed (Score:5, Funny)
Also, lameness filter.
Re:Already been closed (Score:5, Interesting)
I know I've defended Poettering in the past, but lately I've come to think that he is a right pillock. systemd badly needs somehow who understands security and who can get these issues the attention they deserve.
Re:Already been closed (Score:5, Insightful)
Too bad there isn't some other init system that has been tested for decades and is rock solid we could use instead... Wait! there is!
Re:Already been closed (Score:4, Funny)
Too bad there isn't some other init system that has been tested for decades and is rock solid we could use instead... Wait! there is!
smss.exe? Will that run under Linux?
Re: (Score:2)
OpenRC has only been around for ten years, not decades. Sorry if you've confused sysvinit for something other than an unmaintained pile of trash. It's been dumped by every commercial Unix and the vast majority of all others. You don't understand where service management has been heading for the last thirty years, nor why.
that's still longer than the crapshoot that is systemd
Re: (Score:2, Insightful)
Seriously though, why the Debian tag? Surely Redhat would be more appropriate in the circumstances?
Misleading title (Score:4, Informative)
>"Systemd Named 'Lamest Vendor' At Pwnie Security Awards"
I have no great love of Systemd, but that headline is misleading. The award was the "lamest vendor RESPONSE." But, you know, it is all the rage to have intentionally misleading headlines to grab even more attention than deserved.
Re: Misleading title (Score:5, Insightful)
Re: Misleading title (Score:4, Insightful)
Remote root compromise [mitre.org] isn't serious? I have never, I mean ever, seen anyone hunker down and suck so quickly and enthusiastically as Zero__ does on Poettering, and I'm homosexual.
And yes, that is one of the four bugs listed. Any confusion in linking the bugs to the appropriate CVE is, again, entirely Poetterings fault and part of the reason he got the award.
Re: (Score:2)
No words. (Score:5, Insightful)
You have got to be fucking kidding me: systemd can't handle the process previlege that belongs to user name startswith number, such as 0day #6237 [github.com]
And what's worse is Pottering's complete lack of UNIX awareness.
Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create it in the first place. Note that not permitting numeric first characters is done on purpose: to avoid ambiguities between numeric UID and textual user names.
Somehow FreeBSD doesn't have an issue:
[root@freenas2 ~]# adduser /home/0day /usr/local/bin/bash
Username: 0day
Full name: 0 Day
Uid (Leave empty for default):
Login group [0day]:
Login group is 0day. Invite 0day into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash git-shell netcli.sh ksh93 mksh zsh rzsh scponly nologin) [sh]: bash
Home directory [/home/0day]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]: no
Username : 0day
Password :
Full Name : 0 Day
Uid : 8001
Class :
Groups : 0day
Home :
Home Mode :
Shell :
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (0day) to the user database.
Add another user? (yes/no): no
Goodbye!
[root@freenas2 ~]# su - 0day
[0day@freenas2 ~]$ id 0day
uid=8001(0day) gid=8001(0day) groups=8001(0day)
His failure to understand POSIX has shown up in the past as well: tmpfiles: R! /dir/.* destroys root #5644 [github.com] with Pottering's amazing comment of:
I am not sure I'd consider this much of a problem. Yeah, it's a UNIX pitfall, but "rm -rf /foo/.*" will work the exact same way, no?
It's not like you couldn't take 5 seconds to test that:
root@m6700:~# mkdir /foo /foo/.test /foo/.test2 /foo/ .. .test .test2 /foo/.* /foo/ ..
root@m6700:~# touch
root@m6700:~# mkdir
root@m6700:~# ls -lah
total 12K
drwxr-xr-x 3 root root 4.0K Jul 29 14:04 .
drwxr-xr-x 25 root root 4.0K Jul 29 14:04
-rw-r--r-- 1 root root 0 Jul 29 14:04
drwxr-xr-x 2 root root 4.0K Jul 29 14:04
root@m6700:~# rm -rf
rm: refusing to remove '.' or '..' directory: skipping '/foo/.'
rm: refusing to remove '.' or '..' directory: skipping '/foo/..'
root@m6700:~# ls -lah
total 8.0K
drwxr-xr-x 2 root root 4.0K Jul 29 14:04 .
drwxr-xr-x 25 root root 4.0K Jul 29 14:04
Re:No words. (Score:5, Insightful)
It is almost as if the concept of "be conservative in what you do, be liberal in what you accept" is useful in graceful handling of errors. I mean, not as if someone said it in the past who had any importance.
Re: (Score:2)
Well, Systemd did exactly that, which is the problem. It kept the part of the input which was valid(The 0, thus running with pid=0) and then ignored the rest of the invalid input.
"be liberal in what you accept" is a horrible concept, because it makes it impossible to ever have a standard, without breaking half of the current uses, because they then depend on undocumented implementation specific error handling which is impossible to implement for others.
Just look at ns4 and internet explorer 5/6. Because the
Re: (Score:3)
You completely misunderstand what "be liberal in what you accept" means.
It doesn't mean to take any input and cherrypick single bits that you understand and ignore the rest. You rather try to parse inputs liberally, while making sure it's unambiguous in its meaning. For example, when parsing a config file, there could be more whitespace than necessary. As long as you find valid keywords in that extra whitespace, you're good to parse it liberally. When writing a config file, however, you're supposed to trim
Re: (Score:2)
From one BSD neckbeard to another; well played sir
Re: (Score:2)
From the github link for the deletion problem:
poettering locked and limited conversation to collaborators on Apr 17
Hahahaha
Re: (Score:2)
I just created a random binary digit user on my Mac. Starting with a 0 ... no problem. ...
AFAIK user names only need to be type able on a keyboard
Re: (Score:2)
"rm: refusing to remove '.' or '..' directory: skipping '/foo/.'"
Unfortunately if you pass
Re: (Score:2)
POSIX compliance aside, there is no reason why having a username starting with a number should cause issues with ANY operating system.
Re: (Score:2)
The computer doesn't give a damn what the user name is. From a user friendliness point of view it certainly helps things if you can't create user names that don't start with a number. I'm sure that there other reasons but I can see some idiot doing the following.
Person creates an account with the user name "501" that gets assigned the user id 506. Sometime later on the account associated with the user id 501 is deleted. When you do an `ls -l` in a directory that contains files from both users the output is
Re: (Score:2)
That is, at best, an argument for not allowing all-numeric usernames. It's not a valid argument against usernames like "0day", which can't be misinterpreted as a user id.
Re: (Score:2)
Linux is not POSIX compliant; and never will be. So, more than half of your rant is irrelevant.
Where Linux distributions (sans systemd) are not POSIX compliant, there's generally a stronger reason than "Poettering can't get his head around the standards."
The differences between the LSB and POSIX are pretty minor compared to the things that Poettering is ignoring.
Re: No words. (Score:5, Insightful)
Except of course that this very bug has been fixed for weeks now, as havevall tje other bugs listed.
Yes and no. They did fix the security problem by having the unit file error out if the username starts with a digit. So at least they're no longer randomly running things as root.
But they still haven't fixed the problem that systemd won't accept valid usernames. As far as I can tell, that is 100% an ego thing -- they won't admit that having systemd have its own username validation rules is a mistake.
Re: (Score:3)
What the FUCK are you talking about? Never mind, you made it pretty clear you don't know.
Another quality post from our resident Poettering fanboy!
You want to enlighten us as to what part of my post you think is wrong, so I can correct you?
Re: (Score:2)
I'll just pick the obvious one: systemd accepts valid usernames.
Apparently you seem to think that repeating a falsehood over and over makes it true. Are you actually Donald Trump?
Re: (Score:2)
It is dangerous to allow them to start with digits as we have seen
Systemd aside is there any danger? Or is the danger in using usernames that start with a digit systemd?
Most distributions follow this safe rule.
Who is 'most'? On Ubuntu 16.04:
root@m6700:~# useradd 1day
root@m6700:~# id 1day
uid=1003(1day) gid=1003(1day) groups=1003(1day)
root@m6700:~# id 0day
uid=1002(0day) gid=1002(0day) groups=1002(0day)
root@m6700:~# useradd -u 2002 2001
That works just fine.
Re: (Score:3)
Again, systemd does the safe and sane thing here.
Let's see -- systemd's incorrect username validation caused a privilege escalation here. Yeah, real safe and sane, guys.
The actual correct implementation -- permit any username that the system allows to be created -- suffers from no such problems. As such, it is the safe and sane thing.
Re: (Score:2)
Re: No words. (Score:4, Informative)
I tried CentOS. I went to the source.
I downloaded the latest ISO they had. I did a fresh clean install.
It let me use 0day as the install user.
http://imgur.com/a/8PZcS [imgur.com]
It then allowed me to login with it. With zero problems.
It then allowed me to do this:
[root@centos ~]# cd
[root@centos ~]# adduser 1day
[root@centos ~]# adduser 2day
[root@centos ~]# useradd 3day
[root@centos ~]# useradd 4day
[root@centos ~]# id 1day
uid=1001(1day) gid=1001(1day) groups=1001(1day)
[root@centos ~]# id 2day
uid=1002(2day) gid=1002(2day) groups=1002(2day)
[root@centos ~]# id 3day
uid=1003(3day) gid=1003(3day) groups=1003(3day)
[root@centos ~]# id 4day
uid=1004(4day) gid=1004(4day) groups=1004(4day)
[root@centos ~]# uname -a
Linux centos 3.10.0-514.el7.x86_64 #1 SMP Tue Nov 22 16:42:41 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[root@centos ~]#
So now I know you're full of shit. Name one distribution that does that, let alone a 'most'. Fuck at this point take a screenshot of any OS throwing an error trying to add a 0day user. You piqued my interest enough to download OpenIndiana and see what Solaris thinks.
but if you read the bug you would already know that adduser and useradd disagree on the acceptability of said username
No, I read what Pottering said. But time and time and time again his actual knowledge of how things work is completely wrong (See the rm -rf /foo/.*).
Systemd is turning out to be the Theranos of Linux with Pottering at the helm sounding more and more like Elizabeth Holmes every day. It's like he makes it up as he goes.
Bobby Drop Tables (Score:2)
Only within the window of Lennart's "not a bug" and only with systemd.
He made the utter newbie mistake of not checking his inputs when there are inputs that can have dire consequences on how his code works. Now he's checking his inputs, good to see, but you defending him not checking them in the first place is not getting anything done apart from annoyance.
Re: (Score:3)
At this point I'm not unsure that Zero__Kelvin isn't Pottering's slashdot account.
How does Debian justify using this?! (Score:5, Interesting)
How can Debian's developers justify using systemd, considering all of these unbelievably unjustifiable problems with it? Why have they subjected Debian and its users to these flaws? Is it really just a result of the best Debian users having long ago moved to FreeBSD, leaving around only users who don't know any better?
Re:How does Debian justify using this?! (Score:4, Interesting)
It was shoved down Debian's throat by the technical committee in a first ever usurp of power from the developers to the committee. There was not consensus on this change at all.
Re: How does Debian justify using this?! (Score:5, Insightful)
Not only that but the vote for Systemd in Debian was a 2-2 tie and had to be overruled. Hardly a "everyone wanted Systemd" that a lot of the pro-systemd people like to suggest.
Re: How does Debian justify using this?! (Score:5, Informative)
Rating: pants on fire [debian.org].
Re: (Score:2)
Re: (Score:2)
Point of order: a 2-2 tie means that the motion failed to get a majority, therefore the motion fails. No further action is required.
Re: (Score:2)
And if it was a 2-2 tie then that may have happened.
Re: (Score:2)
I'm not sure what's more impressive, that you think only 4 people voted on this decision or that you got someone to mod you up for your incorrect post.
Re: (Score:3)
You are correct, it was 8 people that voted on it and, as per the "pants on fire" link (https://lists.debian.org/debian-ctte/2014/02/msg00402.html) it was a 4-4 tie. That tie was decided by Bdale Garbee. Bdale Garbee made the decision to switch to systemd. Frankly, Mr. Garbee should be forced to hand over his Greybeard Card. He has shamed our honourable order.
Re: (Score:2, Informative)
I think that there was no consensus is what caused the technical committee to get involved. Many people were advocating for a next generation init system to replace SysV. Clearly forcing maintainers personally support all possible init systems would be worse.
The decisions that came down from the technical commitee made systemd the default init (#727708) and required that maintainers at least accept contributions for other init systems (#746715). The outcome provided for another popular system init to be
There was a vote (Score:2)
My understanding was there was a vote and some asshole had to break the tie in favor of systemd.
Re: (Score:2)
Your understanding is basic.
By simple majority systemd had double the number of votes than upstart and further discussions and was a clear winner.
No one preferred keeping sysvinit, and everyone preferred openRC over sysvinit. However they didn't go by simple majority but rather by pairwise defeats. After pairwise defeats the only remaining options were systemd vs upstart. The "asshole" you're referring to was the chairman of the technical committee who preferred systemd in favour of upstart.
Of course system
Re: (Score:2, Insightful)
Not using systemd would have made them irrelevant.
Not that this isn't going to happen anyway, as RedHat absorbs more and more of the Linux-world and it will be increasingly difficult to do anything on Linux "un-RedHat-edly" in the coming years.
As such it has to be seen how much of a differentiation-factor an installer and some default-settings are - together with the complete lack of any kind of enterprise-features that RedHat offers. Because that's what I think Debian et.al are going to end-up being. Becau
Re: (Score:2)
Trojan horse? (Score:3)
I wonder if systemd, pulseaudio etc are trojan horses inserted into the Linux ecosystem for nothing else but screwing things up - they work, sort of, but not very well.. they are irritating enough to significantly reduce the adoption of Linux and also to slow down the overall development of the Linux ecosystem by focusing attention on problems which could have been easily avoided. There there is of course these security vulnerabilities which open up in the strangest of places.
Of course, I have no evidence f
Re: (Score:3)
I believe that is the case, but Poettering is not clued in. It seems likely that Linux became too hard to hack into, so something needed to be done. Putting a known incompetent with a huge ego and no understanding of security in charge of a critical central system component is just the ticket to do that. And it will not look like a sabotage attack either, because said incompetent will screw up security all by himself, whit zero understanding of how he is being used.
The nature of the campaign that systemd wa
systemd (Score:2)
With all this hate... (Score:5, Interesting)
I've been considering switching from Ubuntu to something without Systemd. But what would that be? Slackware is a bit hardcore and frankly, I'm really scared I won't get my server functional ever again if I start from scratch...
Re: (Score:2)
And no, I'm not gonna do another LFS. The last time, many moons ago, I got it running but with so many error messages I couldn't truly deal with, I think I've got enouth PTSD to tell my grandkids I would have preferred a good war :D.
Re: (Score:2)
slack, gentoo, devuan are options..
Re: (Score:2)
Hmmm Gentoo. Why not? That one's at least seen a few years so it's probably somewhat mature at least and won't kick the bucket in a year or so :D.
Re:With all this hate... (Score:5, Informative)
What about Devuan?
Re: (Score:2)
Based on the way people talk about systemd Devuan should now be the best funded and most active distribution in the linux world.
Snide comment aside, I don't think they'll go away. This topic has basically turned into a religion and the existence of Devuan is beyond someone's fork project and basically propped up by a belief system that an alternative must exist in the Linux world. I'd bank on it being around for a while.
Re: (Score:2)
I've been running it since the repositories were available, as a direct changeout from Debian via sources.list. It's stable and maintained well.
Re: With all this hate... (Score:2)
Re: (Score:2)
Slackware used to be close to BSD and most other Linux distros are close to System V and the modern mix of BSD/System V.
If you really want to switch, why not to Open BSD?
Re: (Score:2)
I guess that would be an idea considdering my zfs storage. I was just of the impression that hardware support was even worse than Linux. Is that not so?
Re: (Score:2)
I should probably also mention that I plan GPU passthrough to a windows vm on this server (Threadripper based).
It's gonna be quite a challenge as it is and I've never worked with a BSD...
Re: (Score:2)
OpenBSd has hardly any drivers and is not that user friendly. FreeBSD is better as it has up to date drivers, ZFS, dtrace, jails, and is more supported.
Re: (Score:2)
FreeBSD is quite popular. Issue is well it is hardcore :-)
But FreeBSD is conservative and known to be quite stable for server builds. What I love about FreeBSD is I find the FreeBSD handbook and manpages quite superior to Linux.
Linux is abunch of things glued together and grown. FreeBSD is designed and feels like a complete OS. The tools are BSD based, Documentation is BSD based, even the sample scripts, and then of course the kernel etc. The ports in /usr/ports also pull from the sources and apply FreeBSD
Re: (Score:2)
Yes, FreeBSD is what I call a long term supported, server style OS.
(That's not to imply it can't be a desktop OS. I used Solaris 2.5.1, 2.6, 8 and 10 on SPARC for my desktop, for over 10 years...)
iXsystems took over the old PCBSD and now calls it TrueOS. Still based on FreeBSD, and intended as a desktop OS. Still a bit raw. And probably does not have the driver support Linux has, but if Linux goes messy, (SystemD everywhere!), then I will have to consider migrating from Gentoo to TrueOS.
One thing I absolutely love, is ZFS. (And yes, on Gentoo Linux it's rock stable.) This gets me so many features, like alternate boot environments for software upgrades, home filesystem snapshots for easy file recovery, simple disk mirroring, and data / RAID verification.
Thanks Lady I do not have experience wiht Solaris other than running uname. I do say I HATE trueOS as just a a few hours ago when I was typing that post I was trying to install it on my Windows 10 Desktop using Hyper-V. It won't even post in either UEFI or in Bios mode as either guest.
TrueOS is based off of FreeBSD 12 current according to their website which is still over a year away! It kind of reminds me of old Mandrake back in the day where it had lots of bugs when you exited XFree86 Kde1 and saw all the
Re: (Score:2)
I've been trying to learn how to do things The BSD Way. Considering freebsd since Linode support it to some degree for their VPSes...
Re: (Score:2)
Yeah, but OS/X has its own issues - OS/X specific system APIs in Objective-C? Ugh. Proprietary graphics and sound subsystems (X support now hived off to an OSS team so who knows how long that will last) , uppercase/lowercase issues with filenames, and a number of other things. I'm not saying OS/X is bad, its just not the perfect Unix enviroment either.
Re: (Score:2)
Yeah except MacOSX has it's own version of SystemD called startup which also tries to outsmart init with an autostarting daemon that starts other daemons that is not that configurable.
Not saying it is as bad as SystemD. I am just it tries to make it friendly and visual and do things for you which is what drives Unix nerds mad.
Re:With all this hate... (Score:5, Informative)
Most of those who oppose systemd are pining for the Good Old Days of loading the boot target using bat-handle toggle switches on the front of their IMSAI.
We're mostly pining for the Good Old Days when you could trust your init system to do what it was supposed to do.
why are distributions using it ??? (Score:2)
Never have I read anything positive about systemd.
and what I've read about it's design is extremely non-unixy.
so why did any of the distributions pick it up ?
Thus Spake Poettering .. (Score:5, Funny)
Poettering: "To make this work we’d need a patch, as nobody of us tests this"
R!
Poettering: "I am not sure I'd consider this much of a problem. Yeah, it's a UNIX pitfall, but "rm -rf
Processes owned by a user with a leading zero in the name are started with root privilege..
Pottering: "I don't think there's anything to fix in systemd here"
Systemd kill background processes after user logs out.
Poettering: "In my view it was actually quite strange of UNIX that it by default let arbitrary user code stay around unrestricted after logout."
'I have an issue with journal corruptions and need to know what is the accepted way to deal with them.'
Poettering: "Yupp, journal corruptions result in rotation, and when reading we try to make the best of it. they are nothing we really need to fix hence."
'Poettering locked and limited conversation to collaborators on 17 Apr'
Re: (Score:3)
> "In my view it was actually quite strange of UNIX that it by default let arbitrary user code stay around unrestricted after logout."
Wow. Really, just wow. I am so happy I don't have to use Debian or any of those other systemd distros.
Re: (Score:3, Insightful)
If you don't compile network support into the kernel, no http servers can work. If you don't compile cgroup support into the kernel, systemd is the only init system that can't start. Every other init starts with no problems.
See the différence?
Re: (Score:3)
If bugs and programming errors that result in security flaws are a problem with systemd, would rewriting it in a language like Rust help?
There are bugs, programming errors and bad programming. Don't confuse the three.
Re: (Score:2)
The three are one. Security too as Windows was unstable due to its crashiness. If you can't control where the program points in ram addresses it means a hacker could plant some code and easily point it to the payload instead of a random spot to gpfault or give an IRQ_lessthan or equal BSOD. Notice how Windows got very stable when it took security seriously starting with WIndows 7/server 2008?
Bugs and errors can be fixed by good programming and design.
Re: (Score:3)
If I hear of a company marketing a supported enterprise distro of FreeBSD, I'm gonna buy stock!
Xinuos OpenServer 10 (Score:2, Informative)
So it sounds like you want Xinuos OpenServer 10 [xinuos.com]:
It should be noted that Xinuos also offers SCO UnixWare and SCO OpenServer. Even sco.com [sco.com] now goes to their web site. What's funny about this is that it wasn't SCO that ultimately harmed Linux to the point of it being unusable. It turned out to be the Linux community itself that made Linux unusable by incl
Re:Xinuos OpenServer 10 (Score:4, Interesting)
An interesting aspect of this is that Xinuos, as the successor to SCO* - the company that inherited UnixWare and w/ it System V Unix IP, has decided to fork off FreeBSD - a BSD project - instead of continuing on System V. That really demonstrates that the System V branch of Unix is for all practical purposes dead. Xinuos just does support work on the legacy SCO Unixes, but beyond that, drives companies towards FreeBSD. Oracle just supports Solaris on legacy SPARC hardware, but otherwise, pushes Oracle Linux. All the other Unixes that were based on System V are dead.
Re:Xinuos OpenServer 10 (Score:5, Informative)
Actually no! Tarantella was acquired by Sun shortly after it spun off SCO, and it didn't have the OSs - it had some utilities like IIRC OpenVision and some NFS like software.
Xinuos was the successor company to SCO, Inc, after it filed Chapter 7. They inherited whatever legacy assets SCO had, as well as any customers, but started w/ a FreeBSD fork for enterprises. No idea whether their management has anything in common w/ that of SCO, Inc.
Re: (Score:2)
PfSense uses it but more as a customized distro and equipment for routers and firewalls. So that is enterprise level support and I use their pfSense iso for my Hyper-V routers I use in my home lab.
They are great for offices of 100 users or less who do not want to buy a full expensive Cisco switch and router and have a guy come in and charge up the wazoo for a medium sized office. PfSense and do both layer 2 and 3.
Cisco on purpose tries to differentiate so you have to buy a switch AND a router and convinced
FreeBSD company (Score:2)
Re: (Score:2)
I thought Walnut Creek got acquired by the FreeBSD foundation. Did it not?
Re: (Score:2, Informative)
FreeBSD is superior in many other ways too: Performance, ZFS (a category of its own), packaging, stability, kernel code quality. I only use Linux now when I have to (like some SoC vendor with piles of Linux only drivers).
Re: (Score:2)
Sadly nobody can write clean code anymore. I come across plenty of stuff that gives tons of errors when compiled on *BSD or even AIX (with GNU tools in both cases) that compiles without issue in Linux. I'm not a comp.sci major so I have no clues as to why it never works.
Re: (Score:2)
Sadly nobody can write clean code anymore. I come across plenty of stuff that gives tons of errors when compiled on *BSD or even AIX (with GNU tools in both cases) that compiles without issue in Linux.
"Write once, run everywhere" is not as easy as you might think to accomplish in C for complicated software. If the developer is targeting Linux systems, and it works without problems on Linux, then you can't really fault the developer if it doesn't work without changes on another OS.
Re:Fuck linux and systemd (Score:5, Informative)
What the fuck are you babbling about, schmuck? FreeBSD has an excellent binary package system with automatic dependency resolution: pkg. The user doesn't need to compile source from ports except if he wants something to be built with unusual options (same as linux, incidentally). All you need is "pkg install foo" and it will fetch the package foo and all its dependencies from the repo and install it.
Why not OpenBSD? (Score:4, Informative)
Use FreeBSD, no systemd and technically a truer Unix than linux anyways.
Why do you mention Free rather than Open? (Or Net, for that matter?)
Seriously: I was looking at porting a project from Ubuntu 14.04 LTS to OpenBSD rather than later Ubuntu releases for security (and licensing) - at least in part because 14* to 16* or later means going to systemd and trying to security audit it looks like a nightmare. The obvious candidate was Open, because of its security tightness and because it's just supporting one embedded app on one particular hardware platform, so not having the whole kitchen sink of drivers and apps isn't an issue.
Is FreeBSD just a better match for what you're doing? (Laptop?) Or is there something else I should be looking at when picking a distribution?
Re:Why not OpenBSD? (Score:5, Informative)
FreeBSD wants to be a well-rounded general usage OS
OpenBSD wants to be the pinnacle of security and is willing to throw everything out to achieve that goal
NetBSD wants to be ultra-portable
Dragonfly wants to be a high performance highly scalable and even distributed OS
Re: (Score:3, Informative)
That's the public consumption stuff.
OpenBSD is really Theo's vehicle, which he forked out of spite after getting into a stupid spat with NetBSD core@. (This says bundles about both, incidentally.) They do worship "security" (and it often does devolve into "worship", though they do know their stuff) but to value it properly you need to understand their idea of "security", which is actually pretty narrow. Point in case: "openntpd", which is written by security nerds because the reference implementation was de
Re:Why not OpenBSD? (Score:5, Informative)
Re: (Score:2)
TrueOS is utter crap and DesktopBSD hasn't been updated in a long time.
TrueOS uses FreeBSD 12 current which is over a year awhile and reminds me of early versions of Mandrake early last decade which never quite worked or crapped out as soon as you updated.
I just tried installing it in Hyper-V a few hours ago and it won't even post in generation 1 or 2 guests. FreeBSD 11.1 no problems for both. ... however I found a bug in Xorg with the mouse having issues as soon as Mate loads up on gen 2 hypervisor just no
Re: (Score:2)
What are you trying to say in English? Because that is gibberish. And what is a "food afternoon"?
The only one of those things that is any more than trivial to install is a DE. You can get all the rest in a few SECONDS using "pkg install sudo bash gnuls".
Re: (Score:2)
Aighearach is the dictionary definition of an ignoramus.
Re: (Score:2)
I've run Open and Free. Here is my opinion:
FreeBSD - Stable and ultra fast on x86 hardware. Good for file servers, desktops, anything.
OpenBSD - Stable but not performant. Useful for infrastructure.
I really like OpenBSD. I ran it for many years and even contributed hardware to the project. That being said, the security features in it don't outweigh its performance drawbacks. Some of this is due to the security features (e.g. PID randomization slows process generation) so your choice will be workload de
Re: (Score:2)
I've run Open and Free. Here is my opinion:
FreeBSD - Stable and ultra fast on x86 hardware. Good for file servers, desktops, anything.
OpenBSD - Stable but not performant. Useful for infrastructure.
I really like OpenBSD. I ran it for many years and even contributed hardware to the project. That being said, the security features in it don't outweigh its performance drawbacks. Some of this is due to the security features (e.g. PID randomization slows process generation) so your choice will be workload dependent. Your hardware choices with Open will be more limited as well and you don't get stuff like ZFS. I'd experiment with both.
PID randomization is included with FreeBSD 11.x as well as few other hardening options when you install.
Comment removed (Score:5, Informative)
Re: (Score:2)
Mono is alive and well. It is part of .NET core which Visual Studio is using to port itself to Linux. MS Code editor already is on Linux and MacOSX using .NET core with a few mono libraries.
That suspicion isn't like the systemd issues (Score:4, Informative)
I recall that being an entirely different issue from what's at issue in this /. thread. This thread concerns possibly buggy free software in need of some maintenance and review. Microsoft's patent licence for .NET core is a threat of a different kind [endsoftpatents.org]—Microsoft's patents covering software in Mono and licensing that doesn't grant users the freedoms of free software work together to grant Microsoft the power to extracting patent royalties from free software distributors.
Get Hans (Score:2)
You could always get Hans Reiser out of jail to do the hit. He doesn't have any problems murdering people.
Re: (Score:2)
ReiserFS was not that great when it was under active development, and as far as I am aware while he was the first to implement some interesting filesystem features on Linux, he did not actually invent any of those concepts. The statement about XFS/btrFS is unsupportable.
Systemd has made many correct design decisions. The valid criticisms are completely drowned by people like you who don't understand the problems it's designed to solve. There's a reason why people keep inventing replacements for sysvinit.
the economic cost to the rest of us will most likely be greater than the damage Hans did to society.
We
Re: (Score:2)
ReiserFS was not that great when it was under active development, and as far as I am aware while he was the first to implement some interesting filesystem features on Linux, he did not actually invent any of those concepts. The statement about XFS/btrFS is unsupportable.
Systemd has made many correct design decisions. The valid criticisms are completely drowned by people like you who don't understand the problems it's designed to solve. There's a reason why people keep inventing replacements for sysvinit.
the economic cost to the rest of us will most likely be greater than the damage Hans did to society.
We don't measure that murder in economic terms. What a foul comparison.
I used to agree with you. Sysinit was designed for a computer (mini computer before being called a server) for a system with maybe 80 utilites and programs at the most. Very simplistic to do a few things and you set once and walk away for many years until the machine gets decommisioned etc.
A modern linux distro with +30,000 utilities running for example on a modern laptop is a nightmare in comparison if you need events like a laptop going asleep and waking up in a different time zone or when an apache serve
Re: (Score:2)
Which is what exactly? A single enormous codebase maintained by a generalist with little supervision instead of specific programs maintained by experts? Why is that a problem?
Re: (Score:2)
It is true that neckbeards snarl worse than a grue, but they're not capable of physical attacks. They also can't remain outdoors for extended periods of time, so they can't stalk anybody.