Several sources within the Linux community (here, here, here and here) continue to discuss the possibility of NSA involvement with systemd. Various commentaries argue that the pace, scope and vociferousness surrounding the Debian kernel updates signify cause for suspicion. Discussion upon this subject has simmered since April, when Julian Assange branded the Debian project as being under the ownership of the NSA.
iGuru summarizes the arguments in this post, noting the worrying influence of developers working in billion-dollar corporate giant Red Hat, the potential for infiltration and manipulation within and between systemd supporters, plus numerous possible security holes and vulnerabilities in the code. Meanwhile, systemd's 217 update has been announced as implemented.
(Score: -1, Troll) by Anonymous Coward on Tuesday November 11 2014, @04:15PM
#systemdgate has too many syllables, #dgate might work though
(Score: 4, Interesting) by Jeremiah Cornelius on Tuesday November 11 2014, @05:39PM
Red Hat developers dictatorially control the core engineering of Linux, including components such as udev, udisks, xorg, dbus, systemd, etc., used by every major Linux distribution, as well as other common desktop components such as GNOME and GTK. (As Tso put it, we have commit privs and you dont.) These are simple facts, though curiously never discussed. In many developers views, these Red Hat developers have consistently introduced closed, overly complex, security-breaking technologies to Linux for years, and have a long and tired history of sabotaging kernel development, creating unending bugs and problems for kernel developers, which they often categorically refuse to address.
You're betting on the pantomime horse...
(Score: 1, Interesting) by Anonymous Coward on Tuesday November 11 2014, @07:26PM
You are saying that a company who makes its bucks by solving problems with linux might be interested in introducing bugs and incompatibilities in linux systems?
O tempora, o mores!
(Score: 2) by Jeremiah Cornelius on Tuesday November 11 2014, @11:27PM
NSA backdoor. Bend over - you know who will drive.
You're betting on the pantomime horse...
(Score: 2) by Arik on Wednesday November 12 2014, @02:28AM
I realize that could be difficult for the ones that are drawing a paycheck from RedHat, but they are all well educated people with marketable skills, they could resign in mass tomorrow and none of them would starve. It would be a lot easier to do that now than to wait two years and then have to go back through and pull all their commits.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Wednesday November 12 2014, @07:09AM
dictatorially control the core engineering of Linux
i guess you must really hate linus torvalds
(Score: 1, Insightful) by Anonymous Coward on Tuesday November 11 2014, @05:45PM
#Gamergate runs deep, or as I prefer to call it: Five Guys (rhymes with FIVE EYES).
I don't get why SN hasn't covered this...
(Score: 4, Insightful) by Anonymous Coward on Tuesday November 11 2014, @05:48PM
#dgate - douchegate? How about we stop appending the suffix -gate to every single fucking so-called scandal? It is perhaps one of the most annoying and idiotic practices used in journalism today. Please, stop it already.
(Score: 0) by Anonymous Coward on Tuesday November 11 2014, @07:14PM
Upvote this comment a hundred thousand times.
(Score: 2) by GreatAuntAnesthesia on Wednesday November 12 2014, @12:04PM
You'll like this then: http://www.youtube.com/watch?v=vB9JgxhXW5w [youtube.com]
(Score: 0) by Anonymous Coward on Tuesday November 11 2014, @07:23PM
How about we stop appending the suffix -gate to every single fucking so-called scandal?
Can we call this gategate?
(Score: 1) by Valkor on Tuesday November 11 2014, @07:40PM
I just use #fucksystemd because it clearly portrays my thoughts on the subject.
(Score: 0) by Anonymous Coward on Wednesday November 12 2014, @02:51AM
I use the same thing, except including a bit of space between the two words and without spurious pound symbols!
(Score: 1) by ld a, b on Wednesday November 12 2014, @10:27AM
You are old.
You should know that the hash symbol represents the Twitbook or whatever young people use to send naked photographs of themselves to each other.
As I understand it, you cannot get access to the naked photographs unless you release all your personal information to the companies administrating the Twitbook.
10 little-endian boys went out to dine, a big-endian carp ate one, and then there were -246.
(Score: 2) by Bot on Tuesday November 11 2014, @04:18PM
If you want to spy you gotta act below the distro level, at kernel, PID1, firmware peripheral bios and hardware level. So you don't have to worry of being found out by code reviews.
Assange might be right anyway, the NSA might have pwned Debian, after all they could be needing some linux system that works reliably.
Account abandoned.
(Score: 5, Insightful) by VLM on Tuesday November 11 2014, @04:25PM
If you want to spy you gotta act below the distro level, at kernel, PID1, firmware peripheral bios and hardware level.
On the other hand, if you want a unified linux platform to insert spyware, think about it:
Distro level? Naah, some differences exist
Kernel level? See above.
Firmware level / hardware level? See above
PID1, well soon enough there will only be one PID1 possible and it'll control absolutely everything, as a new kernel, basically. In some ways you're better off subverting systemd and friends than subverting the kernel, certainly fewer people monitoring it.
Its going to be quite the security hole once "everything" in linux land depends on it. I'll be OK on freebsd, but the rest of you suckers are screwed.
(Score: 2) by Freeman on Tuesday November 11 2014, @04:37PM
Assuming what you are saying does come to pass. I would expect to see a large migration to FreeBSD and then a subsequent corruption in the same vein of systemd for Linux.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 3, Interesting) by VLM on Tuesday November 11 2014, @05:13PM
Isn't it already coming to pass?
Also "we" can't even get Docker to port to Freebsd jails (and I have some apps that will be freebsd jailed). And once freebsd is corrupted (or... if) then theres openbsd, netbsd I'm not seeing an issue.
Also a core value of the systemd coup was we must all bend over backwards for the proverbial theoretical "desktop linux user" because us real desktop users don't count, the only important users are the theoretical future imaginary ones that rely on dumb new ideas (because the old dumb ideas weren't dumb enough or something, so we need dumber new ideas). "desktop linux user" as the battle cry is going to be a hard sell on a BSD distro.
(Score: 4, Interesting) by Jeremiah Cornelius on Tuesday November 11 2014, @05:48PM
Most germane statement, from the NSA link at muchweb:
Emphasis added.
You're betting on the pantomime horse...
(Score: 2) by frojack on Tuesday November 11 2014, @09:32PM
Why start at that cesspool called FreeBSD?
Those guys make as many security blunders a most Linux distros, which aren't all that many (that we know about), but still more than a few.
I'm firewalling my system with OpenBSD, running the pf filter with heavy egress filtering.
I'm also moving my MTA/MDA there. I'm moving my inhouse file server to slackware or perhaps another OpenBSD box.
I'll probably continue use OpenSuse as a Linux desktop internally, (even with Systemd), because I'm quite familiar with it.
The current version of OS is heavy into systemd and it DOES NOT boot any faster, IS NOT any easier to maintain.
There is exactly two man pages you need to read to manage a systemd system, and they aren't that long, still, I see exactly zero benefit of systemd.
The speed with which systemd is taking over every distro is alarming, and unnatural in the Linux world. That's either because its good, or it has big money behind it. I keep hoping its good. I don't discount the possibility of it being both good and well moneyed.
And I'm always on the look out for credible claims of NSA infiltration. So far, I haven't seen one.
No, you are mistaken. I've always had this sig.
(Score: 1) by fritsd on Wednesday November 12 2014, @09:51PM
"The speed with which systemd is taking over every distro is alarming, and unnatural in the Linux world. That's either because its good, or it has big money behind it."
Personally I think it's a third reason: the network effect.
When I half-upgraded to jessie, saw the error of my ways, and downgraded, I found out that really many programs had gotten dependencies on libsystemd-journal0, libsystemd-daemon0, libsystemd-i128-0, libpam-systemd, libsystemd-login0 in the past year
And cups needs libsystemd-daemon0, so if you want to print, you need it, or downgrade cups.
And dbus "needs" libsystemd-journal0 (why??) so I had to recompile it without.
And lots of stuff needs dbus, mainly the desktop environments, KDE, Gnome, LXDE. I don't know of any alternative? A commenter on the previous soylentnews systemd story mentioned that dbus is very valuable for IPC.
And libpulse0 depends on libsystemd-journal0 (why??) so I had to recompile it without (that's how I got interested in this whole "shitstorm" actually)
meaning anything that makes a sound on Linux nowadays needs libsystemd-journal0.
And lots of things depend on libpam-systemd and policykit.. I wish I had documented a bit better what I tried to circumvent that. I didn't even know what policykit was.
I believe that the systemd people have plans to integrate udev and dbus with systemd (by "I believe" I don't mean like Fox Mulder, but that I read somewhere a blog of one of the authors of systemd who expressed this plan).
So maybe you can't easily make a dbus package configured with --disable-systemd anymore, a few versions from now.
"Not to mention camels":
The nose of the camel is in the tent. Time to choose if you welcome the camel, or otherwise begin shooing it out *right now*. While respecting the camel's dignity and many qualities, of course.
It's still second-best.
(Score: 1) by khallow on Tuesday November 11 2014, @05:32PM
and then a subsequent corruption in the same vein of systemd for Linux.
Except now, the targets are aware. And evidence of actual conspiracy between Red Hat and US intelligence would be costly.
(Score: 2, Insightful) by WillR on Tuesday November 11 2014, @08:56PM
(Score: 3, Interesting) by frojack on Tuesday November 11 2014, @09:44PM
And evidence of actual conspiracy between Red Hat and US intelligence would be costly.
Costly to who?
Most of Red Hat's business is government of one sort or another. Don't see them suffering one bit.
No, you are mistaken. I've always had this sig.
(Score: 2) by Grishnakh on Wednesday November 12 2014, @02:00AM
This doesn't make sense; why would you need to migrate to a non-Linux system just because of systemd? Linux isn't built just by some big corporations, it's community-owned. If the community doesn't like systemd or thinks it's NSA-tainted, there's nothing stopping people from forking distros or making their own new distros which don't use systemd. If nothing else, people would just migrate to Gentoo or Slackware; the latter isn't switching to systemd ever I'm sure. But surely new non-systemd distros would pop up if this becomes a real issue.
(Score: 2) by cykros on Wednesday November 12 2014, @02:28PM
Eh, FreeBSD may take over a lot of territory, but it doesn't have a chance of taking the Linux desktop userbase (I know, it's small...) without some seriously improved graphics card support.
I'll stick with Slackware myself, and hope they don't torture poor old Pat.
(Score: 2, Funny) by Anonymous Coward on Tuesday November 11 2014, @04:55PM
Three PIDs for the servers under the cloud,
Seven for the daemons in their halls of root,
Nine for mortal users destined to log out,
One for the systemd on his dark boot
In the land of cgroups where the shadows lie.
One PID to rule them all, One PID to find them,
One PID to bring them all and in the darkness bind them
In the land of cgroups where the shadows lie.
(Score: 4, Interesting) by choose another one on Tuesday November 11 2014, @05:48PM
Or the shell, which runs just about everywhere, including straight off PID 1, and is a massively complex ball of arcane poorly reviewed source in which it should be dead easy to insert a crazy stupid security hole as a feature that no one will notice for 20 odd years.
Done.
And then Debian switched /bin/sh away from being bash, so they needed to create another hole. So, systemd is Debian's fault all along...
[singing I love conspiracy theories, stick another evil-backwards-words-track on the juke box baby]
(Score: 2) by gman003 on Tuesday November 11 2014, @06:57PM
This is why, on my boxes, I set the system/root shell to the *original* Bourne shell, the 70s/80s one (as patched by the Rudest Canadians). Smaller attack surface, smaller userbase, and code maintained by people averse to changing it except to fix bugs or security holes.
Naturally, for my actual user accounts, I use bash or zsh.
(Score: 2) by cykros on Wednesday November 12 2014, @10:32PM
As far as I understand it, on systems with Bash, generally, /bin/sh is provided by bash in the first place, and as such, even using /bin/sh didn't save you from Shellshock...
This [us-cert.gov] seems to confirm that.
Of course, if you went way out of your way to ensure that /bin/sh wasn't actually being provided by Bash, then yea, you'd have been in the clear.
(Score: 2) by Grishnakh on Wednesday November 12 2014, @02:03AM
The shell doesn't matter; that's like worrying about security holes in some Tetris clone or text editor. The shell is not an ever-present daemon with access to everything in the system, it's a another user-interactive program. The problem with init daemons is they're daemons, constantly running in the background and they have root-level access to everything. With systemd, there is some justifiable concern because it has many included components which hook into other parts of the system, including networking.
(Score: 4, Interesting) by Rosco P. Coltrane on Tuesday November 11 2014, @04:39PM
Most of my machines run antiquated (but perfectly functional) versions of Debian, and I have no reasons to upgrade neither hardware or OS. So I've been following the systemd debate very,very loosely, wondering whether/when/why I should care whether it's included in my next major OS install.
So technically I was neither for or against it. But if the NSA gets anywhere near it, it's a pretty easy decision: SystemV init for me. No systemd thank you very much.
In a sense, it's a blessing in disguise: it means I don't have to research the technical issues involved. It's just fuck the NSA has an interest in. Easy peasy.
(Score: 0) by Anonymous Coward on Tuesday November 11 2014, @06:06PM
I thought the principal developers of systemd were European. Why would they want to aid the NSA? Not that that proves anything, of course, but nobody has proved anything on the other side either.
Occam's Razor and all that. It's up to the theorists to prove that the moon landing was shot in the southwestern USA.
(Score: 0) by Anonymous Coward on Tuesday November 11 2014, @06:29PM
I don't know about you, but I like strange. But I'm married, so I can't just go out and get strange two or three times a day. But if some strange shows up on my door while the wife is out of town, I'll bang it like a screen door in a hurricane.
So, maybe the NSA didn't create systemd and maybe they aren't the primary developers. But when they see a thid party useful idiot come up with some overcomplicated software running with root privileges on the majority of linux systems ... (so it can be more like windows... in more ways than one!)
(Score: 0) by Anonymous Coward on Wednesday November 12 2014, @05:29PM
They work for red hat?
(Score: 0) by Anonymous Coward on Tuesday November 11 2014, @07:21PM
How did you deal with Shellshock? Did you recompile a more recent version of bash yourself?
What about the numerous other security issues likely affecting your systems?
(Score: 2) by sjames on Tuesday November 11 2014, @09:38PM
Funny thing with shellshock, for all the hype it's only a risk in a small subset of systems.
(Score: 2) by frojack on Tuesday November 11 2014, @10:20PM
Pretty much true.
If you don't run your own web server, or use seldom used options on your sshd, the average personal linux machine largely immune.
No, you are mistaken. I've always had this sig.
(Score: 2) by choose another one on Tuesday November 11 2014, @10:28PM
And if you don't use procmail, or exim, or qmail, to deliver your email..., and if you don't have any of the other vectors already found, or the ones that haven't been found yet.
(Score: 2) by frojack on Tuesday November 11 2014, @11:15PM
Your average personal linux machine does not run any sort of MTA, or even an MDA.
Of those that do, dovecot an postfix are the most popular and are pretty much imune, because ever distro worth installing puts them in jail, and most installations don't invoke scripts, but rather use unix sockets.
It simply uses secure imap or secure pop, and NO delivery agent because it is something like Thunderbird or Kmail or such that is dealing with the outside world.
Run a simple "netstat -tuanp | grep LISTEN" command and explain every single thing listening on 0.0.0.0 or :::.
If you know why every one of those is listening, you can evaluate the risk.
If your personal linux machine is listening on port 25/465 you are probably doing it wrong.
If your linux server is listening on those ports, you better know what you are doing.
No, you are mistaken. I've always had this sig.
(Score: 2) by stderr on Wednesday November 12 2014, @06:51PM
Your average personal linux machine does not run any sort of MTA, or even an MDA.
Does your average personal Linux machine run a DHCP client?
Some DHCP clients call bash and could therefore make you vulnerable to shellshock.
alias sudo="echo make it yourself #" #
(Score: 2) by frojack on Thursday November 13 2014, @07:18AM
There has only been a proof of concept for dhclient, and none in the wild. Your wifi router is not likely to be a problem, because they don''t use bash. This is why its pretty much a non issue. Everywhere you normally use your home computer you are protected by a router, wired or wifi that does not use bash, so its not vulnerable from its upstream.
I spoze someone could, if given several hours alone with your router could put their own software on it. But if you give them access to your router, chances are they don't need to try to trigger shellshock on your linux machine. You'd probably give them access to that as well,
No, you are mistaken. I've always had this sig.
(Score: 2) by stderr on Thursday November 13 2014, @08:18AM
Everywhere you normally use your home computer you are protected by a router, wired or wifi that does not use bash, so its not vulnerable from its upstream.
Yes... Cause you never bring your laptop to work or anywhere else, right?
And even if you leave your computer at home all the time, are you sure the access point called "My Home AP" is really your access point and not the one running in the back of a van parked across the street?
alias sudo="echo make it yourself #" #
(Score: 2) by frojack on Thursday November 13 2014, @05:40PM
Stupid questions all around.
I'm completely aware of my work environment and the dhcp servers it uses, since that's my job.
While you might use an SSID of Linksys or My Home AP, don't assume everyone around you is equally stupid.
No, you are mistaken. I've always had this sig.
(Score: 2) by stderr on Thursday November 13 2014, @08:50PM
alias sudo="echo make it yourself #" #
(Score: 2) by frojack on Thursday November 13 2014, @10:27PM
The difference is, my devices are are authenticated to my home AP, and aren't randomly associating with other APs. The van across the street is going to be pretty noticeable, and have a much weaker signal even if it somehow manages to obtain the same WPA2 key as my home router.
Besides, I have my own DHCP server, and do't serve dhcp from my router.
No, you are mistaken. I've always had this sig.
(Score: 2) by M. Baranczak on Tuesday November 11 2014, @08:17PM
First things first. Is there actually any evidence of NSA involvement? I skimmed the first three linked pages, and I couldn't find any. I'm not even talking about proof, just any sort of concrete information.
(Score: 0) by Anonymous Coward on Wednesday November 12 2014, @01:40AM
Sounds to me like the anti-systemd crowd is getting desperate and pulling out the NSA boogeyman.
(Score: 1) by fritsd on Wednesday November 12 2014, @09:12PM
Well.. no evidence of malice by anyone, to be honest, but it just looked worse and worse the more I read about it (read == read the freedesktop.org documentation, not just some paranoid blog)
For example:
I looked at the spec of the binary log file that libsystemd-journal0 produces, and noticed the following:
http://www.freedesktop.org/wiki/Software/systemd/journal-files/ [freedesktop.org]
modified: Sun 15 Sep 2013 01:19:03 AM CEST
SHA-1 checksum: 3226d5706a8f58351e36cfb02dfab355b5c6ae5a www.freedesktop.org+wiki+Software+systemd+journal-files.html
The paragraph "Extensibility" (extensibility is obviously very good in principle, we all agree)
"Extensibility
The format is supposed to be extensible in order to enable future additions of features. Readers should simply skip objects of unknown types as they read them. If a compatible feature extension is made a new bit is registered in the header's 'compatible_flags' field. If a feature extension is used that makes the format incompatible a new bit is registered in the header's 'incompatible_flags' field. Readers should check these two bit fields, if they find a flag they don't understand in compatible_flags they should continue to read the file, but if they find one in 'incompatible_flags' they should fail, asking for an update of the software. Writers should refuse writing if there's an unknown bit flag in either of these fields."
This "compatible_flags" bitfield enables older journalctl? executables to make the most sense of newer log files so that it encourages a gradual decrease in compatibility between different versions of log files and log file readers. I understand that.
However, from reading that paragraph, I thought that it *also* means, *if* the system log can be tampered with, you can make an entry "disappear" by changing 1 bit in the compatible_flags header, and then that one record will be skipped by the program you use to study the syslog, because "oh that record is from some newer version of the spec that I can't read, I'll just silently ignore it then".
Please correct me if it's stupid what I just wrote. I have not actually written a test program to try it out if that trick would work, I have removed anything to do with systemd, and am now studying if I really need D-Bus and what it's actually its benefits.
I know I can get ranty when I'm tired but I do not think Red Hat == NSA.
I think it's pretty damning though that the title of this soylentnews article could have been "many people consider systemd a worse init system than what we have now".
No need to over-hype it!!
Otherwise, you get a dialogue like this:
"some people have written that systemd is crap"
"oh yes, I read about that. the lunatics think systemd is written by the NSA. obviously that's stark raving paranoid, therefore systemd must be ok."
Even if *none* of the features of systemd are malicious, it is still a complex and large piece of software in a location where you'd want *and already have* a small and significantly less complex piece of software.
If PID 1 crashes it's a kernel panic.
Why can't all of the extra nifty features be added onto daemontools or something?? Why can't cgmanager be run as PID 2 or something? (since it needs to deal with virtual machines with cgroups with virtual machines with cgroups .. turtles all the way)
Oh and another thing about that journal-files document: I couldn't find anything about the rumor that core dumps can be written *inside the syslog*. But it can contain large compressed binary data. In the syslog. I don't understand why: if the disk subsystem has crashed and you need to do a post-mortem on mdadm or something, then the core dump hasn't disappeared because it's in the syslog which is presumably on the root filesystem or something. But is that the reason why this feature is provided?? What if it's the root filesystem that crashed, does the core dump go to the console screen then??
Systemd has features that may be implemented for really smart sysadmins with huge cloud servers (such as Red Hat, I'm sure). But for the .. slightly more stupid .. such as me, if something is too complex then that means I can't trust myself to use it without error, and I'd be tearing my hair out when I had to repair such a system. Better not to begin with it at all, or at least be paid a fortune for consulting :-)
(Score: 1) by justthinkit on Friday November 14 2014, @03:40AM
Suggestion -- could you bold any portions of your post that are noteworthy?
It wall-of-texted me and I gave up.
(Score: 1) by fritsd on Friday November 14 2014, @12:26PM
Sorry. I get carried away.
Two different pieces of my wall-of-text:
1. binary log spec with unintentional features
The spec http://www.freedesktop.org/wiki/Software/systemd/journal-files/ [freedesktop.org]
it looks like if you change one bit in a log file, you can make it so that a compatible reader program must skip that log entry. So the log entry is disappeared. (Note I haven't tested this myself)
Also you can stuff an XZ-compressed core dump inside the system log. who needs this feature? what was the use case to spec it? Is that ever necessary?
2. Invoking the NSA bogeyman may be counterproductive
Many people think systemd is worse than what we have now, a regression. But imagine the following dialogue:
"some people have written that systemd is crap"
"oh yes, I read about that. the lunatics think systemd is written by the NSA. obviously that's stark raving paranoid, therefore systemd must be ok."
To evaluate and criticize systemd we must look at its source and its spec, not at the size of the tin-foil-hat of its detractors.
(Score: 2) by cykros on Wednesday November 12 2014, @10:37PM
Sysvinit can be done well, but part of why I think so many distros jumped to systemd (separate from the massive money and weight being thrown around by Redhat and co.) had to do with the absolute mess most distros called their init scripts, with Debian absolutely included there. Slackware, by comparison, uses BSD style init scripts with sysvinit...something that, once you're familiar with, makes you wonder why on earth anyone ever ran sysvinit any other way.
Not trying to proselytize so much as just point that out, as it was something I didn't really appreciate much until looking into it as a result of the systemd hostilities. Vector Linux is probably the smoothest landing for Debian refugees from systemd (who don't care to handle managing their own replacement with sysvinit, which is still at least somewhat supported, if not endorsed), as it's based on Slackware, with a few gui configuration utilities to keep you from going crosseyed reading documentation all at once, as well as the repository-based package manager slapt-get, which, as the name suggests, is quite similar to apt-get in usage.
(Score: 3, Informative) by melikamp on Tuesday November 11 2014, @05:03PM
(Score: 0) by Anonymous Coward on Wednesday November 12 2014, @04:46AM
Yup, owned/pwned means compromised
(Score: -1, Troll) by Anonymous Coward on Tuesday November 11 2014, @05:16PM
All of those "sources" are just conspiracy theory rantings with nothing to back them up. Yes, systemd could be pwnd by the NSA. The moon mission could have been faked as well.
Without facts to support anything, this article is nothing more than the well-known propaganda technique of demonizing the enemy.
(Score: 4, Insightful) by Stuntbutt on Tuesday November 11 2014, @05:37PM
Security comes in two flavors: perfection and compartmentalization. Perfection is just that - if your security is flawless, you're safe. The instant it isn't flawless, you might as well have nothing. This level of security requires Proof of Innocence. Compartmentalization relies on expecting and accepting security breaches, but with buffers (firewalls, but not the networking sense) to limit depth and scope. This type of security requires Proof of Safeguarding.
Proof of Innocence is hard.
However, when it comes to low-level software/hardware, it is required. There are no fallbacks, no buffer zones, once the kernel is breached. Tin-foil hat? Maybe. But, until it's heavily audited by multiple sources - preferably people paid by a 3rd-party trust foundation or fund raiser to do the audits - and readily interrogated at every change, I would be suspicious of the NSA. This is EXACTLY the type of attack vector they would love to have, especially considering the overlap of Linux users against Scary People Who Need To Be Watched.
Can you imagine the impact of Systemd infiltration on TAILS? :(
I will be suspicious of closed-source OSs because they are known, compromised vectors. I will be suspicious of open-source OSs with huge single points of failure, such as SystemD.
(Score: 3, Interesting) by Arik on Tuesday November 11 2014, @08:18PM
Per https://labs.riseup.net/code/issues/5821 it seems they are trying to force their way into TAILS the same way they did Debian - they file a spurious bug report. Oh noes! Your init system is not 'modern!' Fix it now!
It's really sad because a lot of these people (like Poettering for example) are obviously very smart people with some chops, but unfortunately that does not stop one from becoming someone elses useful idiot.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by urza9814 on Thursday November 13 2014, @04:50PM
1) It's not a bug report, it's a feature request.
2) "They" in this case appears to be the TAILS developers themselves. How is it being "forced" in if it's the developers themselves saying they want to add it?
I'm not saying it's not bad, but it sounds like you're trying to blame some outside third party for this. If TAILS goes Systemd, it'll be the TAILS developers alone who are responsible.
(Score: 0) by Anonymous Coward on Wednesday November 12 2014, @08:42AM
I suggested tails not use systemd in their irc channel and was banned.
(Score: 2) by jackb_guppy on Tuesday November 11 2014, @06:05PM
Systemd is broken. I have to reformat machine twice and send daily logs to get it fixed... still not.
IF NSA is behind it, like MS and Adobe, more 0-day will appear in the Linux world.
You think bash error was bad. What happens when all is hidden? Welcome to the new MS Linux.
My colander hat with vent holes, it is not looking so bad!
(Score: 1) by Anonymous Coward on Tuesday November 11 2014, @07:29PM
Read through the majority of posts, but found m mostly rhetoric.
Are there any proven attacks on systemd?
Found this: http://www.reddit.com/r/linux/comments/27zyxz/is_there_any_effort_on_systemd_security_auditing/ [reddit.com]
What scares me most is that a simple search like "systemd security bugs", shows very little.
Anyway, it's NOT just an NSA thing...it is an EVERYthing.
Never saw the movie, Snakes on Planes, it was obvious how bad a movie could be just from the title.
Systemd is Snakes on Planes, its obvious that something so complex is going to be bad, no matter how you cut it, there are going to be countless security holes.
(Score: 1) by zzw30 on Tuesday November 11 2014, @07:57PM
It's Snakes on a Plane, and it was glorious. Much better occupant of time and brain cells than some award-winning suspense/drama schlock.
(Score: 2) by fnj on Wednesday November 12 2014, @03:21AM
Snakes on a Plane had really good moments, but the parody of it in Epic Movie was hilarious.
It's similar to Meet the Spartans vs 300. Meet the Spartans is a guaranteed riot no matter how many times I watch it.
(Score: 2) by cafebabe on Wednesday November 12 2014, @03:21AM
I watched it as an in-flight movie and it is really scary if you watch it while experiencing real airplane turbulence.
1702845791×2
(Score: 2, Troll) by caseih on Tuesday November 11 2014, @08:28PM
So random fallacious thought experiments on a random blog somewhere means the "Linux community" is mulling NSA involvement with systemd? Wow soylentnews is falling to new lows, and from the sound of things a lot of soylenters too.
Guess you should unplug and just stop using computers entirely. This kind of trolling is unbecoming of the the Linux community in general (which it really isn't representative of but others might think so) or open source ideals. This is the wrong way to debate systemd. I guess facts don't matter.
If you're really worried about this bizarre blog post, Look the source isn't that long; if thousands of angry pitchforks are really ready, why not audit the code instead and compile it yourself. Oh but wait that won't reveal anything because the real place for the NSA to meddle is in the compiler!
To those who don't want systemd go build your own distro. That's the beauty of open source and free software. I understand that Linux from scratch is a really fun thing that every Linux fan should do at least once.
(Score: 2, Insightful) by Nuke on Tuesday November 11 2014, @11:23PM
So you say we are not allowed to discuss it.
Sorry, but we shall. That does not make it a cert that the allegations are true, but in the light of recent doings such allegations should be open to discussion, consideration, and if possible, investigation. I for one am mystified by the speed, scale and manner of the systemd takeover.
As for this pitchfork auditing the code, if T'so cannot understand it, I certainly won't, and I do write some C code.
And another problem with your advice to build my own distro is that (I gather) apps are starting to use systemd calls, so I would have to port them too. I have other things to (just as noble and more productive) so I feel perfectly entitled to complain about systemd nevertheless. As Dr Johnson said, "I can complain if a carpenter has made a table badly even though I could not make one myself. It is not my job to make a table"
(Score: 0) by Anonymous Coward on Wednesday November 12 2014, @02:01AM
Where's the convincing evidence? Why would any of these people want to help out the NSA?
This just smacks of an excuse of tying two things together for convenience. Why not throw Microsoft and the Chinese Government into the conspiracy too, that would make everyone here feel like they just drank a $30 bottle of wine.
(Score: 3, Insightful) by Arik on Wednesday November 12 2014, @02:18AM
Why would you suppose they *want* to help the NSA?
The hypothesis is that they are "useful idiots", not agents. And no that is not an insult, it is a term of spycraft, a "useful idiot" is someone doing something for their own purposes that still turns out to be very useful for you, the spy.
And we dont need any evidence of a deliberate exploit to notice that systemd is, well, exactly the sort of architectural monstrosity we would encourage someone to adopt, if we wanted to make sure their systems could never be secured.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Wednesday November 12 2014, @03:07AM
The hypothesis is that they are "useful idiots",
And here I was operating under the impression that the systemd and Debian maintainers were highly experienced, highly skilled, enormously dedicated engineers who went about their craft in a very organized way. But it turns out they're just muckers who can easily be persuaded to commit spyware patches through a little bit of social engineering.
Gee, could the Linux kernel be susceptible to similar? They sure commit a lot of device driver code contributed by outsiders! What about Python and Hadoop? Did Mr. Assange make some offhand comment about how HDFS has been compromised by the NSA?
(Score: 2) by Arik on Wednesday November 12 2014, @03:11AM
And you obviously didnt comprehend what I wrote, because I did not contradict that in any way.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Wednesday November 12 2014, @08:25AM
The debian people are not software engineers, not anymore atleast.
They're packagers and hipsters.
(Score: 1) by Wrong Turn Ahead on Wednesday November 12 2014, @01:11AM
FTFY...
(Score: 2) by turgid on Tuesday November 11 2014, @09:16PM
It' becoming increasingly clear to me that systemd is a benevolent gesture from uncle Vladimir I'm-Not-Gay Putin to save us from fascists, Neo-Nazis and imperialists. He only has our best interests at heart.
Time for my pills...
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 2) by tangomargarine on Tuesday November 11 2014, @10:34PM
It would actually not be all that surprising to me if it came out the Putin actually was a closeted homosexual. All that posturing and extreme he-man stuff...and that theory/observation that often the people who most loudly criticize something are in fact doing it themselves behind closed doors (pun intended, heh). And the best way to show that you're Totally Against It is to lean on everybody to pass laws making it illegal.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by keplr on Wednesday November 12 2014, @03:50AM
More likely that he's a pedophile [spiritoftruth.org], although I guess he'd still be a homosexual in that case.
I don't respond to ACs.
(Score: 0) by Anonymous Coward on Wednesday November 12 2014, @08:49AM
Too bad he's not a hetero pedophile. Then there'd be one anti-feminist pro men with young female children country in this world for whites.
(Score: 2) by tangomargarine on Wednesday November 12 2014, @03:26PM
1) The louder you proclaim your moral rightness, the more suspicion is probably warranted. Calling your publication "spirit of truth" sets off all kinds of warning bells.
2) No, being a pedophile does *not* also make you homosexual. Why can't you be interested in children of the opposite sex only?
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by keplr on Wednesday November 12 2014, @11:56PM
Why can't you be interested in children of the opposite sex only?
I was specifically talking about Putin. If he's a pedophile, he seems to prefer boys, which would also make him a homosexual.
I don't respond to ACs.
(Score: 0) by Anonymous Coward on Thursday November 13 2014, @05:57AM
That sux.
If he was into girls there would be a white country for men in the world.
Young girls are often adorable and nice.
(Score: 2) by Pav on Wednesday November 12 2014, @03:49AM
We know NSA as an organisation has been trying to f*** everyone over, including their own citizens. However it's obvious the NSA is full of both technical and ethical talent, with enough understanding systems to know that universal spying is a bad BAD idea. I'm humbled by the number of whistleblowers they've had (ie. Thomas Drake, Bill Binney, J. Kirk Wiebe, Ed Snowden, the fifth unnamed guy who was still working there until recently until he was raided [businessinsider.com.au]. I suppose I can't be too ashamed of my nation because of Julian Assange, and within ASIO perhaps James Paul Seivers [intelnews.org], though I don't know enough details of that case.
There's no evidence of any wrongdoing regarding systemd, but in a surveilance state everyone pays the added cost of a lack of trust, and this is as it should be. Those in power will blame the leakers which is moronic.
(Score: 2) by dmc on Wednesday November 12 2014, @08:33AM
+1