SoylentNews is people
SoylentNews
One thing I have yet to see discussed about systemd and the "unified package manager" proposed by Poettering is the stated objective [among others] of tivoisation of linux:
We want our images to be trustable (i.e. signed). In fact we want a fully trustable OS, with images that can be verified by a full trust chain from the firmware (EFI SecureBoot!), through the boot loader, through the kernel, and initrd. Cryptographically secure verification of the code we execute is relevant on the desktop (like ChromeOS does), but also for apps, for embedded devices and even on servers (in a post-Snowden world, in particular).
Am I the only one who is scared of this "tivoisation" by design? If this ever makes it to arm devices, say goodbye to DD-WRT, OpenWRT, Tomato, etc. And that will be just the beginning. Be ready for all your devices becoming appliances, non-customizable and to be thrown out as soon as they become obsolete by design. Being allowed to only run signed code will probably be good for redhat, but will it be good for the user?
Strange that a few years ago "trusted computing" was stopped, and now it seems almost inevitable even in Linux.
(Score: 1) by pvanhoof on Monday September 15 2014, @05:54PM
The support for lightweight containers in systemd doesn't mean it will be running multiple kernels. Just multiple userspaces. A lightweight container that runs its own kernel would instead be called a virtual machine. I can imagine QEmu support in systemd someday so that it doesn't matter whether you make systemd nspawn a entire VM or a lightweight container, though.
I also don't think it's immediately the idea to run all software in lightweight containers. Just a bunch of them. I'm hoping that the kdbus ipc will allow running having dbus IPC routing between the containers and dbus service activation instead of having to use systemd-nspawn to bring up a NetworkManager configured to run in a container.