The 2017 Pwnie winner for lamest vendor response goes to Lennart Poettering for systemd. According to CSO which has reported on it, the Pwnie winners which were announced a few days ago, the summary for Lennart and systemd reads as follows:
The most spectacular mishandling of a security vulnerability by a vendor ended up winning a Pwnie for Lennart Poettering due to SystemD bugs 5998, 6225, 6214, 5144, 6237. The nomination reads: "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message. But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"
(Score: 1, Interesting) by Anonymous Coward on Monday July 31 2017, @06:38AM (13 children)
Well... he is rolling around in cash as the misery caused by his whims are felt by other folks and all he has to do ignore the deluge of internet name calling and labeling.
If that was his purpose in life, making money, then I'd say he's pretty successful... so I wouldn't say he's a "dumbfuck" or a "moron". Of course everyone has different moral standards and goals in life.
(Score: 2) by kaszz on Monday July 31 2017, @06:50AM (11 children)
Remedy: Make him suffer the consequences?
End to externalization of costs. Nice banking account you got there..
(Score: 2, Insightful) by pvanhoof on Monday July 31 2017, @01:53PM (10 children)
Remedy: don't use his software. You are not required to do so. It's free and/or open source software. You can modify it yourself. You can replace it. You can create a replacement. What makes you believe you have to use it? Since you want to make the author of it suffer, I assume you are forced to use it? In which country is that? I never heard of a place that requires people, by law, or by force, to use systemd. Not even China as far as I know.
(Score: 3, Interesting) by kaszz on Monday July 31 2017, @02:48PM (8 children)
The problem is his systemd is infesting more and more software and the cost/gain for establishing a feedback loop becomes more attractive with time.
It's like saying if you don't like the water utility you are free to unsubscribe it. Works in theory..
(Score: 2) by pvanhoof on Monday July 31 2017, @03:06PM
Last time I checked there are entire distributions devoted to replacing systemd with something else. Hardly like the water utility. More like a brand of a car, or a often used component in many car brands. Or maybe, if you take it to the extreme, like a Diesel engine.
(Score: 2) by digitalaudiorock on Monday July 31 2017, @04:04PM (6 children)
As someone who uses Gentoo with no systemd it's definitely possible, but yea, it sucks having to hope that not too many important software projects drink the systemd kool aide. Things could start getting more and more difficult.
By the way...not much sense in debating pvanhoof. There's one of him in every systemd discussion anywhere on the web. He goes on about how this is all just "systemd hate", passive aggressively pretending to the the "reasonable" one in the discussion, and proceeds to troll the thread no less that eight pro-systemd comments (and counting)...none of which have been modded up, and several which have been modded down.
(Score: 2) by kaszz on Monday July 31 2017, @04:29PM (4 children)
Any notable compatibility trouble with free software going the systemd route?
(Score: 2) by digitalaudiorock on Monday July 31 2017, @05:30PM (3 children)
If you're asking if I've run into issues, not really, however I simply don't use anything, like Gnome for example, that requires it. So far nothing I really care about has become an issue. Hopefully most sane projects out there will continue to realize that making end user software dependent on a specific init system is basically turning into Windows ;)...which is pretty much what systemd is to anyone paying attention.
What REALLY sucks if you ask me is that it will become impossible to find a good binary server distribution. CentOS 6 for example is simply rock solid. You couldn't pay me to use 7. That scene is just plain sad.
(Score: 2) by kaszz on Monday July 31 2017, @05:59PM (2 children)
What is your train of thought on this?
(Score: 2) by digitalaudiorock on Monday July 31 2017, @06:52PM (1 child)
I think there are some out there (notably Redhat) who would actually like Linux to effectively turn into Windows in that all end user software can always leverage the same interfaces exposed by one and only one monolithic init system that can be assumed to always be there. The over engineered way they approach everything even looks indistinguishable from he nightmarish way Windows does everything. That would be the end of Linux as far as I'm concerned...because it all flies in the face of everything that's make 'nix operating systems survive this long.
This would be a concern even if systemd wasn't actively trying to replace tried and true shit (DNS etc etc) that they have no clue about. That just makes it worse.
(Score: 2) by kaszz on Monday July 31 2017, @07:00PM
I think it's time for some anti-systemd software.
(Score: 2) by FakeBeldin on Monday July 31 2017, @08:08PM
Thanks for the tip - there are indeed a lot of posts by pvanhoof further down that fit your description.
(Score: 2) by http on Tuesday August 01 2017, @10:58PM
If you're not familiar with systemd, you are fuck off out of here as far as working in pretty much any org (picked at random) that uses Linux. The exceptions are... exceptions. Oh, and good luck being the new hire that tries to say, "we're switching everything to BSD because it's actually documented."
I think you'll find the threat of homelessness and starvation fairly coercive.
I browse at -1 when I have mod points. It's unsettling.
(Score: 2) by pvanhoof on Monday July 31 2017, @01:51PM
Rolling around in cash ..
The average salary at Red Hat for a Senior Software Developer is $96,984. That's not super much for software development in the US. I don't know about the details of Poettering's contract with Red Hat, of course.
source [payscale.com]