SoylentNews is people
SoylentNews
from the resistance-is-futile.-/home-will-be-assimilated dept.
Good News:
Linux home directory management is about to undergo major change:
With systemd 245 comes systemd-homed. Along with that, Linux admins will have to change the way they manage users and users' home directories.
[...] Prior to systemd every system and resource was managed by its own tool, which was clumsy and inefficient. Now? Controlling and managing systems on Linux is incredibly easy.
But one of the creators, Leannart Poettering, has always considered systemd to be incomplete. With the upcoming release of systemd 245, Poettering will take his system one step closer to completion. That step is by way of homed.
[...] let's take a look at the /home directory. This is a crucial directory in the Linux filesystem hierarchy, as it contains all user data and configurations. For some admins, this directory is so important, it is often placed on a separate partition or drive than the operating system. By doing this, user data is safe, even if the operating system were to implode.
However, the way /home is handled within the operating system makes migrating the /home directory not nearly as easy as it should be. Why? With the current iteration of systemd, user information (such as ID, full name, home directory, and shell) is stored in /etc/passwd and the password associated with that user is stored in /etc/shadow. The /etc/passwd file can be viewed by anyone, whereas /etc/shadow can only be viewed by those with admin or sudo privileges.
[...] Poettering has decided to make a drastic change. That change is homed. With homed, all information will be placed in a cryptographically signed JSON record for each user. That record will contain all user information such as username, group membership, and password hashes.
Each user home directory will be linked as LUKS-encrypted containers, with the encryption directly coupled to user login. Once systemd-homed detects a user has logged in, the associated home directory is decrypted. Once that user logs out, the home directory is automatically encrypted.
[...] Of course, such a major change doesn't come without its share of caveats. In the case of systemd-homed, that caveat comes by way of SSH. If a systemd-homed home directory is encrypted until a user successfully logs in, how will users be able to log in to a remote machine with SSH?
The big problem with that is the .ssh directory (where SSH stores known_hosts and authorized_keys) would be inaccessible while the user's home directory is encrypted. Of course Poettering knows of this shortcoming. To date, all of the work done with systemd-homed has been with the standard authentication process. You can be sure that Poettering will come up with a solution that takes SSH into consideration.
Older articles:
- Pack Your Bags – Systemd Is Taking You To A New Home
- Systemd-Homed Merged As A Fundamental Change To Linux Home Directories
Will systemd be considered complete once the kernel and boot loader have been absorbed into systemd?
(Score: 3, Funny) by Bot on Friday May 01 2020, @12:22PM
One more crippling bombshell hit the already beleaguered systemd/poetterix community when poettering confirmed that a new feature has dropped in yet again, now down to less than a fraction of 1 percent of all servers being unaffected. Coming on the heels of a recent RH-sponsored survey which plainly states that linux users want more performance out of their /home partition layout (whatever that means), this news serves to reinforce what we've known all along. Systemd administration is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive "I know what I am doing" test.
You don't need to feature a >80 IQ to predict poetterix victims' future. The hand writing is on the wall, converted to a binary timestamped db: systemd admins face a bleak future. In fact there won't be any future at all for them because system administration is dying. Things are looking very bad for them. As many of us are already aware, poetterix continues to add features. Red Hat code additions flow like a river of blood...
Account abandoned.
(Score: 4, Informative) by bart on Friday May 01 2020, @12:49PM
If you want to run a Linux system that you actually own, and can understand, give Void a try.
(Score: 2) by epitaxial on Friday May 01 2020, @12:52PM (1 child)
Fuck up your system like docker if your directory isn't set as /home/user? At work its /home/company.com/user and the stupid gnome-calculator that comes as a docker image refused to run. Of course it wouldn't say why or anything it would fail over a permissions error. Also that docker calculator is slow as fuck on a high end laptop. It takes several seconds to load. I removed that piece of shit and installed Xcalc. It loads near instantly.
(Score: 1) by zzarko on Friday May 01 2020, @04:49PM
Yes, I was amazed to see that GIMP, with its zillion filters, loads faster than stupid calculator...
C64 BASIC: 1 a=rnd(-52028):fori=1to8:a=rnd(1):next:fori=1to5:?chr$(rnd(1)*26+65);:next
(Score: 1) by pTamok on Friday May 01 2020, @01:04PM (4 children)
From the fine article:
(Score: 0) by Anonymous Coward on Friday May 01 2020, @01:33PM
systemd-sshd, feeping soon to a creature near you!
(Score: 3, Insightful) by rleigh on Friday May 01 2020, @04:47PM (2 children)
> You can be sure that Poettering will come up with a solution that takes SSH into consideration.
You mean like how he took tmux and screen into consideration when logind broke them completely. He never fixed it!
He never admits to his own stupid mistakes and misunderstanding. Change and progress at all costs!
(Score: 1) by pTamok on Friday May 01 2020, @05:06PM (1 child)
Yes, well. I think the time has come to recognise that systemd is not going to go away: and so, if you want a system which does what you want, rather that what Lennart Poettering thinks you should want, then finding a non-systemd alternative is required.
Systemd is great for some use-cases. I have used it in a production environment, and it does have certain benefits: but I am not sure the benefits outweigh the disadvantages.
I sincerely hope that a non-systemd Linux distribution gains critical mass so that I can put in the effort to convert my systems to it. I've grown lazy and used to Debian/Ubuntu and variants; but it would be nice to have an audio subsystem that works and a shutdown that doesn't hang waiting on network processes so that I need to use the 'magic SysRq key' and RESIO sequence to get my notebook PC to shut down.
(Score: 2) by rleigh on Friday May 01 2020, @07:18PM
I already did. I moved the server-side stuff to FreeBSD and the desktop-side stuff to Windows 10 and MacOS. After over two decades of using Linux pretty much solely on the desktop. I've had enough of it, I'm out. There's only so much ridiculousness I'm willing to tolerate, and with systemd it passed that point quite some time ago. I got rid of my last Linux desktop last year. It's all VMs now, for the stuff I absolutely have to use it for.
(Score: 5, Interesting) by Azuma Hazuki on Friday May 01 2020, @01:06PM (21 children)
I've been, as per usual, a couple of years ahead of the curve with the systemd hate (and took plenty of ribbing for it, because *of course* I did...). Have been systemd-free for years. I know where this is going: systemd is the F/OSS world's single largest malignant NIH-tumor, and it's only going to keep growing.
I don't trust Poettering's motives one little bit. The *least* awful case is that he's trying to drum up RHEL support contracts; honestly, I wouldn't be surprised if he's actually an MS shill or other F/OSS operative. This is sinister, and I'm glad people are starting to realize what a disaster he and his programs are.
Linux isn't dead yet. I'm back on Gentoo, there exist Artix, Void, Slackware, and Devan, and FreeBSD is getting much more usable as a daily desktop OS. We should make the transition ASAP before it becomes too painful to do so.
I am "that girl" your mother warned you about...
(Score: 0, Interesting) by Anonymous Coward on Friday May 01 2020, @01:30PM (2 children)
Yeah many choices... but which one actually has a suspend that works? Or a screensaver that can kick in more than 50% of the time? Install an LAN printer? Jezus the shit never ends...
(Score: 4, Insightful) by rleigh on Friday May 01 2020, @10:07PM
All that stuff has worked for an age before systemd.
Printing has nothing to do with it. CUPS solved LAN printing two decades ago.
Screensavers have worked well since forever. I've not had a problem with them ever, on any desktop environment. Except maybe random screensaver crashes with GNOME. But that's GNOME being crap. It's not screensaver-specific.
As for suspend. There are some dynamic bits which systemd can help with such as re-establishing network connections. But it's not like it's strictly required. You can still make it work with other systems.
(Score: 0) by Anonymous Coward on Saturday May 02 2020, @01:02PM
that all works perfectly for me with devuan. do people still have issues with suspending? last time i experienced that was ubuntu 7.10 on a crappy gateway laptop.
(Score: 1, Interesting) by Anonymous Coward on Friday May 01 2020, @02:11PM (1 child)
"You can be sure that Poettering will come up with a solution that takes SSH into consideration."
More like takes SSH into the carnage.
Never underestimate a misguided 'helper' with lots of energy.
The state of OS design pre-Unix was simple(r). Just make a big engangled blob. (Still the MSoft way?)
It is a lot harder to find a way to break things into parts with recognizable functions and interfaces.
But somehow BellLabs managed to do this with Unix.
It wasn't perfect, but it was relatively easy to work on and supported a wide range of use cases.
It has supported in excess of 3 orders of magnitude or processor speed and count, and 6 of storage size, and a multitude of architecture and use cases.
The magnitude of the impact of the accomplishment can not be underestimated.
Quite a bandwagon that Mr. Poettering is being allowed to steer.
SystemD's direction seems a return to the old ways. It is risky for the following reasons:
1) It has a single minded view of a user. (Great if you happen to be that single mind, less so for the rest of us.)
2) It brings in the maintenance issues of an entangled blob. (Let's make Linux work as well as Windows?)
3) It is sucking open source developer energy from other versions of Linux. (If you want X feature to work, you have to also get SystemD.)
4) It strands a lot of community experience in how to make an old fashioned Unix system work. (What do you mean /etc/xxx doesn't work?)
"No" pretty much says it all, yet it just keeps growing.
(Score: 2) by Grishnakh on Friday May 01 2020, @03:18PM
But somehow BellLabs managed to do this with Unix. It wasn't perfect
UNIX was just a very poor copy of MULTICS.
(Score: 2) by hendrikboom on Friday May 01 2020, @02:22PM (6 children)
I remember delaying upgrading my Debian system when the new release was a systemd release.
I hung on as my usual system became obsolete until I could upgrade to devuan.
-- hendrik
(Score: 1) by DECbot on Friday May 01 2020, @04:31PM (5 children)
Same here. I went from Wheezy --> Devuan Jessie --> Ascii with my webmail server rather recently. I have it on my laptop too. I wish there was more of an Ubuntu polish to everything, but nevertheless, I'm getting tempted to change my file server from FreeBSD to Devuan too. Getting around the GELI encryption will be interesting as all the data is on GELI encrypted ZFS partitions and I'm not about to buy additional drives to temporarily hold the data to reinstall nor will I upload 2TB of data to the cloud to redownload it 20 minutes later.
Okay. Conceptually, I grok that this shouldn't be a problem, but you've got to understand, I've really to need to rethink how I do backups.
cats~$ sudo chown -R us /home/base
(Score: 2) by hendrikboom on Friday May 01 2020, @05:26PM (1 child)
Yes. That's an issue.
Does Devuan handle that encryption system?
I did not encrypt my hard drives. For me, losing the decryption key is a bigger risk than leaking the data.
-- hendrik
(Score: 1) by DECbot on Friday May 01 2020, @07:10PM
So, the laptop was built back in the ZFS on Linux in the ZFS 6.9 era I believe, so encryption was done by LUKS. I've got the details of how I got that working in my journal. If I ever redo it, I'd try to use the baked in ZFS encryption now that it's released.
GELI is a whole other story as that is a BSD only thing. That was the way to do ZFS+encryption with BSD before ZFS had native encryption. There has been some toy applications on Github for decrypting Geli encrypted volumes on Linux, but nothing with robust testing. To safely get the data, I would either have to install Devuan on a new disk and run BSD in a virtual machine to serve the data or detach one encrypted partition from the zvol, format, and then reattach it to the zvol as a new, never been encrypted partition, and then after that resilver the zpool. Once the resilver is done, repeat that procedure for the other 3 drives. No matter how I decide to do it, I am very tempted to add two additional disks as some sort of mirror for holding the os, and leaving the data on the current zpool. What's nice about the ZFS native encryption is I can apply the encryption after the device creation, so I don't have to recreate my dataset. Here's the info: ZFS encryption preview [heckel.io]. Note, this blog dates back to 2017 where as ZFS encryption just landed as stable some time last year if I'm recalling things correctly.
cats~$ sudo chown -R us /home/base
(Score: 2) by janrinok on Friday May 01 2020, @06:25PM (2 children)
Unfortunately, I think (but I am not certain) that the GELI and LUKS systems are only workable on BSD and Linux systems respectively. I looked at moving several systems to BSD a year or two back, but as all my data in on encrypted drives (18 in total over 7 computers with individual backups) the task became unworkable. Data from a LUKS drive couldn't be easily transferred to a BSD system - well I could have sent it all across the network but that didn't seem like a good idea for 36TB of data. I didn't specifically look at moving the data back the other way.
(Score: 1) by DECbot on Friday May 01 2020, @08:28PM (1 child)
Theoretically, you could run a Linux VM on the BSD host to unlock the LUKS container, which is what I was thing of doing but in the reverse (BSD VM to unlock GELI container on Linux host). When I have the time and the cojones to try it, since this is a ZFS dataset with redundancy on four GELI containers, I could decouple the drives one at a time from the zpool and re-add them to the zpool without the encryption layer. The procedure should be the same as when I replaced all the 1TB drives with 3TB drives to increase capacity. Once the data is decrypted, installing a linux on a different drive and mounting the ZFS zpool should be cake. If I had the capacity on a different disk, I could zfs-send the data over, do the install, and then send it back.
That might be somehting you could try. Boot into Linux & unlock the LUKS containers, ZFS-send the data to an unencrypted intermediary disk, install BSD, create GELI encrypted partition, use the unlocked GELI partition to create a zpool, and then zfs-send the data to the zpool encrypted by GELI. I would give it a go myself if I had a few hundred extra bucks to spend on drives.
cats~$ sudo chown -R us /home/base
(Score: 2) by janrinok on Friday May 01 2020, @08:45PM
(Score: 4, Insightful) by digitalaudiorock on Friday May 01 2020, @03:01PM (8 children)
+1000 to all that. I use all Gentoo myself and my company moved from CentOS6 to Devuan to avoid this cluster fuck.
I actually can't believe how AstroTurfed that article is...like this gem:
Holy fucking bullshit alert. Let me translate: "the UNIX philosophy of 'do one thing and do it well' that, unlike other OSs, has allowed it to survive for 1/2 century, has officially been changed to 'do everything and do it like fucking shit'". This all is indistinguishable Windows. What a fucking mess.
(Score: 2) by Grishnakh on Friday May 01 2020, @03:21PM (2 children)
This all is indistinguishable Windows. What a fucking mess.
Don't be so over-dramatic. Nothing is remotely as bad as the Windows 10 UI (except maybe the Windows 8 UI). Linux hasn't gotten that bad yet; Gnome is pretty awful of course, but you can still easily run KDE or Xfce or Cinnamon.
(Score: 3, Insightful) by digitalaudiorock on Friday May 01 2020, @03:56PM
Well in terms of UI functionality etc I agree to some extent. But in terms of administering the system itself, and most notably understanding what's going on and NOT having it become a fucking poorly documented black box, buried in binary shit that used to be in readable text, that nobody outside of Redhat understands...it very much is becoming Windows and gets worse with every change. That seriously fucks up ever headless servers with no UI. They can stick all of their crap up their ass.
Tom
(Score: 2) by rleigh on Friday May 01 2020, @04:53PM
Have you even looked at the direction Windows has gone in? Complain all you like about the UI. That's utterly superficial.
Look at what they are doing under the hood. Windows administration is all about CLI scripting with PowerShell. It's going in the opposite direction. Lots of little "cmdlets" that let you interface with every nook and cranny of Windows and dynamically tweak it. And it's all flexible and extensible via C#. I don't want to particularly endorse it, but I do want to point out that modern Windows has some fairly interesting stuff going on if you can get past the UI.
(Score: 2) by Azuma Hazuki on Saturday May 02 2020, @12:21AM (4 children)
Moved to *Devuan* proper? Wow. You have a seriously savvy C-suite then. I'm impressed. So Devuan is now stable enough to be what Debian was? I've been playing with it in VM and kind of like it, but am worried it's not all there yet.
I am "that girl" your mother warned you about...
(Score: 3, Interesting) by digitalaudiorock on Saturday May 02 2020, @09:44PM (2 children)
In our case this was strictly for headless LAMP servers intended to run as VMs. We initially used Devuan 1 (Jessie) though that involved updating to PHP 7.2 from a separate repo. We've got a Devuan 3 (Beowulf) VM basically ready to use but are waiting for that to go stable (which should actually be fairly soon). That runs PHP 7.3. In that one we've also moved from MySQL to MariaDB 10.3. All in all it's been awesome for that purpose...really minimalist for sure.
I can't personnally speak to how things are with workstation / desktop stuff though many are using it for sure.
(Score: 2) by Azuma Hazuki on Saturday May 02 2020, @10:37PM (1 child)
I've been playing with Beowulf in a VM. It still has the GTK2 Xfce (4.12) and as weird as this sounds, I really miss it. Gentoo only has ebuilds for 4.14.x and I can't find an overlay for the older versions anywhere, and LXDE isn't quite the same.
I am "that girl" your mother warned you about...
(Score: 2) by digitalaudiorock on Sunday May 03 2020, @05:31PM
Interesting. I actually went very minimalist many years ago and moved to just fluxbox using no desktop icons of any sort. I have keyboard shortcuts configured for programs I commonly use and do most everything else from the command line. I don't use any sort of file explorer either aside from basically cd and ls ;).
You mention GTK2. So far I've avoided GTK3. I've heard VERY little good about it...as with much from the freedesktop.org direction. I use gvim with GTK2 and it performs fine, though I've heard that it sort of sucks compiled with GTK3.
(Score: 2) by digitalaudiorock on Saturday May 02 2020, @09:52PM
One thing to keep in mind is that Devuan basically uses the Debian repos for the corresponding version with their own repo's replacements where they're needed. Especially for a headless server there's actually very little difference outside of init scripts etc...so it's far from a completely new animal. It's more like "Debian as God intended" ;)
(Score: 2, Informative) by Anonymous Coward on Friday May 01 2020, @01:13PM (10 children)
All that needs be said about all things systemd.
(Score: 2) by epitaxial on Friday May 01 2020, @02:18PM
I use it as a media player box. It has a small install footprint and just works. Slackware current is basically a 15.0 release now with an up to date kernel.
(Score: 0) by Anonymous Coward on Friday May 01 2020, @02:36PM (3 children)
That would be nice but no,
I used slack back around 4.0 (~kernel 0.97, or so). Back in the aughts, the slackware web package repo went down for almost an entire year. Their packages are also often way out of date. Yes you can build from source, and I often do. But not on slack, because their libs are out of date too. Notably this is at the very least a security problem. I liked the backwards compatability mentality of slack. But they need rolling release to maintain that compatability. They don't, so it isn't.
I use Void on my laptop. Unfortunately I have to use centos for another project due to some dependency issues.
As for the Pottering pole smokers club:
"all information will be placed in a cryptographically signed JSON record for each user".
Hey why not use windows INI files like you did the last time? /s
Pottering discovers a lib for the first time, and Debian bends over to take it in the ass, and the rest of the Linux community suffers. Dear Linux community, Debian is deprecated. Stop regarding it as authoritative.
"Once systemd-homed detects a user has logged in, the associated home directory is decrypted. Once that user logs out, the home directory is automatically encrypted."
Yeah how could that possibly go wrong? Because sysadmins never have to deal with things like power outages or HVAC breakdowns.
There is a right way to do that. Following a cult of personality who has no intention of maintaining a cogent set of tools, isn't it.
(Score: 0) by Anonymous Coward on Friday May 01 2020, @02:59PM
If systemd logind can depend on a user-space lib like gettext then homed can damn well depend on json-c. In fact why don't we use json for everything, we can encapsulate DNS, NTP and systemd binary log files. Put json into the kernel as a debug serialization, write a device driver for a VR headset and neuro-implant so I can have json injected right into my fucking brain. Don't you love systemd? Wouldn't you like some more systemd with your systemd?
(Score: 0) by Anonymous Coward on Friday May 01 2020, @03:50PM
When on one side I see the incessant deluge of crazy bugs swamping the users of Ubuntu, Gentoo and other such "bleeding edge" chimeras, and on the other, just some... credulous persons fantasizing about imaginary "security problems" because Teh Guru Said So!!!11, the choice is obvious.
Slackware FTW!
(Score: 2) by Arik on Saturday May 02 2020, @03:00PM
Nonsense. Security fixes are backported regularly, just like with Debian Stable.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by jasassin on Friday May 01 2020, @04:53PM (4 children)
A distribution without a package manager is a dependency hell/nightmare.
Try to compile source code X on slackware. Have fun finding all the dependencies. Been there. Done that. No thanks.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 1, Informative) by Anonymous Coward on Friday May 01 2020, @06:22PM (3 children)
If you are incapable of logging in and running a program from a text console, Slackware is not for you. If you are incapable of clicking the links on a slackbuilds.org page, Slackware is not for you.
For us, the hard requirement to have a brain is not a hard one to satisfy.
Myself, I *MUCH* prefer to provide whichever dependencies *I* deem necessary and in the ways *I* think it should be done, than let an automated tool root around in my system's libdirs doing whatever the *packager* decided and possibly breaking other stuff left, right and center. No thanks.
(Score: 0) by Anonymous Coward on Friday May 01 2020, @07:18PM (2 children)
I guess we can't all be geniuses like you. Some of us are so stupid we do things like sell our time for money and use that money to start families. Unfortunately being stupid and having something called a "life" (try finding a tarball on your favourite mirror) doesn't leave much time for genius level stuff like editing make files and proclaiming OMG 1337 on SN. Good luck with the system administration and evident lifelong relationship with your wrist.
(Score: 1, Touché) by Anonymous Coward on Friday May 01 2020, @08:02PM
Remember, trite bellyaching is a dead giveaway when you try to pass off as a winner.
(Score: 2) by Arik on Saturday May 02 2020, @02:58PM
Slack gives you more time, not less. I've tried all your "managed" distros and they all wasted my time. Slackware is gold because it does NOT waste my time.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Friday May 01 2020, @02:07PM (1 child)
Systemd makes it phone /home... and sell your data... mwhahahaha.
(Score: 0) by Anonymous Coward on Friday May 01 2020, @02:47PM
No need to sell your data when "the home directory is automatically encrypted" but it will be borked so only paid customers with Red Hat support subscriptions will have entitlement to run systemd-decrypt-systemd-ransomewared.
Step 3, Profit!!!
(Score: 2) by RedGreen on Friday May 01 2020, @02:32PM
So just how it is supposed to work for access to the dot files and directories in your /home/username? If it is encrypted then you need to login each time and remain logged in to run a service as your normal user on a server?
"I modded down, down, down, and the flames went higher." -- Sven Olsen
(Score: 1) by fustakrakich on Friday May 01 2020, @03:44PM
Oh... Never mind. I get it now
Time for a flamewar over which BSD is best
La politica e i criminali sono la stessa cosa..
(Score: 2) by RamiK on Friday May 01 2020, @04:45PM
NixOS users already have a third-party optional package called home-manager [github.com] that manages .dot files and user-level services and packages. I starting using it a while ago for the user-level packages (as well as some packages I wrote or overridden but haven't got around to upstream) and a few user-level services and settings (gpg, ssh, dunst, syncthing, pass, dark theme for GTK and Qt...) and it's pretty good. However, I didn't bother with most .dot files though since it takes a lot of work which isn't worth it to me.
Anyhow, I guess home-manager will just wrap some homed under the hood for this and that now and maybe get pulled into NixOS proper like systemd was treated.
IMHO, systemd+/-homed alone aren't worth it. Use something near-embedded like Void or Alpine or whatever if you want a light and simple system. Use NixOS/Guix if you want something fully integrated and well managed. The middle-ground where most distributions rest is just buggy, cumbersome and out of your control.
compiling...
(Score: 3, Informative) by DannyB on Friday May 01 2020, @05:15PM
You know how Parking Enforcement can put a boot on your car so that it can no longer be driven?
Now you can do the same thing to your computer! With systemd-boot! [freedesktop.org]
Coming Soon . . . systemd-kernel.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Insightful) by doke on Friday May 01 2020, @06:09PM (1 child)
Most of my systems are headless. I don't just need ssh. I need cron jobs, and some of them need access to my home directory.
(Score: 1, Informative) by Anonymous Coward on Friday May 01 2020, @07:26PM
You need to kneel before the alter of absolute unit Lennart Poettering and rewrite your anachronistic unix voodoo as systemd timer units. Still won't be able to access your home directory without an active login but you didn't seriously expect systemd developers to care about that did you?
(Score: 0) by Anonymous Coward on Friday May 01 2020, @06:16PM
Make simple task look hard to fool idiots.
(Score: 3, Interesting) by crafoo on Friday May 01 2020, @06:45PM
At what point is Linux no longer Linux? If most of your previous knowledge isn't applicable, and most of the important tools work differently, is it really the same OS or even an evolution of the same OS? Maybe this is a dumb comment, I don't know I'm not in the tech business I just use it as a day-to-day tool. So far I'm pretty happy using OpenBSD for whatever minor server needs I Have. It's even alright as desktop, but seems slower than Linux on the same machine.
(Score: 2) by Snospar on Friday May 01 2020, @07:29PM (14 children)
Short of moving to a non-systemd distro (and I am seriously considering the move from Debian after many, many years), what can we do to stop this sort of crap being forced upon us? I still don't understand how one person wields so much power and forces their way on the entire eco-system. Is Linux broken? I thought that the shit was supposed to sink to the bottom whilst the pickings were creamed off the top. If one person can shove his shit into the stack and everyone just has to suck it up and deal with it then maybe Linux isn't for me - after 20+ years. I know RH is financing this, and possibly MS too but surely the weight of numbers is not on their side, why did the other distro's just fall to the dark side?
Anybody have any experience of gaming on Devuan, with nVidia drivers and possibly VR thrown in? Maybe now is the time.
In my home, home is a local no-nonsense un-encrypted folder. LUKS or cryptmount work just fine for my privates, thank you.
Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
(Score: 3, Interesting) by meustrus on Friday May 01 2020, @08:02PM (2 children)
Playing devil's advocate here...
There are definite advantages to centralized control of the OS, whether it's implemented well or not. It's easier to get certain things to work consistently.
It's also new and shiny, and may be designed with modern features in mind. Legacy systems were not.
systemd works a lot more like Windows services. For better or worse, there's a whole lot of people out there who don't know Linux at all, but know Windows really well. This could be a move to make Linux easier for them to switch to.
All of this comes basically for free, whereas the legacy systems have no well-funded organizations to maintain them. And if it's really as easy to work with as they claim, more and more userspace stuff is likely to require it moving forward.
I'm sure all the distro maintainers have their reasons. It's only the more ambitious ones that are taking up systemd. The ones like Canonical, who are earnestly trying to make Ubuntu a major player on commodity devices for non-technical users. The cost savings of letting Red Hat maintain these shiny new systems are probably enough, let alone the possibility that in a pure-systemd ecosystem, things should Just Work almost as well (or as poorly) as they do on Windows and OS X.
tl;dr, maybe all the ambitious Linux distros are collectively deciding to pool their resources and make their distros more consistent with each other and with expectations from outside the Linux world, and Poettering is the only one in a position to drive the design of New Linux.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 2) by Snospar on Friday May 01 2020, @09:07PM (1 child)
Wow. I don't know where to start with this. Linux is the new shiny, we got rid of those "Legacy" elements and it was working just fine until someone with solutions for corner cases came along, and I agree, came along with a Windows mindset. Windows will die from the Linux cancer and we will all be better off for it (can't remember the source but fully agree). MS and Windows stifled desktop computing for years by forcing everyone down the Windows/Office/VB route where Linux offers the chance to make modern systems truly fulfil their potential.
If people "know Windows really well" but find it hard to switch to modern Linux then I don't think this discussion need worry about them, I can pretty much make an old PC look like a Windows box and those people will get along just fine (without worrying about all the Windows viruses and malware). If you mean IT systems people who are Windows focused and scared to try anything else then yes, they too will struggle but my last comment applies to them too. Again, not sure what that adds to a systemd-home debate.
"All of this comes basically for free" WTF? You do know that the freedom in Linux is not talking primarily about cost right? Freedom from tyranny? The tyrant in this debate is obvious (just in case: it's not Linux).
I can't go on, you don't appear to have a clue.
Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
(Score: 2) by meustrus on Monday May 04 2020, @03:13PM
I did say I was playing devil's advocate. I don't actually like systemd. Although I don't typically venture low enough on the stack to really be affected by it.
Linux is 30 years old. It has accumulated many, many unsustainable conventions to make up for design deficiencies that I think we still don't have a great handle on. The littering of hidden config files in the home directory is one of the worst.
The people I was talking about are Windows focused. For better or worse, the tools for controlling huge swarms of inconsistent Windows machines in the enterprise are the best. I've seen one of those Windows-focused admins at work, and control they have with group policy is wizardry.
A lot of those tools actually aren't possible on Linux without a centralized controller daemon like systemd. It should make sense, because the whole point of them is to slave your machine to corporate policy.
I know full well the two meanings of the word "freedom". People talk a lot about "free as in [free] beer". That's the money kind. GNU and the Free Software movement are talking the liberty kind, but they are not nearly as relevant as the Open Source Software movement, which really doesn't care. Which side do you think Canonical is on, really?
--
Now let me backpedal a bit, because I do not want to be mistaken for being pro-systemd around here, even in the abstract. Controlling "huge swarms of inconsistent...machines in the enterprise" is not actually the best way to manage things. I've seen a glimpse of the future, and it is vastly superior in every possible way.
I'm talking about disposable VMs. Set up your enterprise tools once and ship it out. Put all user data on a persistent volume that's mounted on the side. Update your tools by updating the VM; user data should not be affected since outside that persistent volume, there should be nothing making that machine a snowflake.
Not like Windows machines, where despite all the enterprise controls we are still expected to basically run our own unaudited binary blobs to get most anything useful done.
I'll also argue that this "homed" idea is kind of pointless here. If your goal is to make home directories portable and encrypted, they should be a separate volume to begin with. The VM manager is perfectly capable of decrypting and mounting that volume without a daemon wasting cycles on the client OS.
Granted, none of this affects the many Linux servers that ran standard configuration for many years without systemd. It's always been possible to configure Linux to work correctly, and to replicate that configuration as often as you like. I don't think Microsoft-style group policy is necessary. I just recognize that the tool is powerful, and there are many sysadmins who are reluctant to give it up in favor of futzing with config files and ad hoc rsync.
Really, the biggest difference between Windows and Linux administration is about required brain power. Administering a Linux system requires a solid understanding of how computers work. It often requires writing your own scripts that tinker with the innards of the OS.
Administering Windows, by contrast, is supposed to be easy. It's the career path for failed Com Sci majors, the kind who just couldn't understand linked lists. Microsoft has put a lot of energy into making its tools powerful, expressive, and easy to use.
--
How about a car analogy? Working with Linux is like working on a car from the 60s: lots can go wrong, but if you know how the thing works it's easy to fix, even easy to hack together the spare parts you can't find. Working with Windows is like working on a car from now: completely inaccessible to the hacker in the garage, but much easier to train the grease monkeys in the shop to use the nice multi-thousand $$ tools to interact with all the electronics and do the kind of basic maintenance that is 99% of their jobs (and probably 100% of what is profitable).
There's a lot more professional shops in the world now than hackers in garages. If you don't like it, that's a much bigger economic/political problem than just the direction of Linux. Poettering is far from the Sith Lord pulling the strings here. If you want our culture to swing back in the direction of freedom from corporate tyranny, lobby to (punitively) regulate silicon valley and wall street, break up the banks and telcos, and neuter IP law. Oh, and somehow figure out how to keep China from drinking our milkshake while it all shakes out.
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 1) by DECbot on Friday May 01 2020, @08:09PM (3 children)
I have Devuan Ascii on a Thinkpad 420s running Minecraft and Diablo II (wine). Not really any serious gaming though--I have no more time for that. Devuan is pretty much Debian with the systemd-shim package and sysvint packages installed by default and curated to curb any systemd package dependencies. For a running Debian Jessie system, you can actually point the repositories over to Devaun and migrate off of systemd [devuan.org].
cats~$ sudo chown -R us /home/base
(Score: 2) by Snospar on Friday May 01 2020, @09:18PM (2 children)
I've read several articles pointing down the direct Debian -> Devuan migration but those folk are way more foolhardy than me, if I semi-nuke my main machine I am still (semi)nuked :-(
Others seem to have Steam up and running on Devuan so I will carve out a new partition and give it a spin.
Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
(Score: 1) by DECbot on Friday May 01 2020, @09:48PM (1 child)
Devuan Jessie was deliberately made to be a direct migration from Debian Jessie. My Wheezy to Devuan Jessie odyssey was a successful attempt to prolong the life of my decade old mail server which I understand was a better migration path than Wheezy to Debian Jessie (which was the first release with systemd). I have no experience if other releases of Debian can be migrated to Devuan.
cats~$ sudo chown -R us /home/base
(Score: 2) by Snospar on Friday May 01 2020, @11:12PM
Yes, I think the people expecting to go for Devuan as a drop-in Debian replacement are at best brave. I tend to do a full backup and fresh install every couple of years so I think I'll give Devuan a try on the next rotation or sooner if this systemd nonsense forces my hand.
Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
(Score: 5, Informative) by rleigh on Friday May 01 2020, @08:55PM (6 children)
What can we do? Nothing. At least, not directly.
I spent years arguing the case for init system diversity, and the dangers of the hegemony which would result, when I was in a position where I might have been heard as a Debian developer. We lost the argument. The GNOME developers forced it in through some acts of ridiculous brinksmanship which went to swaying the argument in their favour. This was due to GNOME taking on a hard systemd dependency, thereby forcing the distributions into a Hobson's choice of having to adopt systemd if they wanted to continue to use GNOME. Personally, I think dropping GNOME would have been the wiser course of action. It's not like there aren't a dozen perfectly viable alternatives which aren't maintained by belligerent assholes. But that's all moot. We lost, and we're living in a systemd world now, at least for mainstream Linux.
Is Linux broken? Yes, it is.
I'd love to find it again, but around 20 years ago there was a quote from IIRC Marc Ewing or Bob Young, which was (paraphrased) about how Red Hat would have to be a careful corporate steward of open source projects to avoid damaging the open source ecosystem which was the goose which was laying the golden eggs that they took to profit from, the implication being that they wanted to co-exist with the open source community for mutual benefit, and being too aggressive could damage it irreparably. I wish I could find the specific quote. But when you look at how they've taken so much responsibility upon themselves, and absorbed open source project after project (e.g. util-linux), I think that we're getting to the point where mainstream "Linux" is defined solely by RedHat as a corporate product, sanitised, controlled and standardised. In such an ecosystem, alternative approaches to doing things are not tolerated. And when they control every basic project, they can change the whole lot on a whim. In earlier times, you'd have to convince a dozen separate project that your change was right before you could get it in. That set a high bar for changes, and eliminated bad ideas and overly disruptive ideas.
Why did the other distributions fall?
A combination of several factors. Fear of being left behind. Fear of not being able to maintain their own alternative set of tools. Laziness. Failure of confidence. Debian used to go head-to-head with everything RedHat did. It was almost completely independent. initramfs-tools, initscripts, kernel, tools for configuring all the basic stuff like networking with ifupdown, everything was maintained and developed in-house. Dedicated kernel team. initramfs-tools and initscripts were 100% developed by Debian developers for Debian. Same with ifupdown. And look at Gentoo OpenRC and runscripts. A step up again. The RedHat alternatives like dracut were inferior in capabilities. And the less said about the RedHat initscripts the better. There's a reason they above all others wanted to ditch them. Their system was technically inferior to the free alternatives in many aspects.
My take on this is that people like myself and the other diligent Debian developers were perfectly competent and capable to maintain Debian for the future. We didn't need to kowtow to RedHat. But others disagreed and (effectively) forced us out. Mainly the GNOME and systemd guys. My last years in Debian were far from pleasant. The future I had in mind was to do a non-breaking migration to OpenRC. A good amount of preliminary work was already done on this to allow OpenRC to work with LSB initscript headers for backward compatibility. That would also have permitted swapping out sysvinit down the line as well (as you can with Gentoo). We could have had s6 or other alternative inits. Responsiveness to dynamic events. Parallel startup. All without systemd. The old Debian would have loved to have an open, flexible, extensible, customisable system.
With the RedHat/systemd hegemony, Debian has essentially been forced to replace all its own technology with RedHat's equivalents. The systemd proponents will all argue in favour of uniformity and standardisation. I don't see it that way. Diversity has its advantages, and competition drives forward progress. The success of Linux was entirely down to its adaptability, and being like the Wild West was part of the charm. Corporate interests don't usually see things that way though. Having our direction controlled by one person or team is a big disadvantage over dozens of teams all trying different things out and selecting for the better outcomes.
Why does one person have so much influence?
I don't know. It doesn't make much sense. I don't know why his antics are tolerated even within RedHat let alone everywhere else. If I behaved like he does, I'd be fired. He's got talent, but his ego is too big and he behaves like a giant douchbag. There need to be checks and balances. Quite why there isn't more corporate oversight within RedHat is a bit of a mystery. He's bitten off far more than he can chew, and as I've said before, it's only a matter of time before the whole overcomplicated and unmaintainable edifice comes crashing down around him as he paints himself into an architectural corner. It's an inevitability.
Alternatives?
I went to FreeBSD. In many ways, it felt like Debian did back in the early 2000s, and I mean that in a good way. I spent over 22 years using Linux on the desktop, but it's not the be all and end all of free software. There's plenty more of it around. When the well has been this thoroughly poisoned, leaving is the only option. It's not like I was married to Linux, but I am sad that we had to break up like this. I also have Windows 10 and MacOS desktops. I keep a Debian VM around for nostalgia, but rarely use it.
(Score: 2) by Snospar on Friday May 01 2020, @09:14PM
Thank you for such an excellent, yet equally depressing response :-)
I've touched my foot to the BSD waters before and found I couldn't continue because of a lack of hardware support or even things like Steam. Maybe it is time to try again but I resent the push from these tyrants: I like Linux, I'm used to it, comfortable with it and happy with it. How dare they come into my yard (/home) and break my toys!
Huge thanks to all the Soylent volunteers without whom this community (and this post) would not be possible.
(Score: 0) by Anonymous Coward on Friday May 01 2020, @10:16PM
Funny you should mention that because behind nearly every RedHat unit file is a call to the original (unaltered) initscript hidden away in a different directory. Or sure, RedHat cleaned up some of their service startups with proper, clean unit files. But most of the system is still just running original bash initscripts under the systemd layer. Those scripts could have been left in the /etc/init directories as originally intended until such time as clean build unit files replaced them. But nope, that would just look bad, as if systemd really wasn't replacing the entire init system as advertised.
(Score: 1) by DECbot on Friday May 01 2020, @10:30PM (1 child)
I have seen in the Devuan news group that they are trying to move Devuan from sysvinit to OpenRC in a non-breaking way. I'm no more than a user, but I know they are looking for testers and developers to help. That looks to be very closely related to what you were doing with Debian. Granted, I'm not sure if you want to dabble in linux development again. Just wanted to bring that to your attention if you hadn't seen it elsewhere.
cats~$ sudo chown -R us /home/base
(Score: 1) by DECbot on Friday May 01 2020, @10:36PM
To add... they were discussing how to manage systemd unit files. If I recall and follow the discussion correctly, they were debating if they should migrate the unit files to something Devuanish when added to the repos or if a utility on the user's system should parse them on boot. I haven't yet read the outcome of the discussions as I put my mail server in storage the past month during a home move and I didn't stand up a VPS as I didn't have anything too critical going to those email accounts.
cats~$ sudo chown -R us /home/base
(Score: 0) by Anonymous Coward on Saturday May 02 2020, @03:30AM (1 child)
Lennart is doing a lot to push vendor lock-in, so RedHat is very happy. You say tolerate... I say they encourage him. And I do not seem to be the only that thinks so, check many other replies in this story.
Pity that you dropped out of Debian. It would be nice if Devuan or some other place could become your new home. It is clear that we will need to become a classic Linux, just like all the BSDs are mostly out of the radar, while RH goes with their Linux (pronounced Lennux).
(Score: 2) by rleigh on Saturday May 02 2020, @08:44AM
I was peripherally involved with Devuan in its early days. But I'm afraid that my days of being involved in distribution maintenance are likely over.
I didn't just drop out because of systemd. That was the straw which broke the camel's back. I was also suffering from RSI. And working in a full-time job and then spending every other waking moment working on Debian just wasn't sustainable for the long term. I still suffer from RSI today, and I cope by keeping my time programming within certain limits. In my day job, I'm a software engineer. So that greatly curtails what I can do out of work hours. It limits me to occasional contributions to various free software projects of interest, but not sustained ongoing commitment to a big project like Debian.
Additional to that, the communities themselves also changed dramatically. I got out when it ceased to be enjoyable. Working on Debian used to be a pleasure, and I took great pride in what I did. It became an unpaid but ongoing commitment which became stressful and unpleasant, but the unwritten self-obligation to continue participating kept me in. Toward the end, I used to dread opening my mail client to see what vitriol had been sent that day from the systemd side. I got out because it was affecting my mental wellbeing and making me deeply unhappy.
Because of all these factors, I just don't have the motivation to be part of a big project like this again. Too much politics, too much misplaced anger, and too little respect for other people.
(Score: 2) by chewbacon on Friday May 01 2020, @07:59PM
My Ubuntu NAS kept breaking and I jumped over to FreeNAS. Started learning about BSD from there and I haven't looked back. Everything works. Home directory works, rc.d works. Never thought I'd embrace the idea: if it ain't broke, don't fix it.
(Score: 0) by Anonymous Coward on Friday May 01 2020, @08:09PM
Linux is a coherent system because kernel maintenance is a central point of control managed by a guy that made good choices.
SystemD was supposed to be a new init system to control the starting and stopping of various systems.
Now it seems to be in control of setting up environments when a user logs in. Ok, so I guess it's replacing init and login. Can't work on these separately, but still talking about starting and stopping stuff. maybe ok.
Now it wants to replace the user directory? That's not about starting and stopping stuff, but rather the thing being started and stopped.
How do I swap one out without the other?
I can't make a Linux system without the kernel. That brings in a benevolent dictator I'm comfortable with.
SystemD appears to be approaching a model where I can't have a system without it.
That would make it a second point of control for what LInux is overall.
That makes for a second dictator competing for control of what LInux is.
Maybe SystemD is more that just a unilateral direction for the init system.
Like the kernel, if enough system depend on it, Then it is a lever for grabbing control of the overall direction of Linux.
(Score: 2) by boltronics on Saturday May 02 2020, @05:19AM
Just use full HDD encryption with LUKS. No need to encrypt and decrypt files on login and logout, as the decryption keys are unlocked at boot.
Advantages:
* You can put the /boot partition on a USB stick and take that with you, leaving you with a 100% encrypted disk that can't be unlocked by anyone.
* No problems with SSH access. Once booted, everything works as it normally would. I've been using this for years, and it's a lot safer having almost everything encrypted rather than only home directories.
* It's more portable! You can unplug the HDD (eg. if it's a USB-attached HDD) and plug it into a different machine and boot from it. All your UIDs, GIDs, files, etc. are all there! I used to do this with Gentoo on a USB HDD back in the day when I went to RMIT, and wanted to access my own files quickly and be able to use all my usual applications instead of some Windows OS (well, until they saw me do this via security camera and told me off for breaching their security policies or some BS...).
* These days the OS itself is tiny relative to things you typically find in /home. In my case I have about 6Tb of data, and only around 5Gb of that is the OS (which is already extremely bloated). Seriously, taking the OS with you these days is fine. This would have been more useful 20+ years ago...
* It's more simple. Less things to go wrong.
Disadvantages:
* Too easy - probably won't help RedHat sell support contracts.
Honestly, I don't see the point in what Poettering is trying to do here. However I can't say that I particularly hate it - provided:
* Separate home directory encryption is not mandatory
* Tools and scripts that use getent continue to work (ie. getent is updated to support reading from homed).
* The implementation is simple and stable
and
* It's optional and easy to switch off / revert to the traditional approach.
If distributons mandate it, it's not fully stable or it tries to slow down my system by doubly-encrypting my home directories (since I'm already doing full disk encryption), well if that happened, then I really would hate it.
It's GNU/Linux dammit!
(Score: 0) by Anonymous Coward on Saturday May 02 2020, @09:51AM (1 child)
This is an April fools joke, isn't it?
(Score: 2) by Thexalon on Saturday May 02 2020, @03:13PM
As much of one as Diablo Immortal.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 0) by Anonymous Coward on Saturday May 02 2020, @08:13PM
so this is one of them big tentacles where having systemD managed OS is required to be able to transfer your home from one machine to another?
once you give your /home to systemD there's no way going back?
how goes the saying "once you go systemD you never (can) go back"?
(Score: 0) by Anonymous Coward on Sunday May 03 2020, @08:36AM
Current advice is to "mask systemd-homed.service"
I take it this means this: systemctl disable systemd-homed
I guess that means one more thing to do on install after changing the screen resolution and other crap.
Read this: https://askubuntu.com/questions/907246/how-to-disable-systemd-resolved-in-ubuntu [askubuntu.com]
and tell me that systemd isn't a clusterfuck