I’m so tired of reading this stupid argument. “People only dislike systemd because they’re afraid of change.” No, there are plenty of other concerning issues about it. I could probably write about a lot of problems with systemd (like the fact that my work laptop never fucking shuts down properly), but here’s the real issue:
Do you really think it’s a good idea for Red Hat to have total control over the most important component of every mainstream distro in existence?
Let’s consider an analogy: in 2008, Chrome was the shit. Everyone loved it, thought it was great and started using it, and adoption reached ~20-30% overnight. Alternatives started falling by the wayside. Then adoption accelerated thanks to shady tactics like bundling, silently changing users’ default browser, marketing it everywhere and downranking websites that didn’t conform to its “standards” in Google search. And next, Chrome adopted all kinds of absurdly complex standards forcing all other browser engines to shut down and adopt Chrome’s engine instead because nobody could keep up with the development effort. And once they achieved world domination, then we started facing things like adblockers being banned, browser-exclusive DRM, and hardware attestation.
That’s exactly what Red Hat is trying to pull in systemd. Same adoption story - started out as a nice product, definitely better than the original default (SysVInit). Then started pushing adoption aggressively by campaigning major distros to adopt it (Debian in particular). Then started absorbing other standard utilities like logind and udev. Leveraging Gnome to push systemd as a hard dependency.
Now systemd is at the world domination stage. Nobody knew what Chrome was going to do when it was at this point a decade ago, but now that we have the benefit of hindsight, we can clearly see that monoculture was clearly not a good idea. Are people so fucking stupid that they think that systemd/Red Hat will buck that trend and be benevolent curators of the open source Linux ecosystem in perpetuity? Who knows what nefarious things they could possibly do…
It uses a completely different paradigm of process chaining and management than POSIX and the underlying Unix architecture.
That’s not to say it’s bad, just a different design. It’s actually very similar to what Apple did with OS X.
On the plus side, it’s much easier to understand from a security model perspective, but it breaks some of the underlying assumptions about how scheduling and running processes works on Linux.
So: more elegant in itself, but an ugly wart on the overall systems architecture design.
It uses a completely different paradigm of process chaining and management than POSIX and the underlying Unix architecture.
I think that’s exactly it for most people. The socket, mount, timer unit files; the path/socket activations; the After=, Wants=, Requires= dependency graph, and the overall architecture as a more unified ‘event’ manager are what feels really different than most everything else in the Linux world.
That coupled with the ini-style VerboseConfigurationNamesForThatOneThing and the binary journals made me choose a non-systemd distro for personal use - where I can tinker around and it all feels nice and unix-y. On the other hand I am really thankful to have systemd in the server space and for professional work.
I’m not great at any init things, but systemd has made my home server stuff relatively seamless. I have two NASs that I mount, and my server starts up WAY faster than both of them, and I (stupidly) have one mount within the other. So I set requirements that nasB doesn’t mount until nasA has, then docker doesn’t start until after nasB is mounted. Works way better than going in after 5 minutes and remounting and restarting.
Of course, I did just double my previous storage on A, so I could migrate all of Bs stuff back. But that would require a small amount of effort.
I agree that quadlets are pretty ugly but I’m not sure that’s the ini style’s fault. In general I find yaml incredibly frustrating to understand, but toml/ini style is pretty fluent to me. Maybe just a preference, IDK.
Technically, sysv everything was just a file full of instructions for the shell to parse and initialize. Human readable “technically”. It was simple and light weight. SystemD is a bit heavier and more complex as a system service binary. But that load and complexity is generally offset by added features that are extremely nice to have. Providing much more standardized targets and configuration iirc.
I had to search and dig trying to figure out how to set up services properly for my distro, back in the 90s. And when/how to start/restart them. There wasn’t one way to do it all. SysD made it all much more standard, simple, and clear. It’s biggest sin, is that it’s one more binary attack surface that might be exploited.
Init scripts are just scripts. Technically, they don’t introduce any unique vulnerabilities of their own. Just the flaws in the shell itself or server binaries. A poorly written script absolutely can and will still fuck your day up.
SystemD is a program. Which could introduce its own unique buffer overflows or use after free opportunities. I’ve not heard of any. But its possible. However, its standard set of interfaces and systems make the risks of writing your own bad scripts or just using other people’s random bad scripts like we used to much less an issue.
Nobody is packaging a standard init script across all distros, basically. A script is expected to be unique per machine or at least per admin setting up a set of machines. A binary could have a secret exploit installed in it that nobody can see/audit before it’s too late.
At least that’s the theory. Personally I love systemd
Yeah, sysv init is all just scripts under the hood, and it’s a bit fragile/arcane. You have to write a bunch of files by hand, reference them correctly, and place and link them in the right directories. Systemd is a bit better, I have to admit that.
I haven’t been an opponent but I must admit, when you have headless machine of different arch (so no chroot) you try to make connect to LAN and start sshd, managing those links in those directories feels more like shooting in the dark. In that case simple scripts in a dir were easier
When the drama started, the argument of my anti-systemd friend was that it goes against unix philosophy of one program do one thing only. But eventually even him turned on and become a fan.
I honestly don’t get what people were so up in arms about, besides just not wanting to change what already worked for them.
I’m so tired of reading this stupid argument. “People only dislike systemd because they’re afraid of change.” No, there are plenty of other concerning issues about it. I could probably write about a lot of problems with systemd (like the fact that my work laptop never fucking shuts down properly), but here’s the real issue:
Do you really think it’s a good idea for Red Hat to have total control over the most important component of every mainstream distro in existence?
Let’s consider an analogy: in 2008, Chrome was the shit. Everyone loved it, thought it was great and started using it, and adoption reached ~20-30% overnight. Alternatives started falling by the wayside. Then adoption accelerated thanks to shady tactics like bundling, silently changing users’ default browser, marketing it everywhere and downranking websites that didn’t conform to its “standards” in Google search. And next, Chrome adopted all kinds of absurdly complex standards forcing all other browser engines to shut down and adopt Chrome’s engine instead because nobody could keep up with the development effort. And once they achieved world domination, then we started facing things like adblockers being banned, browser-exclusive DRM, and hardware attestation.
That’s exactly what Red Hat is trying to pull in systemd. Same adoption story - started out as a nice product, definitely better than the original default (SysVInit). Then started pushing adoption aggressively by campaigning major distros to adopt it (Debian in particular). Then started absorbing other standard utilities like logind and udev. Leveraging Gnome to push systemd as a hard dependency.
Now systemd is at the world domination stage. Nobody knew what Chrome was going to do when it was at this point a decade ago, but now that we have the benefit of hindsight, we can clearly see that monoculture was clearly not a good idea. Are people so fucking stupid that they think that systemd/Red Hat will buck that trend and be benevolent curators of the open source Linux ecosystem in perpetuity? Who knows what nefarious things they could possibly do…
But there are hints, I suppose. By the way, check out Poettering’s new startup: https://news.ycombinator.com/item?id=46784572
It uses a completely different paradigm of process chaining and management than POSIX and the underlying Unix architecture.
That’s not to say it’s bad, just a different design. It’s actually very similar to what Apple did with OS X.
On the plus side, it’s much easier to understand from a security model perspective, but it breaks some of the underlying assumptions about how scheduling and running processes works on Linux.
So: more elegant in itself, but an ugly wart on the overall systems architecture design.
I think that’s exactly it for most people. The socket, mount, timer unit files; the path/socket activations; the
After=,Wants=,Requires=dependency graph, and the overall architecture as a more unified ‘event’ manager are what feels really different than most everything else in the Linux world.That coupled with the ini-style VerboseConfigurationNamesForThatOneThing and the binary journals made me choose a non-systemd distro for personal use - where I can tinker around and it all feels nice and unix-y. On the other hand I am really thankful to have systemd in the server space and for professional work.
I’m not great at any init things, but systemd has made my home server stuff relatively seamless. I have two NASs that I mount, and my server starts up WAY faster than both of them, and I (stupidly) have one mount within the other. So I set requirements that nasB doesn’t mount until nasA has, then docker doesn’t start until after nasB is mounted. Works way better than going in after 5 minutes and remounting and restarting.
Of course, I did just double my previous storage on A, so I could migrate all of Bs stuff back. But that would require a small amount of effort.
I’ve started doing podman quadlets recently, and the ini config style is ugly as hell compared to yaml (even lol) in docker compose.
I agree that quadlets are pretty ugly but I’m not sure that’s the ini style’s fault. In general I find yaml incredibly frustrating to understand, but toml/ini style is pretty fluent to me. Maybe just a preference, IDK.
Technically, sysv everything was just a file full of instructions for the shell to parse and initialize. Human readable “technically”. It was simple and light weight. SystemD is a bit heavier and more complex as a system service binary. But that load and complexity is generally offset by added features that are extremely nice to have. Providing much more standardized targets and configuration iirc.
I had to search and dig trying to figure out how to set up services properly for my distro, back in the 90s. And when/how to start/restart them. There wasn’t one way to do it all. SysD made it all much more standard, simple, and clear. It’s biggest sin, is that it’s one more binary attack surface that might be exploited.
Why are binaries uniquely attackable in a way that init scripts aren’t?
Init scripts are just scripts. Technically, they don’t introduce any unique vulnerabilities of their own. Just the flaws in the shell itself or server binaries. A poorly written script absolutely can and will still fuck your day up.
SystemD is a program. Which could introduce its own unique buffer overflows or use after free opportunities. I’ve not heard of any. But its possible. However, its standard set of interfaces and systems make the risks of writing your own bad scripts or just using other people’s random bad scripts like we used to much less an issue.
Nobody is packaging a standard init script across all distros, basically. A script is expected to be unique per machine or at least per admin setting up a set of machines. A binary could have a secret exploit installed in it that nobody can see/audit before it’s too late.
At least that’s the theory. Personally I love systemd
Yeah, sysv init is all just scripts under the hood, and it’s a bit fragile/arcane. You have to write a bunch of files by hand, reference them correctly, and place and link them in the right directories. Systemd is a bit better, I have to admit that.
I haven’t been an opponent but I must admit, when you have headless machine of different arch (so no chroot) you try to make connect to LAN and start sshd, managing those links in those directories feels more like shooting in the dark. In that case simple scripts in a dir were easier
When the drama started, the argument of my anti-systemd friend was that it goes against unix philosophy of one program do one thing only. But eventually even him turned on and become a fan.