| View previous topic :: View next topic |
| Author |
Message |
depontius
Advocate
Joined: 05 May 2004
Posts: 3509
|
 Posted: Mon Mar 09, 2015 3:16 pm Post subject: |
 |
|
Next..... V4
https://lkml.org/lkml/2015/3/9/340
No discussion as of this posting. I'm sure that will change.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
 |
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Mon Mar 09, 2015 3:44 pm Post subject: |
|
|
| Greg Kroah-Hartman wrote: | Reasons why this should be done in the kernel:
Performance: This is really important for a whole class of userspace programs rely on hundreds of thousands of messages passed at boot time, and at "critical" times in their user interaction loops. |
ie: badly-designed programs.
Didn't we have the "GDM sends 5000 messages a second" or some such nonsense from this guy before? To which everyone just said "so don't do that, then."
| Quote: | | DBus marshaling is the de-facto standard. |
dbus is crap. It encourages bad design by providing the illusion that "performance-critical" code can be written without thought.
Quite apart from the design problems inherent in both shoving everything down one "bus", and in faking RPC in order to pretend the GPL doesn't matter, which only leads to a less performant solution. Yet performance is the main reason to push it into the kernel, without even looking at why the performance sucks, and how to correct that algorithmically, instead of hoping you can push the problem on to someone else.
| Quote: | | security people are much happier with this model than the current scheme |
..which again is more a problem of the current grand "scheme" than anything else.
Ditch that and you have a lot less to worry about, since each problem is small, instead of inappropriately-coupled to every other domain.
| Quote: | | More types of metadata can be attached to messages than in userspace |
Crap. You can attach what you want where you want; whether the other side understands it is another matter, and nothing to do with the transport.
| Quote: | | Semantics for apps with heavy data payloads (media apps, for instance) with optinal priority message dequeuing, and global message ordering. .. I'm not saying that this is the best model for this, but until now, there wasn't any other way to do this without having to create custom "buses", one for each application library. |
Pure lie, and he knows it. TIPC provides all of this, as was discussed several years ago.
| Quote: | | Without priority-inheritance, this is not possible in a secure manner (see 'priority-inheritance'). |
As if the only way to get priority-inheritance is via kdbus. What nonsense.
Anyone would think POSIX hadn't sorted this out in the early 1990s.
| Quote: | | Logging-daemons often want to attach metadata to log-messages so debugging/filtering gets easier. |
Something tells me this is about one specific "logging-daemon" that is laughably inept.
| Quote: | | If short-lived programs send log-messages, the destination peer might not be able to read such metadata from /proc, as the process might no longer be available at that time. |
Oh fgs, this is no reason to push this crapfest into the kernel. Go back to the drawing board after you've read up on TIPC properly.
And leave the userland coding to people who know what they're doing, and have actually done the research.
| Quote: | | We don't want to spend hundreds of ms just to transmit those messages. |
So again: if it hurts, don't do that. Stop shoving loads of crap around that no-one needs, just to make-work for the boys who durr-durr.
Totally lame, imnsho. |
|
| Back to top |
|
|
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6920
|
| Posted: Mon Mar 09, 2015 6:04 pm Post subject: |
|
|
| steveL wrote: | | Greg Kroah-Hartman wrote: | Reasons why this should be done in the kernel:
Performance: This is really important for a whole class of userspace programs rely on hundreds of thousands of messages passed at boot time, and at "critical" times in their user interaction loops. |
ie: badly-designed programs. |
What, you don't run a 100K-user dialup terminal server during your boot process like everyone else? /s |
|
| Back to top |
|
|
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Tue Mar 10, 2015 8:43 am Post subject: |
|
|
| Ant P. wrote: | | What, you don't run a 100K-user dialup terminal server during your boot process like everyone else? /s |
Ah so that's what "multi-seat" means.. thanks for clarification. ;-) |
|
| Back to top |
|
|
schorsch_76
Guru
Joined: 19 Jun 2012
Posts: 450
|
| Posted: Mon Mar 30, 2015 6:44 pm Post subject: |
|
|
It seems it happened again. Now systemd forks the linux kernel.
Is this a hoax? April 1st is near .... But the github repo shows a full linux tree under linux.... 
| Quote: | The systemd Project Forks the Linux Kernel
The systemd project began as an alternative implementation of init, the software which brings an operating system on-line when a computer boots. Traditionally, Linux distributions have used either the SysV init software or Upstart. While these older init systems had their benefits, systemd developers saw room for improvement and the chance to leverage several underutilized features available to modern Linux distributions. Using systemd, distributions are able to more easily start services in parallel, simplify service dependencies and make easier use of cgroups.
|
http://distrowatch.com/weekly.php?issue=20150330#community
https://github.com/systemdaemon/systemd/tree/master/src/linux |
|
| Back to top |
|
|
Naib
Watchman
Joined: 21 May 2004
Posts: 6051
Location: Removed by Neddy
|
| Posted: Mon Mar 30, 2015 7:52 pm Post subject: |
|
|
Prob April 1st... Use to be till midday... Then the day... More and more it is spreadyling to the week of...
_________________
| Quote: | | Removed by Chiitoo |
|
|
| Back to top |
|
|
miket
Guru
Joined: 28 Apr 2007
Posts: 488
Location: Gainesville, FL, USA
|
| Posted: Tue Mar 31, 2015 2:37 am Post subject: |
|
|
| schorsch_76 wrote: | | https://github.com/systemdaemon/systemd/tree/master/src/linux |
For all those users posessed by the system daemon: now they're forked.
April fools or not. |
|
| Back to top |
|
|
roki942
Apprentice
Joined: 18 Apr 2005
Posts: 285
Location: Seattle
|
| Posted: Tue Mar 31, 2015 4:52 am Post subject: |
|
|
Must be why they were so quite and polite with Kbus v4.
Their own playground where they can drop support of kernel items however they wish.
I only wonder if the other distros will support both and if they do, will they bring back a non-systemd choice.
Edit: Oh well, I also fell for geNToo 
Last edited by roki942 on Tue Mar 31, 2015 7:53 am; edited 1 time in total |
|
| Back to top |
|
|
augustin
Guru
Joined: 23 Feb 2015
Posts: 318
|
|
| Back to top |
|
|
Yamakuzure
Advocate
Joined: 21 Jun 2006
Posts: 2283
Location: Adendorf, Germany
|
| Posted: Tue Mar 31, 2015 12:18 pm Post subject: |
|
|
And even if... So many times the linux kernel was forked, and nobody gave any fork about it.
_________________
Important German:- "Aha" - German reaction to pretend that you are really interested while giving no f*ck.
- "Tja" - German reaction to the apocalypse, nuclear war, an alien invasion or no bread in the house.
|
|
| Back to top |
|
|
krinn
Watchman
Joined: 02 May 2003
Posts: 7470
|
| Posted: Tue Mar 31, 2015 1:36 pm Post subject: |
|
|
Bad april joke.
To be a good one, you must made one that nobody could possibly trust as truth.
systemd forking kernel is really not something i couldn't think as true.
A good one for systemd would be: "we decide to split all tools in their own package and no deps on each other". |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3509
|
| Posted: Tue Mar 31, 2015 3:16 pm Post subject: |
|
|
Simpy proof that systemd should not have absorbed ntp functions - with a date error like this.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
mrbassie
l33t
Joined: 31 May 2013
Posts: 772
Location: over here
|
| Posted: Tue Mar 31, 2015 3:56 pm Post subject: |
|
|
| depontius wrote: |
Simpy proof that systemd should not have absorbed ntp functions - with a date error like this. |
|
|
| Back to top |
|
|
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Tue Mar 31, 2015 4:40 pm Post subject: |
|
|
| krinn wrote: | | A good one for systemd would be: "we decide to split all tools in their own package and no deps on each other". |
LMAO brilliant :-)
In a shock move, Lennart Poeterring today announced, that he has "seen the light" and decided to split out all the various projects systemd has subsumed.
| Poeterring wrote: | Well, I finally got round to reading "The Art of Unix Programming", and I must say I really liked the idea of being a master to various underlings.. after a while though, Doug McIlroy's description of tying everything with textual data, started to make a lot of sense; it's certainly a lot less faffing around than we do in dbus, which as we all know has become something of an embarrassing bottleneck.
I've never been able to really work out floating-point either, and do you know, the Standard C library has lots of interfaces to deal with just that to and from strings? So why not let it do the hard-work, and keep data in a format humans can debug and read from wherever they like? It's much better integrated than anything we could do, so why not just use it?
I'm still not sure about shell, though, as I can't actually write shell.. maybe one of these other books will illuminate things.. |
In response, Kay Sievers denounced Poeterring as an "apostate" and declared he (or rather "the board") has excommunicated him from the Church of Systemdology, causing the first schism in this heretofore unknown religion, declared for tax purposes in the Pacific Ocean, but operating as a religion (and taking advantage of generous tax subsidies) in the US, and about to open a "chapter" in Luxembourg.
In other news, Linus Torvalds declared himself the master of the Borg, who have infiltrated all government networks, using SkyPEnet as an infection vector, and declared the start of the new 5000 year epoch, so he "won't have to deal with idiotic clocking in CPUs ever again.." |
|
| Back to top |
|
|
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Thu Apr 02, 2015 5:48 pm Post subject: |
|
|
Great quote, imo (emphasised):
| Steve Litt wrote: | Please don't call them bullies. That gives them a power they just don't have, and makes [unix-loving] giants seem like victims.
Call them what they really are: Sissies so scared of Red Hat they do Red Hat's bidding and make snide remarks when questioned about that.
They inspire laughter, not fear. |
IME we have at least a few of those types, in various positions within Gentoo.
The devuan (DNG) list is actually quite interesting in parts (Debian's Not Gnome):
| Peter Olson wrote: | | Freedom 0 already covers this. The freedom to run a program, as you wish, includes the freedom not to run the program, if that is what you wish. |
P.T. Zowolski brings up some lucid points, about how developers (or rather programmers, imo) need to be paid directly for writing software, not just indirectly by "support" companies, who have a vested interest in make-work and obfuscation to justify the charges. |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3509
|
| Posted: Sun Apr 05, 2015 1:10 pm Post subject: |
|
|
Another thought about systemd and kdbus...
I've mentioned several times that I think it's a Windows-turned-Linux response to Linux, and that I don't particularly think RedHat is undulging in secretive world domination games. However...
At the moment it looks like containers are the future, and I believe systemd is an integral part of that vision. Part of the goal of systemd is to become a complete layer around the OS, so that "systemd writes to Linux, and everyone else writes to systemd." (I believe that is very nearly an exact quote of a systemd developer.) I suspect systemd is meant to be a way to "lighten" containers, in a sense. (I know, most of us don't think systemd is very light at all.) So at some point systemd really does become the container-level OS. In fact, RedHat has announced a stripped-down version of its OS that is meant primarily to host containers.
Then take containers one or two steps further - "container-ize" applications. No longer do you have this integral session, instead you have your browser in its container, your email in another isolated container, the "office" in another. In a way it's more like old-school Windows, which didn't really have as strong a $HOME concept as Unix has always had. (Notice of course that I'm bringing another Windows similarity there.) When each application lives in isolation, you still want to get information from one application to another. In Windows that was OLE/ActiveX - and I suspect that's yet another role for kdbus. I suspect in the future there will be incredible flows of data through kdbus - between containers.
BTW, this is going to be sold in the name of security - container-ized applications are of course safer from each other, making the whole more secure. By the time it's all sitting on systemd and kdbus we'll see what reality really is.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
229566
Tux's lil' helper
Joined: 16 Aug 2010
Posts: 127
|
| Posted: Sun Apr 05, 2015 1:27 pm Post subject: |
|
|
Containerization is meant for cloud services and internet of things where you isolate self-sufficient and independent applications. It's not intended to virtualize or isolate individual desktop/UI oriented applications on a traditional desktop system. It is meant primarily to develop apps and deploy them with your own dedicated environment without having to care about the host OS (except that it's a Linux supporting containers).
RH indeed is going primarily in that direction. It's visible in the upcoming versions of the Enterprise Linux testbed - the Fedora. Take a look (and a presentation or two on YouTube) at Fedora Rolekit and Fedora Cockpit and how it all integrates with (k)dbus and systemd services into a NextGen(tm) whole. It is still all vastly experimental but it shows the direction they're taking. |
|
| Back to top |
|
|
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Sun Apr 05, 2015 2:16 pm Post subject: |
|
|
| That sounds awful, depontius. A pig in a poke, or w/e the saying is; not something I'm interested in, nor anything I'd recommend to a client. |
|
| Back to top |
|
|
mv
Watchman
Joined: 20 Apr 2005
Posts: 6747
|
| Posted: Sun Apr 05, 2015 2:50 pm Post subject: |
|
|
| depontius wrote: | | container-ized applications are of course safer from each other, making the whole more secure. |
This is how they will try to sell it.
Like all the lies we heard from "security" people, selling yellow boxes of software for windows and claiming when you instell this software your system will be oh-so-safe! Of course, we all know that since these boxes are sold, no windows machine was ever seen as part of a bot net!
Who really understands a little bit about security knows how to get security in reality:
- Make privilege separation absolutely strict. Do not build any backdoors to circumvent this and that restriction in the name of user's convenience. A thing which raises privileges like policykit or even dbus is an absolute no-go.
- Keep the tasks running with high privileges extremely tiny and provably correct. Normally, no communication should happen between high privilege tasks and any other task. Do anything to avoid this.
- If you are in the absolute exceptional situation of a very complex setup where this cannot be avoided, keep this communication as simple and safe as possible, making sure that no race condition or similar tihings can ever arise. However, when you cannot avoid it, almost surely you have already done a severe mistake and should better think over your security concepts.
We all know that systemd&friends have broken all these rules dozens of time, shrugging it off as if it were nothing.
Using a technique afterwards which can be used as a security measurement - if carefully implemented and used as a basis (and not the other way 'round) - does under these circumstances not increase security at all, but just serves to give technically unskilled people a healthy feeling in the stomach: All the race conditions and bugs due to mere complexity allowing privilege escalates still exist and are in principle unfixable. An apparent separation of low privilege tasks helps nothing to improve the situation: First, the existing gapping security holes must be fixed. That is, everything which systemd&friends currently are, must be completely removed or at least conceptionally completely re-done (and then in non-broken way). |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3509
|
| Posted: Sun Apr 05, 2015 3:02 pm Post subject: |
|
|
Please keep in mind that I wasn't in any way agreeing with the direction I was suggesting. I was just suggesting what I think is going to be pushed by RedHat and probably others. When I said "container-ized applications are of course safer from each other, making the whole more secure," it was with a whole box of salt, not a grain or even shaker.
At the moment, the best likely result is that the userspace of Linux is forking. We will be left alone to do things our way, and there is probably no way we can stop them from doing things their way. Our more important function to the computing world will be to be present when their house of cards crashes, so that there is a clear way to start over, better.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
augustin
Guru
Joined: 23 Feb 2015
Posts: 318
|
| Posted: Sun Apr 05, 2015 4:04 pm Post subject: depontius's sig is a waste space and bandwidth |
|
|
Thanks depontius, GrueXYZ, mv et all for informing us.
I share your concerns and follow this discussion closely.
Could you please explain a bit more the concept of 'container' in the current context? A simple defintion and same examples would be welcome (at least by me!) |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3509
|
| Posted: Sun Apr 05, 2015 4:42 pm Post subject: |
|
|
For the moment, think of a container as "lightweight virtualization." Theoretically a virtual machine can be used for security partitioning - whatever happens in the VM, stays in the VM. The host computer and any other VMs remain safe. However VMs can be rather expensive in terms of machine resources. Containers are an attempt to get most of the benefits of VMs at a much lower resource cost.
So here's the sales point. Imagine that both web browser and email have been "container-ized". What happens in each container, stays in each container. Looking in on systemd, they also have a set of words (I forget their exact term.) meaning that each time you start such a container, it starts clean. So if a container gets horribly polluted by malware of one sort or another, when that container-ized application is stopped, all of the bad stuff simply goes away. Restart that application, and it's back to pristine condition. Plus at no point did the compromised container-ized application do anything bad anywhere but inside that container.
That is/will-be the sales pitch. But containers aren't as "tight" as a VM, and even VMs have been known to have "escape paths". Security isn't simple. The other thing is that containers sometimes aren't useful without being able to get information in and out. That's kind of what OLE/ActiveX did on Windows, and what I believe kdbus will do on Linux. But at that point you've deliberately added a path out of the container. So much for security.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
augustin
Guru
Joined: 23 Feb 2015
Posts: 318
|
| Posted: Sun Apr 05, 2015 5:21 pm Post subject: As I said in my previous subject line! ;) |
|
|
| Thank you, depontius. Your explanation is very clear and helpful. |
|
| Back to top |
|
|
augustin
Guru
Joined: 23 Feb 2015
Posts: 318
|
| Posted: Sun Apr 05, 2015 5:29 pm Post subject: |
|
|
I just found this 1 year + 3 days old post, not previously shared in this thread:
Ts’o and Linus And The Impotent Rage Against systemd
https://igurublog.wordpress.com/2014/04/03/tso-and-linus-and-the-impotent-rage-against-systemd/
A fair amount of the information/theories/conjectures above is news to me, although I am probably the least knowledgeable participant in this thread. :-/
One of the links included in the post above is:
Re: systemd and Linux are *fundamentally incompatible* -> and I can prove it
https://lists.debian.org/debian-devel/2014/03/msg00449.html
In your opinion, is Linus Torvald responding appropriately (has the means and the will to respond appropriately) to this who mess?
It looks more and more to me that a hostile takeover of the kernel/linux ecosystem is in progress (being attempted).... |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54216
Location: 56N 3W
|
| Posted: Sun Apr 05, 2015 6:32 pm Post subject: |
|
|
augustin,
| Quote: | | It looks more and more to me that a hostile takeover of the kernel/linux ecosystem is in progress (being attempted).... |
Exactly so. Its sole purpose is to provide a remote procedure call mechanism so that Red Hat can distribute binary blobs that use RPCs in place of linking.
In my opinion, its just a mechanism for GPL evasion.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo Chat
