Most active commenters
  • lupusreal(3)

←back to thread

Run0, a systemd based alternative to sudo, announced

(mastodon.social)
466 points CoolCold | 24 comments | 29 Apr 24 23:59 UTC | HN request time: 2.163s | source | bottom
Show context
udev4096 ◴[01 May 24 01:18 UTC] No.40218468[source]
Just a side note: sudo is largely maintained by just one dude https://github.com/sudo-project/sudo/graphs/contributors
replies(6): >>40218764 #>>40219335 #>>40219992 #>>40220140 #>>40220204 #>>40222316 #
m463 ◴[01 May 24 06:21 UTC] No.40220140[source]
also worth mentioning: Lennart Poettering

"Poettering is known for having controversial technical and architectural positions regarding the Linux ecosystem"

https://en.wikipedia.org/wiki/Lennart_Poettering

replies(3): >>40220317 #>>40220708 #>>40221944 #
1. vaylian ◴[01 May 24 06:54 UTC] No.40220317[source]
His positions are mostly controversial because he challenges the way things have been done for a long time. Whenever he presents some new idea/architecture my first reaction is often confusion. Why would he change something that has worked so well for such a long time? But then I take the time to read up on the reasoning behind his ideas and then things start to make sense. Even when something isn't exactly broken, there is still room for better solutions.
replies(2): >>40220363 #>>40221105 #
2. cduzz ◴[01 May 24 07:06 UTC] No.40220363[source]
There have been lots of suggestions for how to improve linux / unix for a very long time.

The first great war I remember, and I'm sure there were more before I was around, was DJB vs everyone. For the most part, I think his designs, "weird" as they were / are, are still better than almost every crackpot variation of them that's come since.

replies(1): >>40230590 #
3. lupusreal ◴[01 May 24 09:21 UTC] No.40221105[source]
He's controversial because numerous times his ego has so severely clouded his judgemental that he refuses to see egregious bugs in his programs for what they are. Just one example: https://github.com/systemd/systemd/issues/6237#issuecomment-...

The "people hate him because he makes new stuff" narrative is just more ego-protecting cope. Many developers of other new systems are widely respected and appreciated because their stuff works and they stay humble. Wireguard and Pipewire devs don't get hate poured on them in HN discussions because their shit works, solves problems people have, and because they know how to deal with people.

replies(2): >>40221257 #>>40221401 #
4. NekkoDroid ◴[01 May 24 09:48 UTC] No.40221257[source]
> Just one example: https://github.com/systemd/systemd/issues/6237#issuecomment-...

1. He gave a clear reason why it is how it is 2. He realizes it is/might be frustrating 3. even `adduser` will not allow it by default 4. The issue that it still runs the unit even with config errors has been addressed: https://github.com/systemd/systemd/commit/bb28e68477a3a39796... (~2 weeks after the issue was opened)

replies(3): >>40221556 #>>40222480 #>>40222958 #
5. magicalhippo ◴[01 May 24 10:13 UTC] No.40221401[source]
Or in Linus Torvalds' words[1]:

It does become a problem when you have a system service developer who thinks the universe revolves around him, and nobody else matters, and people sending him bug-reports are annoyances that should be ignored rather than acknowledged and fixed. At that point, it's a problem.

[1]: https://lkml.org/lkml/2014/4/2/580

replies(2): >>40222332 #>>40227586 #
6. ◴[01 May 24 10:37 UTC] No.40221556{3}[source]
7. calvinmorrison ◴[01 May 24 12:41 UTC] No.40222332{3}[source]
But even then, system service developers don't try to 'own the whole world' so to speak and so they do need to play nicely with others. Mr. Poopering philosophy is the minute a dependencies maintainer becomes a thorn in his side - he absorbs that project into systemd. The distribution packagers follow like starving dogs on a hunt
replies(1): >>40224347 #
8. throw0101b ◴[01 May 24 12:54 UTC] No.40222480{3}[source]
> 3. even `adduser` will not allow it by default

5. useradd does allow it (as noted in a comment). 6. Local users, and the utilities that create them, are not the only source, there things like LDAP and AD.

7. POSIX allows it:

* https://github.com/systemd/systemd/issues/6237#issuecomment-...

9. lupusreal ◴[01 May 24 13:32 UTC] No.40222958{3}[source]
His reason, although clear, is also plainly wrong. Such usernames although bizarre may be encountered by SystemD so it shouldn't break when it sees them. Computer programs, particularly important ones, should be conservative in what they emit and liberal with what they accept and that means not breaking when they encounter weird but technically permissible usernames. His response should have been "Golly, that's a weird username, I didn't think that was possible" and then fix the bug.
replies(3): >>40225180 #>>40226501 #>>40227436 #
10. j0057 ◴[01 May 24 15:08 UTC] No.40224347{4}[source]
> Mr. Poopering

This is childish and petty, I suggest you delete your account.

replies(2): >>40224437 #>>40224458 #
11. etc-hosts ◴[01 May 24 15:13 UTC] No.40224437{5}[source]
You can't delete your HN account.
replies(1): >>40226413 #
12. calvinmorrison ◴[01 May 24 15:15 UTC] No.40224458{5}[source]
No thanks!
13. 4star3star ◴[01 May 24 16:04 UTC] No.40225180{4}[source]
There is a certain personality type that likes to reimagine that their original thinking was not flawed, even when presented with a detail that they did not incorporate into their original thinking. If the detail had been in their awareness from the start, they would have arrived at a different position, but they are bound to a strict sense of linearity for reasons inexplicable to me except for ego protection.
14. j0057 ◴[01 May 24 17:28 UTC] No.40226413{6}[source]
Interesting! IANAL, but I think this should be basic functionality, ever since the recent-ish European and Californian privacy regulations. Although I think a quick e-mail to hn@ycombinator.com would suffice.
replies(1): >>40230649 #
15. alserio ◴[01 May 24 17:34 UTC] No.40226501{4}[source]
Disclaimer: I know nothing about the particular bug. Postel's Law has its tradeoffs, and its fuzzy lines are a nice place for security issues to arise.
replies(1): >>40228488 #
16. magicalhippo ◴[01 May 24 18:41 UTC] No.40227436{4}[source]
Alternatively, if, like he says in the comments of that bug, he really means that SystemD shouldn't support systems that allow such usernames, then he should ensure SystemD won't run on such systems.

Silently doing the wrong thing is not a good thing, especially when "doing the wrong thing" is running stuff as root that wasn't supposed to run as root.

17. filmor ◴[01 May 24 18:50 UTC] No.40227586{3}[source]
This is about Kay Sievers, not Lennart Poettering.
replies(1): >>40237827 #
18. lupusreal ◴[01 May 24 19:51 UTC] No.40228488{5}[source]
For sure, there are limits. In this particular case, maybe we say that SystemD shouldn't support weird usernames beginning with numbers, but the other half of the law should still apply. The conservative emission would be logging an error message, not running that unit file as root.
19. karma_pharmer ◴[01 May 24 22:48 UTC] No.40230590[source]
Dude you cannot compare DJB to Pottering.

DJB is a genius, responsible for all of the non-NSA asymmetric cryptosystems, symmetric cryptosystems, and authenticated encryption algorithms supported by TLS (curve25519, chacha20, Poly1305). He's also the one who got us off of the footgun-by-design, broken-random-number-generator-will-spray-your-privatekey-everywhere nondeterministic nonce signature schemes prior to Ed25519 (the first standardized signature scheme which required deterministic nonces). Oh yeah and the only post-quantum cryptosystem that OpenSSH was comfortable shipping.

And pottering gave us pulseaudio. The gift that keeps on giving.

replies(1): >>40231250 #
20. Aerbil313 ◴[01 May 24 22:57 UTC] No.40230649{7}[source]
Would it really? Asking cause genuinely curious, literally the only online forum I can't remove my past public information from is HN.
replies(1): >>40233025 #
21. cduzz ◴[02 May 24 00:14 UTC] No.40231250{3}[source]
What I said was that the first holy war of unix I remember is the DJB vs everyone else.

As far as I can tell, as odd as DJB's designs may have seemed, they were and are ... way better than what was and still hold up today; most of the following "lets unix better" designs seem to just adopt some of DJB's designs, typically poorly.

Systemd certainly seems to have cribbed elements of daemontools et al, but seemingly none of the notion of "least privilege" ...

replies(1): >>40257681 #
22. udev4096 ◴[02 May 24 05:37 UTC] No.40233025{8}[source]
Even if you delete your account, it wouldn't really matter that much. Whole HN is probably crawled and archived on a daily basis due to a simplistic API
23. kasabali ◴[02 May 24 16:06 UTC] No.40237827{4}[source]
Same difference
24. karma_pharmer ◴[04 May 24 13:52 UTC] No.40257681{4}[source]
I think maybe your memory decieves you?

The great thing about unix is that there are no "wars" over these things, because everybody gets to decide for themselves.

Well at least that's how it was before systemd -- and all of DJB's unix work long predates systemd. By the time systemd came around DJB had been focusing on ECC exclusively for almost a decade.

The way I remember it is that most people didn't understand DJB and just kinda ignored his work, while a bunch of other people recognized what he was on to and integrated his ideas into software with frendlier user interfaces. For example, runit, which is PID1 for Void Linux to this day, and s6, which is PID1 for both Liminix ("NixOS-on-your-wifi-AP") and Spectrum ("Qubes for Nix"). Indeed increasing numbers of NixOS users are ditching systemd for s6.

Anyways I don't remember anything close to a "holy war".