[ux266478]

The OpenSSH/XZ exploit from a year or so ago was actually a systemd exploit[1], fun fact.

Looking back on the time I spent in systemd land, I don't miss it at all. My system always felt really opaque, because the mountain of understanding systemd seemed insurmountable. I had to remember so much, all the different levers required to drive the million things systemd orchestrated... and for very little effect. I really prefer transparency in my system, I don't want abstraction layers that I have no purpose for. I don't take it as a coincidence at all that since I moved away from systemd distributions, my system has become quite a bit more reliable. When I got my Steamdeck, the first systemd setup I've used in years, one of the first things I noticed is that the jank I used to experience has showed its face once again. It might not be directly tied to poetteringware, but it's very possible that this is a simple 2nd or 3rd order effect from having a more complex system.

[1] - https://www.fortinet.com/resources/articles/xz-utils-vulnera...

[tombert]

Any sufficiently large codebase that runs an operating system will have security exploits eventually, so finding an example of this really doesn’t change anything. I am sure FreeBSD has had security issues in the past.

I am hardly a super genius and I really didn’t find systemd very hard at all to do most of the stuff I wanted. Everyone complains about it being complicated but an idiot like me has been able to figure out how to make my own services and timers and set the order of boot priorities and all that fun stuff. I really think people are exaggerating about the difficulty of it.

[ux266478]

I think you misunderstand the issue being raised, hence your confusion. The "difficulty" isn't the individual facets of the system, but piercing the opaqueness of the entire picture without wholly specializing into it. On the very basis of using a configuration DSL loaded with strange quirks, the init system part of systemd alone is already asking to take up more space in your head than an init system reasonably should. Having to memorize a completely different set of string expansion behaviors, for example, and all the edge-cases that introduces at the boundary of shell scripts. One small example, and only of the tiny slice that is the init part of systemd. We can talk all day about the problems with resolved, udevd, logind, and so on.

None of these issues are "difficult" and perhaps that is why you think people are "exaggerating" and engaging in bad faith. I would challenge you on this and suggest you haven't seriously interrogated the idea that the standpoint against systemd has a firm basis in reality. Have you ever asked the question "Why?" and sought to produce an answer that frames the position in a reasonable light? Until you find that foundation, you won't understand the position.

[tombert]

systemd solves problems that are not easily solvable in the old SysV init way. If you need resources to load in a specific order, for example, it’s trivial to do this with systemd, but you have to muck with weird symlink stuff to get the same effect with SysV. There are lots of things like that. You can hand wave this away and act like it’s not important, but it absolutely can be important to correctly make sure services load in the right order, and being abke to designate dependencies if services.

Of course I have run non-systemd distros, like Ubuntu (back when it used upstart), Gentoo, and of course FreeBSD (yes I know it’s not a Linux distro but close enough for this particular point), so it’s not like non-systemd stuff is foreign to me, and I am just not convinced it is actually causing more headaches than other systems.

[int_19h]

> Any sufficiently large codebase that runs an operating system will have security exploits eventually

Indeed, but the one that has been around for much longer is likely to have more bugs flushed out by now.

[hulitu]

> I don't want abstraction layers that I have no purpose for.

That is the main issue in modern software. The only way to "improve" something, is to add another abstraction layer.