| View previous topic :: View next topic |
| Author |
Message |
Hu
Administrator
Joined: 06 Mar 2007
Posts: 22853
|
 Posted: Thu Sep 26, 2019 1:22 am Post subject: |
 |
|
As much as I enjoy the snark about systemd, I'd appreciate it if we could focus this thread on the specific questionable idea that systemd's maintainers are currently championing (systemd-homed), rather than speculating on ways they may expand into and ruin components they haven't touched yet.
I'm honestly surprised that Poettering thought the apparent dependency loop was a problem. sshd has been able to configure alternate locations for key files for years, so an administrator could redirect the search to an auxiliary directory that is outside the looped area. Alternately, since some level of systemd <-> sshd integration will probably be necessary to unlock the home directory on successful authentication, that integration could be extended to provisionally unlock the container for the purpose of extracting and checking the public key. If done with sufficient cleverness, the integration might even be able to unlock the directory only when an authorized user tries to access it, and fail when arbitrary unrelated users try to open it. |
|
| Back to top |
|
 |
krinn
Watchman
Joined: 02 May 2003
Posts: 7470
|
| Posted: Thu Sep 26, 2019 9:17 am Post subject: |
|
|
| Hu wrote: | | As much as I enjoy the snark about systemd, I'd appreciate it if we could focus this thread on the specific questionable idea that systemd's maintainers are currently championing (systemd-homed), rather than speculating on ways they may expand into and ruin components they haven't touched yet. |
The problem is that we could speak about his idea in itself, but he is not going to do some "homed" project, but again a "systemd-homed" ; which imply carrying the same philosophy behind.
Which then swap any interrest in the project itself, to only what will be impose on us again.
You see, i don't really care if my neighbor have the idea to paint his house red ; but i care when i know this neighbor have bad habit to see the mayor to make a law that all houses must be red only.
That's the problem with him, it make me focus more on implications of his idea rather than if red for his house would be good or bad. |
|
| Back to top |
|
|
Anon-E-moose
Watchman
Joined: 23 May 2008
Posts: 6175
Location: Dallas area
|
| Posted: Thu Sep 26, 2019 10:12 am Post subject: |
|
|
homed makes sense but only for a subset of the linux user population, and a small one at that.
For home users, IMO, it makes no or little to no sense.
For business users I can see some use cases for it, but again, I think a limited audience.
The idea being sold is that most will have the need for a home dir in multiple places/machines, personally I think LP is mistaking his personal needs for the general populations. Most of us, that aren't developers, and have multiple machines (desktop and laptop, etc) don't really want to share everything that's in the desktop on their laptop. I have multiple machines in my house, but I don't want or need to have my whole home dir shared across all of them.
Plus the whole concept of an imaged home dir implies that there's a central storage area for the image. Is this 1970 or 2017? 
_________________
UM780, 6.1 zen kernel, gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Thu Sep 26, 2019 1:44 pm Post subject: |
|
|
| krinn wrote: | | You see, i don't really care if my neighbor have the idea to paint his house red ; but i care when i know this neighbor have bad habit to see the mayor to make a law that all houses must be red only. |
Excellent analogy.
| Anon-E-moose wrote: | | Plus the whole concept of an imaged home dir implies that there's a central storage area for the image. Is this 1970 or 2017? |
1970. "The cloud" replaces the main frame and PC's are just intelligent terminals. |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3522
|
| Posted: Thu Sep 26, 2019 1:59 pm Post subject: |
|
|
| Tony0945 wrote: | | krinn wrote: | | You see, i don't really care if my neighbor have the idea to paint his house red ; but i care when i know this neighbor have bad habit to see the mayor to make a law that all houses must be red only. |
Excellent analogy.
| Anon-E-moose wrote: | | Plus the whole concept of an imaged home dir implies that there's a central storage area for the image. Is this 1970 or 2017? |
1970. "The cloud" replaces the main frame and PC's are just intelligent terminals. |
Some of this reflects current corporate security paranoia. They're taking steps to make sure that their data stays on their servers. At the same time the corporate laptop becomes the most wasted CPU resource, even as they continue to be CPU-constrained. An encrypted home directory - where the user doesn't have the key - can be part of their solution. I say the user doesn't have the key - only access to the key, which means that local computing can again happen without fear of data theft. The user can only get to the data in company-approved ways.
Note that this doesn't solve problems like cell-phone screencaps to export data, and I'm sure there are other ways. But it seems to make corporate security types feel better.
Note that I said, "user", not "owner". That's one thing to remember on a corporate laptop - they own it, not you. I've left trust out of this, but that's a different matter.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
saellaven
l33t
Joined: 23 Jul 2006
Posts: 655
|
| Posted: Thu Sep 26, 2019 2:45 pm Post subject: |
|
|
| Anon-E-moose wrote: |
Plus the whole concept of an imaged home dir implies that there's a central storage area for the image. Is this 1970 or 2017? |
and thus another service for Red Hat/IBM to sell...
that's a nice /home directory. It'd be a shame if something happened to it.
Again, the whole point is to disempower users to make them dependent.
_________________
Ryzen 3700X, Asus Prime X570-Pro, 64 GB DDR4 3200, GeForce GTX 1660 Super
openrc-0.17, ~vanilla-sources, ~nvidia-drivers, ~gcc |
|
| Back to top |
|
|
Ant P.
Watchman
Joined: 18 Apr 2009
Posts: 6920
|
| Posted: Thu Sep 26, 2019 5:04 pm Post subject: |
|
|
| I'd say the users are already disempowered and dependent if all they do is complain about it instead of using any of the plentiful alternatives to systemd. |
|
| Back to top |
|
|
depontius
Advocate
Joined: 05 May 2004
Posts: 3522
|
| Posted: Thu Sep 26, 2019 5:28 pm Post subject: |
|
|
Once again, it's different if it's your work-provided machine. I'm the owner of my personal machines, I'm a user of the work-provided machines. Like it or now. Even worse, indications are that for other reasons, I'm about to get pushed off of the work-provided Linux (yep, systemd) image onto Windows 10.
_________________
.sigs waste space and bandwidth |
|
| Back to top |
|
|
Maitreya
Guru
Joined: 11 Jan 2006
Posts: 445
|
| Posted: Thu Sep 26, 2019 5:57 pm Post subject: |
|
|
| Ant P. wrote: | | I'd say the users are already disempowered and dependent if all they do is complain about it instead of using any of the plentiful alternatives to systemd. |
Well to be fair that is not their fault.
They don't even know they are being disempowered.
It would be completely different if they did.
However, we _do_. Yet, what do we do against this injustice?
Complain. Online. Because that matters... |
|
| Back to top |
|
|
saellaven
l33t
Joined: 23 Jul 2006
Posts: 655
|
| Posted: Fri Sep 27, 2019 12:29 am Post subject: |
|
|
| Maitreya wrote: | | Ant P. wrote: | | I'd say the users are already disempowered and dependent if all they do is complain about it instead of using any of the plentiful alternatives to systemd. |
Well to be fair that is not their fault.
They don't even know they are being disempowered.
It would be completely different if they did.
However, we _do_. Yet, what do we do against this injustice?
Complain. Online. Because that matters... |
If one thinks a non-problem is not a problem, should that person
1) waste time solving a problem that isn't a problem, likely creating more problems in the process and turning everything into a mess
or
2) discuss how the non-problem isn't a problem and the negative consequences that with happen with how the problem is "solved" in the hopes that people doing the "solving" will see the errors in their thinking?
In the meantime, I see that you've chosen to complain about people having a discussion while implying that the discussion is just empty complaining... a technique which is frequently used by systemd proponents (and I'm not accusing you of being one) to get any threads taking a critical look at systemd, its components, bugs, or agenda shut down and locked.
_________________
Ryzen 3700X, Asus Prime X570-Pro, 64 GB DDR4 3200, GeForce GTX 1660 Super
openrc-0.17, ~vanilla-sources, ~nvidia-drivers, ~gcc |
|
| Back to top |
|
|
Maitreya
Guru
Joined: 11 Jan 2006
Posts: 445
|
| Posted: Fri Sep 27, 2019 6:37 am Post subject: |
|
|
| saellaven wrote: | | Maitreya wrote: | | Ant P. wrote: | | I'd say the users are already disempowered and dependent if all they do is complain about it instead of using any of the plentiful alternatives to systemd. |
Well to be fair that is not their fault.
They don't even know they are being disempowered.
It would be completely different if they did.
However, we _do_. Yet, what do we do against this injustice?
Complain. Online. Because that matters... |
If one thinks a non-problem is not a problem, should that person
1) waste time solving a problem that isn't a problem, likely creating more problems in the process and turning everything into a mess
or
2) discuss how the non-problem isn't a problem and the negative consequences that with happen with how the problem is "solved" in the hopes that people doing the "solving" will see the errors in their thinking?
In the meantime, I see that you've chosen to complain about people having a discussion while implying that the discussion is just empty complaining... a technique which is frequently used by systemd proponents (and I'm not accusing you of being one) to get any threads taking a critical look at systemd, its components, bugs, or agenda shut down and locked. |
No need to be defensive, if I communicated "it's no use to be critical" , I've chosen my words poorly then.
What I meant is that we are in a echo chamber here, agreeing about how it sucks. |
|
| Back to top |
|
|
Dominique_71
Veteran
Joined: 17 Aug 2005
Posts: 1895
Location: Switzerland (Romandie)
|
| Posted: Sun Sep 29, 2019 4:11 am Post subject: |
|
|
| Anon-E-moose wrote: | homed makes sense but only for a subset of the linux user population, and a small one at that.
For home users, IMO, it makes no or little to no sense.
For business users I can see some use cases for it, but again, I think a limited audience.
The idea being sold is that most will have the need for a home dir in multiple places/machines, personally I think LP is mistaking his personal needs for the general populations. |
LP is a RedHat employee. As such, he know exactly was he is doing: RH have a lot of big companies and administrations as customers, and he make a distribution tailored for these customers.
| Quote: | | Plus the whole concept of an imaged home dir implies that there's a central storage area for the image. Is this 1970 or 2017? |
The NSA will be happy: just one file to download. All they have to do is a fake but real company, and peoples will pay to use their server. 
EDIT: systemd-clouded
_________________
"Confirm You are a robot." - the singularity |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 22853
|
| Posted: Sun Sep 29, 2019 4:20 pm Post subject: |
|
|
Wouldn't systemd-cloudd (pronounced system dee cloud dee) be better, for the verbal confusion it would cause with systemd-cloudy?  |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
| Posted: Mon Sep 30, 2019 7:07 pm Post subject: |
|
|
Actually it will be used by the next gen OS silverblue that implements the concept of immutable os,
https://fedoramagazine.org/what-is-silverblue/
LP explains:
https://cfp.all-systems-go.io/ASG2019/talk/VSQRXA/
as someone might know LP also wrote Avahi and in particular nss-mdns
| Quote: | | nss-mdns is a plugin for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc) providing host name resolution via Multicast DNS (aka Zeroconf, aka Apple Rendezvous, aka Apple Bonjour), effectively allowing name resolution by common Unix/Linux programs in the ad-hoc mDNS domain .local. |
As a few persons here might also know GCC nss controls what informations are provided by the get*ent() functions:
http://man7.org/linux/man-pages/man1/getent.1.html
| Quote: | group When no key is provided, use setgrent(3), getgrent(3),
and endgrent(3) to enumerate the group database. When
one or more key arguments are provided, pass each
numeric key to getgrgid(3) and each nonnumeric key to
getgrnam(3) and display the result.
gshadow When no key is provided, use setsgent(3), getsgent(3),
and endsgent(3) to enumerate the gshadow database. When
one or more key arguments are provided, pass each key in
succession to getsgnam(3) and display the result.
passwd When no key is provided, use setpwent(3), getpwent(3),
and endpwent(3) to enumerate the passwd database. When
one or more key arguments are provided, pass each
numeric key to getpwuid(3) and each nonnumeric key to
getpwnam(3) and display the result.
shadow When no key is provided, use setspent(3), getspent(3),
and endspent(3) to enumerate the shadow database. When
one or more key arguments are provided, pass each key in
succession to getspnam(3) and display the result |
As you can see manipulating databases and the informations returned the get*ent functions with nss-homed it is possible to have a read only etc and plug in a usb stick, detect a homedir inside, create on the fly a new unprivileged user that uses that homedir with a password contained inside the homedir or the usb stick (or the /home rw partition, the OS partition will be ro). All this transparently and in a compatible way. Priviliged users will still be defined in /etc/ but will be immutable.
Basically systemd-homed will do for users and password what avahi does for the network resolution.
That is not all since I still have to watch the rest of the talk
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia
My fediverse account: @erm67@erm67.dynu.net |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Mon Sep 30, 2019 10:35 pm Post subject: |
|
|
| erm67 wrote: | | as someone might know LP also wrote Avahi and in particular nss-mdns |
adding -avahi to USE flags |
|
| Back to top |
|
|
Naib
Watchman
Joined: 21 May 2004
Posts: 6069
Location: Removed by Neddy
|
| Posted: Mon Sep 30, 2019 10:51 pm Post subject: |
|
|
| Tony0945 wrote: | | erm67 wrote: | | as someone might know LP also wrote Avahi and in particular nss-mdns |
adding -avahi to USE flags |
only now?
_________________
#define HelloWorld int
#define Int main()
#define Return printf
#define Print return
#include <stdio>
HelloWorld Int {
Return("Hello, world!\n");
Print 0; |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Tue Oct 01, 2019 1:10 am Post subject: |
|
|
| Yes. Actually zeroconf is the flag I needed to block. Luckily it was not defaulted on any of my packages. |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
| Posted: Tue Oct 01, 2019 9:15 am Post subject: |
|
|
You see, everything is ok, there will be a homed use flag as well... Without the glibc plugin homed will not work.
You can keep your insecure rw root partition and vent your wild fantasy about being raped by LP while the NSA fucks you from behind in all forums.
They should nave called it zeroconf-user probably, or just declared it an extension to zeroconf.
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia
My fediverse account: @erm67@erm67.dynu.net |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54638
Location: 56N 3W
|
| Posted: Tue Oct 01, 2019 1:43 pm Post subject: |
|
|
erm67,
The NSA has root, so this is just rearranging deckchairs on the Titianic.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
| Posted: Wed Oct 02, 2019 6:47 am Post subject: |
|
|
mine wasn't a metaphor .........
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia
My fediverse account: @erm67@erm67.dynu.net |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 22853
|
| Posted: Tue Jan 07, 2020 3:01 am Post subject: |
|
|
| Now we need someone to propose an outlandish systemd feature that, if ever implemented, would bring about the downfall of systemd. Being outlandish, no one will seriously expect it to actually happen. Then, one day it will, because so far truth is stranger than fiction. |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Tue Jan 07, 2020 3:43 am Post subject: |
|
|
|
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20521
|
| Posted: Tue Jan 07, 2020 6:40 am Post subject: |
|
|
| Hu wrote: | | the downfall of systemd |
That seems unlikely at this point unless MS ports AD to Linux, thereby gifting IBM fond memories of their OS/2 days.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
erm67
l33t
Joined: 01 Nov 2005
Posts: 653
Location: EU
|
| Posted: Tue Jan 07, 2020 12:28 pm Post subject: |
|
|
| Hu wrote: | | Now we need someone to propose an outlandish systemd feature that, if ever implemented, would bring about the downfall of systemd. Being outlandish, no one will seriously expect it to actually happen. Then, one day it will, because so far truth is stranger than fiction. |
Sounds like the last for hope for someone desperate, is going that bad?
You mean you'll stick witk glep-0081? Until it's ported over to sysuserd of course, funnily it will make very easy to support systemd-sysusers with it Poettteerriinng has telepatic power like the mule maybe? Put your tin foil hat on ....
_________________
Ok boomer
True ignorance is not the absence of knowledge, but the refusal to acquire it.
Ab esse ad posse valet, a posse ad esse non valet consequentia
My fediverse account: @erm67@erm67.dynu.net |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo Chat
