Back when systemd was a hot topic I jumped on the bandwagon of using systemd-less distros just because people were telling me how bad it was. To this day I still use openrc but the reality is that systemd works very well and is easy to understand and use. The average user gains no benefit to using another init besides having a better understanding of how the system works.
Well and a faster boot time but it’s definitely a learning curve and not really worth it unless you want to try a Distro that ships something else by default (E.g. Alpine).
I never had a fast NVME SSD so my devices boot significantly slower than yours but unless you are actually at the point of instant booting it’s about half the boot time for me. I only use OpenRC on my Pinephone because it’s the default for PostmarketOS (a Alpine based OS for mobile phones) and never found a good enough reason to use it on my actual computer but it’s quite a bit faster and also quite a bit less convinient so all in all probably not worth it but still impressive to watch!
I am on an NVMe drive, however most of my boot time actually comes from the POST process so even if I were to switch to an OpenRC (or runit / another init system), it wouldn’t really have any meaningful impact on my system’s boot time unfortunately.
<span style="color:#323232;">❯ systemd-analyze time
</span><span style="color:#323232;">Startup finished in 17.412s (firmware) + 2.684s (loader) + 3.587s (kernel) + 2.134s (initrd) + 9.244s (userspace) = 35.063s
</span><span style="color:#323232;">graphical.target reached after 9.208s in userspace.
</span>
Yeah I’m not sure where the idea that systemd is “trash” in the enterprise world is coming from. Of all the contacts that I know who work in an enterprise environment say this, nor have I even seen anyone on the internet mention this.
I mean if there’s an actual reason for it other than just the usual bandwagon of “systemd bad” I’m all ears.
Yeah, that’s the point. Again, the average user (as in desktop user) gains nothing from using a different init. There may have been some crazy server-side scenario where the type of init you used actually mattered but we’re talking about desktop Linux, which the answer is a clear-cut no. I’m not stopping the people that are interested in trying a different init out, I’m just telling them that there’s little to no benefit in the end if they’re expecting an improvement in performance or whatever else.
Wait, people really believe writing boilerplate filled bash scripts to implement just the idea of dependencies does scale into enterprise environments? Which don’t come even close to emulate most of the very useful and important features systemd provides?
Seriously that’s a take I have never heard one say while keeping a serious face. There is a reason systemd is as popular as it is for every desktop and server distro out there.
It is far from perfect, but who in their right mind would want sys-v init or similar systems back? I can’t even imagine what a mess it would be managing all the contexts and implementing it securely and portable with an init script.
No one wants to talk about the thousands of extra bots that reddit released during the blackout and afterwards to keep up with the illusion. A whole lot of sub users on reddit are engaging with bots. In fact, some gullible people think r/place is run by users, and not the thousands of bots run by different subs, as well as reddit admins.
It handles ambiguity too. Want to say something lasts for a period of 1 month without needing to bother checking how many days are in the current and next month? P1M. Done. Want to be more explicit and say 30 days? P30D. Want to say it in hours? Add the T separator: PT720H.
I used this kind of notation all the time when exporting logged historical data from SCADA systems into a file whose name I wanted to quickly communicate the start of a log and how long it ran:
20230701T0000-07–P30D…v101_pressure.csv
(“–” is the ISO-8601 (2004) recommended substitute for “/” in file names)
If anyone is interested, I made this Bash script to give me uptime but expressed as an ISO 8601 time period.
Man, this is depressing. While I wasn’t “raised online” since I was raised on dialup and couldn’t block the phone line all that long.
I still remember when google was the new kid on the block and the general feeling about them across early Internet forums.
Microsoft was evil because they copied everybody else’s stuff and wanted to charge for it. Apple was clueless making expensive junk. Sun was a darling for a while at least until they started pulling shit.
Enter mother-fucking-Google. Ethical. Honest. Not evil. Smart. Supporting open source. And on top of all that, FREE to use. Like Microsoft wants to charge you for hotmail if you want an inbox > 2MB? Fucking EVIL!!! Google is ethical because they are completely free!!! And I hear they are working on an email service too. Google just wants to shepherd the internet and protect it from companies like Microsoft, Apple, and AOL.
Any company that becomes publicly traded gets turned to the dark side. That’s the factor that does it because they have a legal requirement to do everything they can to maximize profits.
Trying to sustain perpetual growth will always lead to companies fucking over their customers and employees.
I live Valve, but there’s always that nagging bit in the back of my mind reminding me that they can always turn evil in the span of a few years. And the recent debacle with Dolphin doesn’t help
No, Dolphin was their fault. Valve reached out to Nintendo before Dolphin was added to the store. If Valve hadn’t asked Nintendo for permission first, Nintendo probably would have said nothing
It makes sense though. People can already install Dolphin wherever they want, including the Steam Deck. But Valve probably thinks they can get Nintendo to publish on Steam. It wasn’t so long ago that Sony and Microsoft maintained exclusivility on their platforms. Valve doesn’t win anything allowing Dolphin on Steam, but it can potentially anger Nintendo.
No. That is not at all what happened. No DMCA takedown notice was ever sent in this.
What happened is that Dolphin applied to go on Steam and announced that. Then Valve emailed Nintendo asking for permission. Nintendo said they didn’t want it on the store, pointed to parts of the DMCA which were not actually valid for a theoretical case, and Valve blocked Dolphin from going on Steam
Valve is already evil: they locked down their steam client (unacceptable in the times of GOG, and Epic Games) and allow developers to put DRM in their games. Outside of that they were the pioneers of digital gambling with CS:GO and TF2 and using anti-features as a way to entice people to purchase micro-transactions.
There is also the B Corp designation (short for Public Benefit Corporation) which allows a company to balance its responsibility towards the share holders with some other benefit it aims to provide where the share holders aren’t the (only) beneficiaries.
In the picture you can see organizations moving in the public sphere around AI. On the left you have right-wing and libertarian think tanks, corporations and frontline actors that fuel a sense of panic around AI, either to sabotage their business competitors or to leverage this panic to project an idea of being sellers of a very powerful tool while at the same time deflecting responsibility. If the AI is dangerous and sentient, you won’t care much about the engineers behind.
On the right you have several public orgs or NGOs operating in the field of algorithmic accountability, digital rights and so on. They push the opposite of the AI panic, pointing the finger at the corporations and powers that create and govern AI
I've always found tankies to be the most extreme example of being anti-socialism and anti-ML. Because do they really think Marx and Lenin would support these dictatorial (and still capitalist) human rights violating countries to be what their utopia is?
In a realistic comparison, Marx and Lenin would support European democracies before they supported trash like modern Russia and China (and don't even get me started on North Korea).
How dare you imply that socialism and communism are egalitarian and anti-authoritarian, and aren't just pejoratives for anything right-wing fascists don't like!
It’s not out of the realm of possibility. They have been known to force Microsoft to make changes in the past. As well as Apple and other major software companies.
I’m not too familiar with that side of things but I do believe they do. My understanding is that some organizations are set up as nonprofits and they contribute to the development of Linux.
Some European governments also use foss software for things like email and office.
But it’s easier to throw darts at a big company than lots of small things that add up to something big.
Linux costs next to nothing compared to Windows. So if companies want to cry about having to save on budget, go with the better option for it.
Who the fuck needs Office 365? Nothing has really changed on that software for years, it's still the same shit. I don't see anything different on Microsoft Word 2007 from it's 365 counterpart. People are getting scammed.
My gf recently took one of those dumb ability tests on Indeed for an office job, shows you two screenshots of document editing and you answer which buttons achieve the desired effect. I opened Word on my laptop and all of the buttons were in different places compared to screenshots.
MS, just go sit down somewhere and stop fiddling with shit
A devastating amount of computer hardware is about to be e-wasted because they decided to drop support for anything older than roughly 2017/2018.
It’s an arbitrary limitation as people have succeeded in forcing it to work on much older hardware that still works well enough for your avg person.
Additionally, windows used to be a tool now it’s a platform for them to essentially market any number of things and user privacy appears to be the least important thing on the table.
The only reason we don’t see mass adoption of Linux has been 4 decades of software development and marketing that let’s them continue to wear their crown.
A regulatory party needs to humble them and return windows to being a tool.
Imagine if the gasoline companies one day announced that they will be changing gas so only cars bought in the last 5 years or so could refuel.
Now imagine if to buy a car you had to tolerate cameras and other forms of tracking your telemetry just to get to work and feed yourself.
Lunacy yes? They took the “my” out of my computer.
Why should they have to support Windows 10 when Linux would run fine on your ‘old’ machine? That really puts the ‘yours’ back in your computer, no need for a company to do it for you.
Linux is wonderful and works plenty fine, but as a civilization we are not ready. There’s still so much that won’t work out of the box, for most manufacturers it’s an after thought if any at all.
You can’t walk into your avg store and be like I want a computer with Linux that will play fortnite.
You can’t blindly buy a video game or a multifunctional printer without serious consideration.
Unlike Windows where it’s the established norm that it will work 100% of the time.
Sure you can argue that a user should just learn to deal with that and teach themselves how to install Linux and cope with whatever comes up.
But that’s just unfair to grandma and anyone else that hasn’t made computers a hobby.
Imagine if the gasoline companies one day announced that they will be changing gas so only cars bought in the last 5 years or so could refuel.
They’ve already effectively did this, and by they I mean the US government mandated it. 5% ethanol has been mandated since 2006, and 10% since 2012. If your car is too old (lots of 90s cars) you’ll have to find a gas station that has ethanol free fuel.
It’s not illicit to put non ethanol gas in any vehicle, and even if it were would you actually expect gas stations to confirm the type of vehicle that’s getting fuel for every transaction before the customer is allowed to swipe their card and fill up?
You may be confusing ethanol free gas with off road diesel, which is basically just lower taxed and not dyed. Even then it’s not up to the gas station to police who buys it.
It prevents knocking in sensitive vintage vehicles, which were designed for leaded gas, too. That article also covers why ethanol can be harmful for them.
Fun fact, there were still computers being manufactured with CPUs that don’t support Windows 11 in 2020, got one of those at work that we will need to replace before then. Thankfully only one, so it’s not too big of a deal.
The real thing stopping mass adoption of Linux is that few people want to fiddle around with their machines to that degree. For the vast majority of users, it just needs to run and be able to run whatever programs are needed, and the easier it is to do so, the better.
And when I run into issues, I would rather be using the OS that is the most common so that I have more options to get good info for a fix. I don’t want problems that nobody’s ever encountered, or for which the fix is beyond my limited technical ability.
It’s somewhat amusing when I see people on Lemmy proselytizing for Linux and literally while laying out their points to convince someone how easy it is, they’ll talk about doing shit that is already beyond my ability. And I’m not some 90 year old who struggles to turn it on. I’m just a user that doesn’t care to use any OS that I’ll need to take time to learn to figure out how to use it.
When I start a Windows machine I just do what I need to do.
When even a Linux cheerleader is trying to convince someone how easy it is, they’re already indicating more effort than I want to put into it.
It already exists. Most of the requirements that break with current W10 machines are artificial and can be removed at install time with rufus (memory requirement, secure boot, TPM2, microsoft account).
Still not a solution; you should not have to fight against your OS design choices that much.
The post literally above this one is about a manufacturing job with shit hours and pay and I work a 8-4 (sometimes longer) but im paid abnormally high (we start new devs at 70k and average dev is six figures).
But the other stuff like free time can absolutely suffer as even at the senior level, I’m taking so many courses and outside education to stay relevant.
I work almost 100% on a computer for a municipality using software that’s already 100% web-based.
But I have to drive 90+ minutes each way every day because a citizen might want to have an in-person meeting once every few weeks instead of an email or Teams meeting.
Programmer pay is so bizarre, it makes me cynical about our entire economy.
If I’m a blue-collar worker maintaining the wires between banks, I get paid little. If I’m a programmer maintaining the banking software that controls everyone’s money and is essential to the entire nation, I’m paid a little more, but not as much as some programmers.
If I’m a young man who creates a webpage that barely works venture capitalists are tripping over themselves trying to shove millions of dollars into my hands.
(Although, creating a webpage was the hot thing last decade, now the hot thing is creating an AI.)
A lot of the time it’s about being lucky enough be able to have or form connections with rich stupid people. Those kinds are a lot more willing to throw insane amounts of money at someone/some company they vaguely know to do things they know nothing of but hear a lot about.
Or just working at a company that’s well-known in the area and deals with clients very intimately while the product is being created.
Sometimes charging more for the same service makes them want it more, to them it means it’s premium programming (as opposed to the off-brand wish dot com programming). But sometimes they demand disgracefully cheap yet world-class service and throw a tantrum when they can’t pay you $5 an hour for a full rebranded recreation of the Amazon web service.
You missed the banks tripping over themselves to find a COBOL programmer. My father makes stupid amounts of money (read, $400-$1600 per hour) maintaining bank COBOL systems. My father is in his 70s.
COBOL is almost as much of a PITA as Lisp, but no one, not even the US Military that developed Lisp will pay the really big bucks to maintain it.
I think people like your father make bank because even though new programmers could learn COBOL, that wouldn’t be enough for them to be able to fulfill the same niche your father and other established COBOL programmers occupy; any programming language has a disparity between “the proper way to do things”, and the kind of kludges you see in the field, but few have the kind of baggage that COBOL does, in terms of how long it’s been around and having things built on top of it.
That’s probably true. My father has been developing in COBOL since the '70s. I didn’t bother learning it because I was under the impression that he was being paid more for experience than his basic skills.
not sure what you’re talking about with lisp lol, the military may have some dialect they wrote but lisp started as an academic language and there’s plenty of still supported and used dialects outside of that
It’s pretty simple isn’t it? If you want to be paid a lot of money, learn how to do what other people can’t or won’t. In the software industry those opportunities are all over the place. You just need to find it and take it.
buddy there are a lot more reasons to be more than cynical about the economy, take a good look at things and you’ll probably want to bring out the pitchforks.
I went to school for electrical engineering, my first job was at an architecture firm designing the electrical stuff for buildings (including making all the electrical drawings for bank branches so we had some professional crossover 😋), and I ended up teaching myself software to automate a bunch of our designs and processes. I was literally directly making building design and construction more efficient … Buuuut… The arch industry pays poorly and I realized they was no way of ever owning a house at the pace I was going so I left for software and doubled my salary in like 2 years. I went from senior electrical engineer to intermediate software engineer and saw a 50% increase… All in a country experiencing a massive potentially existential housing crisis, and the industry pay disparity directly incentivized me to stop working on it and go work doing mostly bullshit software work.
The software industry is grossly overpaid for how hard we work and for how critical our relative contributions are to society, though even in the software industry the pay is incredibly distorted. Orders of magnitude more money goes to random social media bullshit and VC startups that go nowhere than to mission critical teams doing stuff like maintaining security and access control software.
I think it really just comes down to scale. Relative to other professions there aren’t that many software engineers, but the work produced by each one has the potential to reach an extremely wide user base. Someone working at Google could write code that gets deployed on a billion devices. This is pretty clear when comparing between different software engineering roles as well. Companies that serve a global market pay significantly better than local companies.
On top of that, there’s no supplies or logistics required for software engineering. It just takes one person and a computer, so expenses are minimal compared to other engineering disciplines.
I think it makes perfect sense. Those people are building something from scratch. That’s a lot more responsibility and skill needed than to maintain a tiny part of a huge well established system. The people capable of doing an A+ job at building something totally new are very few and far between and the competition to hire them is fierce. The best way to move up in this industry is to build up your skill and jump ship to a new job as soon as your skill has outpaced your salary.
Christians are so desperate to ignore Christ that they literally made up a gate that they called The Eye of the Needle and said that’s what Christ was talking about. This gate, which definitely never existed and was not at all what Christ was referring to, was supposedly a bit narrower than other gates and a camel could get through it if it was only carrying a moderate amount of wealth rather than an extreme amount.
It’s still impossible to get a rope through the eye of a needle unless a rope and a thread can be used interchangeably. I’m not much of a language expert to say for sure lol
According to the Lexham Bible Dictionary, “most scholars reject this interpretation because the meager textual evidence most likely can be attributed to speculations about this verse by some church fathers.”
I talked to one of the authors of the New American Bible, who told me the text is a mistranslation, and it’s more like “harder than putting a rope through the eye of a needle”, which would’ve been an idiom familiar to the fishers in the area.
It means “impossible”, which is suitable because the things Jesus called for you to do make a rich person into a not rich person, as far as material wealth goes.
According to the Lexham Bible Dictionary, this interpretation “dates back to the fifth century and suggests that kamelos, the Greek word for camel, should actually be read as kamilos, which denotes a rope or a ship’s anchor cable. … However, most scholars reject this interpretation because the meager textual evidence most likely can be attributed to speculations about this verse by some church fathers (Origen, Cyril of Alexandria; see Fitzmyer, Luke, 1204; Barclay, Matthew, 239).”
They also disagree with the gate interpretation, saying that “Scholars have found no historical foundation for this view, and no evidence supports the existence of such a small gate in Jerusalem’s walls.”
The problem I have with this meme post is that it gives a false sense of security, when it should not.
Open or closed source, human beings have to be very diligent and truly spend the time reviewing others code, even when their project leads are pressuring them to work faster and cut corners.
This situation was a textbook example of this does not always happen. Granted, duplicity was involved, but still.
In many ways, distributed open source software gives more social attack surfaces, because the system itself is designed to be distributed where a lot of people each handle a different responsibility. Almost every open source license includes an explicit disclaimer of a warranty, with some language that says something like this:
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
Well, bring together enough dependencies, and you’ll see that certain widely distributed software packages depend on the trust of dozens, if not hundreds, of independent maintainers.
This particular xz vulnerability seems to have affected systemd and sshd, using what was a socially engineered attack on a weak point in the entire dependency chain. And this particular type of social engineering (maintainer burnout, looking for a volunteer to take over) seems to fit more directly into open source culture than closed source/corporate development culture.
In the closed source world, there might be fewer places to probe for a weak link (socially or technically), which makes certain types of attacks more difficult. In other words, it might truly be the case that closed source software is less vulnerable to certain types of attacks, even if detection/audit/mitigation of those types of attacks is harder for closed source.
It’s a tradeoff, not a free lunch. I still generally trust open source stuff more, but let’s not pretend it’s literally better in every way.
It’s a tradeoff, not a free lunch. I still generally trust open source stuff more, but let’s not pretend it’s literally better in every way.
Totally agree.
All the push back I’m getting is from people who seem to be worried about open source somehow losing a positive talking point, when comparing it to close source systems, which is not my intention (the loss of the talking point). (I personally use Fedora/KDE.)
But sticking our heads in the sand doesn’t help things, when issues arise, we should acknowledge them and correct them.
using what was a socially engineered attack on a weak point in the entire dependency chain.
An example of what you may be speaking about, indirectly. We can only hope that maintainers do due diligence, but it is volunteer work.
In the broader context of that thread, I’m inclined to agree with you: The circumstances by which this particular vulnerability was discovered shows that it took a decent amount of luck to catch it, and one can easily imagine a set of circumstances where this vulnerability would’ve slipped by the formal review processes that are applied to updates in these types of packages. And while it would be nice if the billion-dollar-companies that rely on certain packages would provide financial support for the open source projects they use, the question remains on how we should handle it when those corporations don’t. Do we front it ourselves, or just live with the knowledge that our security posture isn’t optimized for safety, because nobody will pay for that improvement?
There are two big problems with the point that you’re trying to make:
There are many open source projects being run by organizations with as much (often stronger) governance over commit access as a private corporation would have over its closed source code base. The most widely used projects tend to fall under this category, like Linux, React, Angular, Go, JavaScript, and innumerable others. Governance models for a project are a very reasonable thing to consider when deciding whether to use a dependency for your application or library. There’s a fair argument to be made that the governance model of this xz project should have been flagged sooner, and hopefully this incident will help stir broader awareness for that. But unlike a closed source code base, you can actually know the governance model and commit access model of open source software. When it comes to closed source software you don’t know anything about the company’s hiring practices, background checks, what access they might provide to outsourced agents from other countries who may be compromised, etc.
You’re assuming that 100% of the source code used in a closed source project was developed by that company and according to the company’s governance model, which you assume is a good one. In reality BSD/MIT licensed (and illegally GPL licensed) open source software is being shoved into closed source code bases all the time. The difference with closed source software is that you have no way of knowing that this is the case. For all you know some intern already shoved a compromised xz into some closed source software that you’re using, and since that intern is gone now it will be years before anyone in the company notices that their software has a well known backdoor sitting in it.
None of what I’m saying is unique to the mechanics of open source. It’s just that the open source ecosystem as it currently exists today has different attack surfaces than a closed source ecosystem.
Governance models for a project are a very reasonable thing to consider when deciding whether to use a dependency for your application or library.
At a certain point, though, that’s outsourced to trust whoever someone else trusts. When I trust a specific distro (because I’m certainly not rolling my own distro), I’m trusting how they maintain their repos, as well as which packages they include by default. Then, each of those packages has dependencies, which in turn have dependencies. The nature of this kind of trust is that we select people one or two levels deep, and assume that they have vetted the dependencies another one or two levels, all the way down. XZ did something malicious with systemd, which opened a vulnerability in sshd, as compiled for certain distros.
You’re assuming that 100% of the source code used in a closed source project was developed by that company and according to the company’s governance model, which you assume is a good one.
Not at all. I’m very aware that some prior hacks by very sophisticated, probably state sponsored attackers have abused the chain of trust in proprietary software dependencies. Stuxnet relied on stolen private keys trusted by Windows for signing hardware drivers. The Solarwinds hack relied on compromising plugins trusted by Microsoft 365.
But my broader point is that there are simply more independent actors in the open source ecosystem. If a vulnerability takes the form of the weakest link, where compromising any one of the many independent links is enough to gain access, that broadly distributed ecosystem is more vulnerable. If a vulnerability requires chaining different things together so that multiple parts of the ecosystem are compromised, then distributing decisionmaking makes the ecosystem more robust. That’s the tradeoff I’m describing, and making things spread too thin introduces the type of vulnerability that I’m describing.
I just a Mutualist who wants worker consumer cooperatives and housing cooperatives to be the only way to form businesses. Unless someone has a direct stake in the firm, they shouldn’t be able to benefit from it. No rent seeking, no venture capital, no bureaucracy.
lemmy.ml
Top