nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux: concerns over systemd adoption and Debian's decision to switch

From: Miles Fidelman <mfidelman () meetinghouse net>
Date: Wed, 22 Oct 2014 16:49:49 -0400
Jeffrey Ollie wrote:

On Wed, Oct 22, 2014 at 3:22 PM, John Schiel <jschiel () flowtools net> wrote:

On 10/22/2014 01:30 PM, Valdis.Kletnieks () vt edu wrote:

On Wed, 22 Oct 2014 13:13:29 -0600, John Schiel said:


i was beginning to wonder how secure systemd is also.

One of the 3 CIA pillars of security is "availability".  And if
it's oh-dark-30, figuring out what symlink is supposed to be where
for a given failed systemd unit can be a tad challenging.  At least under
sysvinit, either /etc/rc5.d/S50foobar is there or it isn't(*).

Agreed, the "oh-dark-thirty" call outs will be harder to resolve but I'm
sure some folks will learn to deal with it. It's new and changes the job but
as was noted earlier, there is always change.

I disagree.  I believe that the features of systemd will make
"oh-dark-thirty" call outs easier to resolve, but only if you take the
time to familiarize yourself with the tools at hand *before* problems
happen.


Easier said then done.
1. Experimentation and learning curve take time. That's a real cost that's being imposed. It's not clear that the benefits outweigh the costs of the status quo. 

2. Assumes good documentation.  Not a given with systemd, as it stands now.
3. Assumes that problems are easy to track down. Harder to do with murky and monolithic code. (I still shudder the first time udev did something completely counter-intuitive at 0-dark-30, and that's from the same cast of characters.
4. More fundamentally, 0-dark-30 events are almost always unexpected (other than in the sense of Murphy's Law), and tricky to resolve - one has hopefully prepared for the expected. Hence, it's not completely clear that one CAN familiarize oneself in a meaningful way - particularly when talking about something as monolithic as systemd. That's one of the major reasons for keeping things modular, and keeping modules simple. 

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra
Previous By Date Next
Previous By Thread Next

Current thread: