On 02/16/2017 06:06 AM, Philip Hands wrote: > Luke Kenneth Casson Leighton <l...@lkcl.net> writes: > >> --- >> crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68 >> >> >> On Thu, Feb 16, 2017 at 9:12 AM, Philip Hands <p...@hands.com> wrote: >>> Luke Kenneth Casson Leighton <l...@lkcl.net> writes: >>> >>>> if systemd is so bloated and all-encompassing that it in effect >>>> demands *all* privileges (it doesn't, but you know what i mean), it >>>> utterly defeats the object of having the security system in the first >>>> place. >>> This appears to be another instance of you conflating the init process >>> with the project, but perhaps I'm misunderstanding you. >>> >>> Are you claiming that systemd (the init) uses forks where sysvinit uses >>> execs? >> i don't know how you conclude i would say that when i don't mention >> sysvinit. why would there be an implication of sysvinit being >> involved when it's not mentioned? > Well, if you're saying that systemd is bad, it must be bad relative to > something else since if the nearest likely alternative e.g. sysvinit does > pretty-much the same thing then you're really saying very little. > > The Daily Mail will cheerfully tell you that Coffee causes cancer, which > is probably true, but only at about the same rate as pretty much > everything else one could imagine consuming, so ... no news. >
Coffee cures cancer? Sounds like you have been listening to todd talks too much. sorry couldn't resist. ;) >> i'm saying that SE/Linux's security model is based on the isolation >> of exec. but, that if the sheer overwhelming number of programs being >> exec'd is so huge, it becomes pretty pointless to even *have* such >> isolation. > Systemd execs a lot of things by dint of it being the system's init, > does it not? This sounds almost like you're claiming that SElinux isn't > capable of modeling any implementation of the init task. > > That's why I was trying to tease out something about what makes this > unique to sytemd from you. Hence the mention of sysvinit. > >> i provide this as a guide *without* spending the time to assess >> actual instances... because it's not my job to do so. and, also, with >> the sheer overwhelming number of *other* factors (all of them >> individually low-probability events), when combined using >> demster-shafer information theory, you don't *need* to go in-depth: to >> do so is completely pointless. >> >> basically i'm saying, phil, knocking down one skittle by spending the >> time to track down one "hole" in what i say, is pointless. the entire >> design and deployment of systemd is like a dam made of swiss cheese. >> >> there simply aren't enough fingers to plug all the hundreds of >> flaws... so there's little point in trying. this response (one of a >> long line of reasons why i will never *ever* use systemd) is just one >> response from a different angle, one that i have had at least one >> person publicly express gratitude for taking the time to explain, and >> one privately. who knows well enough and is old enough and ugly >> enough *not* to get involved in the cluster-fuck known as systemd. > I'm not trying to knock down skittles -- I'm trying to see whether what > you're saying has any substance behind it, or is simply hand waving. > > Cheers, Phil. We should trust Luke okay? now can we all please drop this entire subject now? please? > > > _______________________________________________ > arm-netbook mailing list arm-netbook@lists.phcomp.co.uk > http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook > Send large attachments to arm-netb...@files.phcomp.co.uk
_______________________________________________ arm-netbook mailing list arm-netbook@lists.phcomp.co.uk http://lists.phcomp.co.uk/mailman/listinfo/arm-netbook Send large attachments to arm-netb...@files.phcomp.co.uk
