[Linux-aus] contest proposal

Russell Coker russell at coker.com.au
Tue Jan 2 21:58:53 AEDT 2024 

On Tuesday, 2 January 2024 15:46:37 AEDT Russell Stuart via linux-aus wrote:
> To be clear I wasn't arguing against the proposal. I was (perhaps badly)
> trying to point out that the issue has a much broader impact. To me
> those impacts are more important than the one Russell raised.

I think it's good to discuss the issues surrounding this, among other things 
it will be educational for the people who haven't lived through the changes in 
technology that some of us have experienced.

> What concerns me now is the library version proliferation thing I
> mentioned earlier.

I personally oppose a lot of the stuff that's happening with containers which 
is making these issues worse.

> And the thing that replaced a 3270 (the browser) is
> so bloated, Debian with the resources of a 1000 developers can't
> maintain it.

The point of the Debian project is NOT to maintain major applications but to 
maintain patch sets of local differences and to take bug reports from users 
that apply to the upstream code and submit them upstream in the appropriate 
manner.

> And at the risk of starting a flame war, if I want to use
> systemd as in init system (and you'll get no argument from me that isn't
> a very fine init system), I am forced to compile 1.9 million lines of
> intertwined code that isn't related.

Systemd is larger in some ways, but provides some new and better tools for 
managing things.  "systemd-analyze critical-chain" to diagnose boot 
performance and "systemd-analyze security" to show the security features of 
each daemon.  Also with daemons started by systemd instead of shell scripts 
you don't have the issue of a compromised daemon being able to stuff key 
presses into the sysadmin input buffer and by default daemons are denied 
access to /home.  You get significant benefits from systemd and on Debian etc 
you don't have to compile it just use the packaged version.

> These are problems created by my engineering discipline, and must be
> solved by us. We just need the motivation to do it. It is going to need
> a *lot* of motivation. Debian has almost religious level objection to
> taking code thrown over the wall, but it was forced to do it with
> Chromium and Firefox. I suspect it won't come from resource utilisation,
> partially because there are already a lot of small, open source projects
> dedicated to that role out there. The prime motivation of Alpine Linux
> is just that.

https://en.wikipedia.org/wiki/Alpine_Linux

The complexity of web browsers is immense, that makes it difficult to treat 
them like other software.  Alpine is not like regular distributions, but it's 
something that could do with more attention.

> I'm pretty sure it's near impossible to make these large
> non-decomposable systems bug free, which in turn implies they can't be
> made secure either.

Same goes for all software.  But systemd etc are modular and run parts with 
minimum privs.  A containerised sandbox is a standard feature in a web browser 
nowadays.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

More information about the linux-aus mailing list