boycott systemd

(link collection)

http://boringtech.com/blog/2014/08/systemd-is-just-wrong/

SystemD – it keeps getting worse

http://judecnelson.blogspot.de/2014/09/systemd-biggest-fallacies.html

http://ewontfix.com/14/

http://draketo.de/light/english/top-5-systemd-troubles

http://monolight.cc/2011/05/the-systemd-fallacy/

http://ewontfix.com/15/

http://wizardofbits.tumblr.com/post/45232318557/systemd-more-like-shit-stemd

http://www.omgubuntu.co.uk/2011/05/gnome-to-drop-support-for-bsd-solaris-unix

http://lwn.net/Articles/520892/

http://unix.stackexchange.com/questions/150975/what-is-needed-for-a-minimal-systemd-boot-to-launch-getty-on-a-virtual-console

systemd is just wrong

Stop the madness before it is too late!

If you are a desktop linux user, especially if you like Gnome, there’s a big change (risk) that you are using systemd. Fine. No problem. Good for you.

If you however want to be in control of your server, enjoy flexibility and simple-to-grasp concepts, pretty much the essence of unix for the last 40+ years, you have probably come across an init or rc script that you can read and understand, as well as figure out how to replace it with something else. Perhaps when switching from sendmail to postfix.

Computers still get faster and faster, especially in parallel processing power, and operating systems, especially with a graphic desktop environment, get more and more complex. Thus it makes sense to utilise the increased processing power by doing more things  at the same time, thereby reducing start times.

Another aspect of the increased complexity in todays computer systems are that, partly thanks to the open source software movement, these complex systems are built much according to the unix philosophy: modularly. You take generic pieces of software that does something (and doing it well), and stick them together. This way you get much functionality, built on stable components, which is much better than in the closed-source version, where everybody reinvents the wheel, only with less quality.

How can I say that? Mostly because of very simple mathematical proof:

  • software takes time to write
  • time exists only 24h each day
  • the human brain can only focus on 1 thing at a time
  • bugs can be found in software
  • software is written by humans with brains

Because there are bugs in software, the less software (smaller codebase) there is, the fewer number of bugs it can contain. Smaller, less complex software pieces are more stable than big monoliths. Making changes in a big monolith is more difficult than changing the internals of a small tool/module with a clearly defined interface. The small module can be replaced/rewritten and exchanged with something that implements the same interface, without affecting the functionality of the complex system using it.

What is systemd?

A very bad idea in many ways, that looks appealing in some other ways.

Why is it bad?

Because it replaces /sbin/init, (PID EINS! as the author titles the pages on his nullpointer blog). PID 1, /sbin/init is the most important program in a unix system. It is responsible only for reaping zombies, being the parent process of daemons, and initially starting the system (hence the name “init”). This is the only special process in a unix system, and it is in fact so special that if this process dies, the entire system (the kernel) dies.

What do we know about bugs and code size/complexity? How would we want our most important process? Small and bug-free? Big and bloated? I’d like to say it’s your pick, choose what you like, but with systemd it’s not that simple, because it infects the major linux distributions, gaining momentum and requiring everybody that writes system-oriented open system software to adapt to systemd. After a while it will be too much trouble to maintain compatibility with traditional/portable solutions that have functioned very well for 40+ years now. Things that work on Solaris, BSD, Linux, OS-X that change to systemd, will be Linux-only, because systemd is linux-only, and will never be ported to other kernels.

Remember when Gnome was a desktop environment that you could run on Solaris and BSD? Well, no more. Gnome will have dependencies on systemd, meaning that because systemd always will be linux-only, so will Gnome.I’m late to the party, screaming about this now, many years too late, but it is IMPORTANT. Someone is wrong on the internet. Many before me have been upset about systemd and the many ways in which systemd is bad. There are lists detailing the top 5 systemd troubles, other good summaries on why systemd is bad for you. Some funnier than others, but I very much recommend reading all the linked pages from this post. Most of them are much more insightful and debating than what I can show in this short blog post.

duty_calls

[Solved] pfSense 2.1 nanobsd boot from USB automatically

I just configured pfSense 2.1 on a m-itx board that I will use as my main firewall at home.

I’m replacing my Cisco ASA with pfSense, because I only have a ASA license for 10 simultaneous hosts on the inside talking to the outside, which cause some strange errors from time to time.

The first time I came across this license limit, I was really puzzled and started reconfiguring DNS to try to resolve the problem. Glad I eventually looked at the firewall syslog…

Anyway. pfSense is really great, and configuration is a breeze. I made a bootable USB flash drive, and configured it in a few seconds. My problem was that after each reboot, it didn’t find the USB drive unless I chose boot menu option 3.

What I went looking for was a way to make the USB boot option 3 the default.

It turned out that the only thing that option does is introduce a delay in the boot sequence, so that the kernel/modules have time to probe the USB buses.

The solution was easy:

  • enter the Shell (choice 8 after pfSense has booted)
  • remount the root filesystem rw to be able to:
  • add /boot/loader.conf/local containing:
  • kern.cam.boot_delay=10000

 

windows “tail -F” is called “SMS trace”

“SMS trace”/”trace32.exe” or “tracer.exe” for the command-line version of “tail -f” to continually monitor a growing log file can be found in the Microsoft Systems Management Server toolkit, nowadays called System Center Configuration Manager Toolkit (SCCM 2012).

Yay! I think I prefer cygwin + tail -f 🙂

Windows assign user privileges SeTcbPrivilege, SeCreateTokenPrivilege, SeAssignPrimaryTokenPrivilege to cyg_server user for sshd

To set up sshd on cygwin:

  1. install cygwin including the openssh package
  2. create local (or domain?) user “cyg_server” and make it member of the “Administrators” group
  3. gpedit.msc
  • Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment
  • right click “Act as part of the operating system” -> Properties -> Add User or Group
  • right click “Create a token object” -> Properties -> Add User or Group
  • right click “Replace a process level token” -> Properties -> Add User or Group

Perform a “gpupdate” to sync the policy changes in the domain.

  1. start a bash (cygwin terminal) with Administrative privileges
  2. mkpasswd -l -d YOUR_DOMAIN > /etc/passwd #(skip -d YOUR_DOMAIN if not using a domain)
  3. mkgroup -l -d YOUR_DOMAIN > /etc/group #(skip -d YOUR_DOMAIN if not using a domain)
  4. ssh-host-config -y
  5. “cygrunsrv -S sshd” or “net start sshd”

Done! 🙂

 

Outlook hangs with new account with missing credentials

Yesterday, at work, I was adding a group mailbox that I believed that I had access to, to my outlook 2010 client. For some reason only Microsoft knows about, this forces a restart of the outlook client.

It turned out that I didn’t have the permissions required to this shared mailbox, and when I started outlook it kept asking for username and password for that mailbox.

When I clicked “cancel”, outlook stopped responding for a long time, so navigating to the menu where I could remove the account again took an eternity.

The quick way to remove the account from outlook is, surprisingly, to use the control panel. There is a “Mail” function there. It takes you to the same mail account management dialog as from whithin outlook, only difference being that because outlook is closed, it doesn’t try to open the mailboxes, so I could remove the shared mailbox until I got the permission for it today.

gentoo gnunet build fails with MHD_post_process linker error

gnunet ebuild (zugaina layman overlay) fails with linker errors about MHD_destroy_post_processor and MHD_post_process ?

Add to /etc/portage/package.use:

net-libs/libmicrohttpd  messages

emerge libmicrohttpd again, and then emerge gnunet.

Success!

(at least for me)

RHEL6 apache httpd virtual host the proper way

My recipie for name based virtual hosts in separate directories on RHEL:

We place all the virtual hosts under a new directory tree /var/www/vhosts:

# yum install httpd
# mkdir /var/www/vhosts
# semanage fcontext -a -t httpd_sys_content_t /var/www/vhosts
# restorecon -Rv /var/www/vhosts
# mkdir -p /var/www/vhosts/{site1,site2,site3}/{logs,htdocs}
# chown -R apache:apache /var/www/vhosts

I recommend using the FQDN of each site instead of the words “site1”, “site2”, in these examples.

Create the file /etc/httpd/conf.d/vhosts.conf with appropriate content such as:

NameVirtualHost *:80

<VirtualHost *:80>
  ServerName site1
  DocumentRoot /var/www/vhosts/site1/htdocs
  CustomLog "/var/www/vhosts/site1/logs/access.log" common
  ErrorLog "/var/www/vhosts/site1/logs/error.log"

  <Directory "/var/www/vhosts/site1/htdocs">
     Options None
     AllowOverride All
     Order Deny,Allow
     Allow from 127.0.0.1
  </Directory>
</VirtualHost>

<VirtualHost *:80>
  ServerName site2
  DocumentRoot /var/www/vhosts/site2/htdocs
  CustomLog "/var/www/vhosts/site2/logs/access.log" common
  ErrorLog "/var/www/vhosts/site2/logs/error.log"

  <Directory "/var/www/vhosts/site2/htdocs">
     Options None
     AllowOverride All
     Order Deny,Allow
     Allow from 127.0.0.1
  </Directory>
</VirtualHost>

and so on

(Dont forget to set the Directory permissions properly. Above is just an example!)

Then activate the goodness:

# apachectl restart

Why is this method good?

1. Creating the vhosts.conf in conf.d doesn’t modify any vendor-supplied files, which means that we won’t lose them if we reinstall the package.

2. Keeping each virtual host and its logs under its own directory tree makes maintenance a breeze and permissions can be separated to give developers access to specific vhosts only.

officially best way to get up to date LAMP on RHEL6

Q: How do I update php, mysql, and apache on RHEL6 without breaking stuff?

A: Use the great packages from IUS!

1. set up the IUS repo

$ wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/x86_64/ius-release-1.0-11.ius.el6.noarch.rpm
$ wget http://dl.iuscommunity.org/pub/ius/stable/Redhat/6/x86_64/epel-release-6-5.noarch.rpm
$ sudo rpm -Uvh ius-release*.rpm epel-release*.rpm

2. make sure you have an up to date ca-certificates bundle installed.

3. See what php packages are available: yum list | grep -w ius | grep ^php

4. The “downside” (a minor inconvenience) of the greatness of the IUS is that the packages they build provides the same things as the original outdated redhat packages, but don’t obsolete them. This is intentional, and what makes me think it is the best way to obtain a current LAMP on RHEL or CentOS. What this boils down to is that the IUS packages have different names but cannot be installed at the same time as the RedHat/CentOS packages.
This means that we must uninstall the original packages (if they are installed) before we can install the more recent IUS packages.

IUS provides a neat yum plugin called “replace”, that can be used to do this en masse for a whole bunch of packages based on a certain name. If you have the stock packages “php”, “php-devel”, “php-common” and “php-cli” installed, you can “upgrade” them to the IUS php54 equivalents with a pretty oneliner like “yum replace php –replace-with php54“! (If you want to use the plugin, first install it with: “sudo yum install yum-plugin-replace“).

5. install the IUS packages the usual way if not using the replace plugin.

In case of RHEL6, postfix (terribly outdated 2.6.6) requires mysql-libs, so you cannot install mysql55 straight away. What I did was two-steps:

# yum erase postfix
# yum install postfix php54 mysql55-server

This means that I uninstalled postfix which was dependent on mysql-libs, and then reinstalled it at the same time as php54 and mysql55. Then it uses mysql55-libs instead.

================================================================================
 Package          Arch      Version               Repository               Size
================================================================================
Installing:
 mysql55          x86_64    5.5.31-1.ius.el6      ius                     9.1 M
 mysql55-server   x86_64    5.5.31-1.ius.el6      ius                     9.6 M
 php54            x86_64    5.4.16-1.ius.el6      ius                     2.7 M
 postfix          x86_64    2:2.6.6-2.2.el6_1     rhel-x86_64-server-6    2.0 M
Installing for dependencies:
 apr              x86_64    1.3.9-5.el6_2         rhel-x86_64-server-6    123 k
 apr-util         x86_64    1.3.9-3.el6_0.1       rhel-x86_64-server-6     87 k
 apr-util-ldap    x86_64    1.3.9-3.el6_0.1       rhel-x86_64-server-6     15 k
 httpd            x86_64    2.2.15-28.el6_4       rhel-x86_64-server-6    821 k
 httpd-tools      x86_64    2.2.15-28.el6_4       rhel-x86_64-server-6     73 k
 mailcap          noarch    2.1.31-2.el6          rhel-x86_64-server-6     27 k
 mysql55-libs     x86_64    5.5.31-1.ius.el6      ius                     783 k
 mysqlclient16    x86_64    5.1.61-1.ius.el6      ius                     3.8 M
 perl-DBD-MySQL   x86_64    4.013-3.el6           rhel-x86_64-server-6    134 k
 perl-DBI         x86_64    1.609-4.el6           rhel-x86_64-server-6    707 k
 php54-cli        x86_64    5.4.16-1.ius.el6      ius                     2.6 M
 php54-common     x86_64    5.4.16-1.ius.el6      ius                     894 k

Transaction Summary
================================================================================
Install      15 Package(s)

That’s all, folks!