Debian User Forums

Posted: **2014-09-04 15:59**

From a thread on linuxquestions.org's forums called "What are the advantages/disadvantages of using systemd versus sysvinit?":

IMHO a dynamic init is better for desktops where reboot speed is more important...

<rant>This reminds me of certain hardware vendors offering "gaming" SSDs that "allow you to boot in less than ten seconds"...to the tune of ~$400 USD. How often do you need to reboot, and if so, why is the miniscule savings in time worth $400?</rant>

Posted: **2014-09-05 01:55**

I use

Code: Select all

Package: libsystemd-*
Pin: origin ""
Pin-Priority: -1

in /etc/apt/preferences to be certain no parts of systemd get installed

Posted: **2014-09-08 02:26**

timbgo wrote: This is who I sent the message Saturday 14:58 CET (which I believe is GMT+2):

That was around August 16 give or take a day. Not looking it up, but from memory and the files available (I keep the publictimestamped files of what I post).

wookey _at_ wookware dot org
tg _at_ debian dot org
alex904633 _at_ mail dot ru
vorlon _at_ debian dot org
jch _at_ pps dot univ-paris-diderot.fr
steve _at_ einval dot com
alessio _at_ debian dot org
stse+debian _at_ fsing dot rootsland.net
preining _at_ logic dot at

And this is what I sent:

http://www.croatiafidelis.hr/gnu/pts/De ... RAPPED.txt

( there are other files in that directory:
http://www.croatiafidelis.hr/gnu/pts/
all starting with "Deb_DD_mail_140816cor", some are signatures, some publictimestamps. The domain is fine, the hosting is great, just if some leviathans, read below on those, start eating small fry and you can't open those, pls., do tell here openly!
...[snip]...

A leviathan, of a smaller kind but to which I am sill just small fry, probably discovered.

At least a clear suspect is there! I am being tragicomical, because it's both sad and comical really. Read on.

However, like I haven't seen in long time, last night and today: no messages, and knowing that some of the above, like Wookey and mirabilos (the first two addresses), the Russian (third address)... and also Juliusz who started the thread, would probably have replied to my message...

Knowing their concern and their views in regard to the matter of this topic, I worry that they may have not received my electronic mail.

Surely some of the above DDs may have been busy to even look up their mailbox. Sure. But how likely is it that all of them have?

Also worth noting, although less likely the case (I am inclined to suspect my mail in question was not sent at all):

Or, if these fine Debian Developers have replied, I worry that they could be led to believe how I might not be serious about the matter.

I have regard for other Debian Developers who I wrote to above, even if I tell some of them off a little sometimes. I actually chose who to write to based on who discussed the matter, not only who I agree with on the matter discussed. I don't talk behind people's back.

And I am earnest about this matter which I wrote to them about.

Pls. dear Debianers, take heed of this necessity of mine:

So I hereby kindly ask the friends and acquantainces of the above developers, who will recognize their email addresses, to call their attention to the message that I sent them, and to the other facts about the strange lack of any emails arriving in my mailbox, almost none from anywhere, for the latest some cca 24 hours.
Thanks in advance!

The following is still standing. It's my slow work, I'm oldish, not fresh like most of you... although I'm getting really tired in getting to make any progress in this no-systemd-Debian-as-option-please matter:

Else, regardless of previously having decided that I wasn't qualified to participate in the discussion on the debian-devel, I will have to try and inform the DD list briefly of this topic "How to avoid stealth installation of systemd?" on this System configuration section on our Debian Forums, that is started by me with the input of hours upon hours long sifting through their discussions in the same-name topic on debian-devel list.

As I said above, a smaller kind of an mail-eating leviathan discovered. The post where you can check on it, and even be provided more solid proofs by me, under circumstances there explained, is the Gentoo topic further below.

That topic is rather marginally dedicated to that mail-eating leviathan, because its eating of mail was discovered by pure chance of the circumstance of the mail perfectly correctly sent by my programs and ready to be perfectly correctly received to be processed at the mail gateway of my hoster of domain CroatiaFidelis.hr, not being let through.

Because this smaller bread of mail-eater leviathan wouldn't let my support question, my one mail to one address through, and that one mail was to the hoster of my domain which I also pay for... that mail-eater, Iskon.hr, a Croatian provider, wouldn't let that mail through in the name of, wait, pause for breath:

spam

################################################################
Postfix smtp-tls-wrapper, Bkp/Cloning Mthd, a Zerk Provider
https://forums.gentoo.org/viewtopic-t-999436.html
################################################################

So that kind of provider certainly did not reliably send my mail to the addresses above. Nope!

Pls. dear Debianers, somebody take heed of this necessity of mine, and do the following (I'll give the little sed scriplet here so even less advanced users can more easily help):

Select the code below with a mouse or otherwise.

Code: Select all

#!/bin/bash
echo "wookey _at_ wookware dot org" | sed 's/ _at_ /@/' | sed 's/ dot /./' 
echo "tg _at_ debian dot org" | sed 's/ _at_ /@/' | sed 's/ dot /./' 
echo "alex904633 _at_ mail dot ru" | sed 's/ _at_ /@/' | sed 's/ dot /./' 
echo "vorlon _at_ debian dot org" | sed 's/ _at_ /@/' | sed 's/ dot /./' 
echo "jch _at_ pps dot univ-paris-diderot.fr" | sed 's/ _at_ /@/' | sed 's/ dot /./' 
echo "steve _at_ einval dot com" | sed 's/ _at_ /@/' | sed 's/ dot /./' 
echo "alessio _at_ debian dot org" | sed 's/ _at_ /@/' | sed 's/ dot /./' 
echo "stse+debian _at_ fsing dot rootsland.net" | sed 's/ _at_ /@/' | sed 's/ dot /./' 
echo "preining _at_ logic dot at" | sed 's/ _at_ /@/' | sed 's/ dot /./'

Next, in a terminal, do:

Code: Select all

$ cat > real_mail_addresses.sh

The command prompt won't be returning. It is awaiting for you input. Now paste
what you have just copied into that terminal.

Next:

Code: Select all

$ chmod 755 real_mail_addresses.sh

And simply run the scriplet:

Code: Select all

$ ./real_mail_addresses.sh

There you have the addresses to send the topic in which you are reading this here text, which is best to send because it has all the references, and the news how the mail was very probably not really sent by my provider, and without any notice to me the paying customer of theirs as to why it wasn't sent.

Pls. notice that this is only the probable course of events that had taken place back then. The likelihood that it happened so indeed, now that I have caught this completely sick case of censorship, can be said to be pretty high though.

So simply just send to those addresses these two lines, please:

How to avoid stealth installation of systemd?
http://forums.debian.net/viewtopic.php? ... 84#p552484

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
======= cut off from this line to end if verifying hashes =======
File corresponding to this post: Deb_no_LPware_140908_from_140817.txt,
has Publictimestamp # 1240778
--
publictimestamp.org/ptb/PTB-21565 sha256 2014-09-08 00:01:45
28465A93D3A5549FB6FCA47AC54AFD30D4DDF904683856906997011AAE71F4CA

Posted: **2014-09-08 02:39**

adenukolnis wrote:I use
Code: Select all
Package: libsystemd-*
Pin: origin ""
Pin-Priority: -1
in /etc/apt/preferences to be certain no parts of systemd get installed

Tired, wee hours here. Excuse me for not checking...
Is that what, IIRC, the Russian Vasily suggested on the same-name thread on the DD mail-list?

I guess. As soon as I find time will try it.

But I've used Debian less, am more familiar with Gentoo emerge, than Debian apt (and I don't like aptitude so much)...

I have that systemd in there. If I put those lines where they need to be put (once I find time and refresh and recollect), will that do the trick to remove systemd?

Or is it just for systems without systemd, so that it would not get installed?

Miroslav Rovis
Zagreb, Croatia
www.CroatiaFidelis.hr

Posted: **2014-09-08 08:41**

I am afraid those lines tell apt what it must not install. Probably, you need to do some research to verify whether init is supported by your system.

On my Jessie system I explicitly removed systemd.

Posted: **2014-09-08 09:20**

timbgo wrote: Is that what, IIRC, the Russian Vasily suggested on the same-name thread on the DD mail-list?

Probably. Or something similar.

will that do the trick to remove systemd?

No, you use apt or your favorite package manager to switch from systemd to sysv.

Or is it just for systems without systemd, so that it would not get installed?

It would block installation of libsystemd.

Posted: **2014-09-08 10:11**

adenukolnis wrote:
will that do the trick to remove systemd?
No, you use apt or your favorite package manager to switch from systemd to sysv.

C'mon adenukolnis, I know I need to use apt to install things

.

adenukolnis wrote:
Or is it just for systems without systemd, so that it would not get installed?
It would block installation of libsystemd.

Yeah, it might not uninstall anything.... yeah, although...

edbarx wrote:I am afraid those lines tell apt what it must not install. Probably, you need to do some research to verify whether init is supported by your system.
On my Jessie system I explicitly removed systemd.

...Although I might probably be simply able to remove it.
Thanx, adenukolnis, and thanx, edbarx.

I'll report back here if I am able it uninstall it successfully (it's my slowliness which is dragging me currently on other non-related things that I do, though).

Ah, if anyone could try and tell those people that got us this howto draft (that's what it is). We could improve the fate of many a Debian user, if we get those experts, esp. Wookey and mirabilos, to help us with their advice... Maybe. Anyone could send to those my probably not-really-sent letter?:
http://forums.debian.net/viewtopic.php? ... 85#p552484

And, if I can revive the suggestion that I made here:

[ same topic that you a re reading ]
http://forums.debian.net/viewtopic.php? ... 15#p550749

timbgo wrote: Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php? ... 96#p550383

I gave the link, because it really would be great if someone made a your-machine-without-systemd-howto Tip, that people could use.

Probably if one would wait for me to do it, it would be weeks if not months, and could already be late, if it would be at all.

We must try and get users to understand these issues. I'm simply having common goods, freedom, attitude here, nothing else.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

Posted: **2014-09-08 10:30**

Discontent with systemd will inevitably motivate those who can create alternatives to code new solutions. It has always worked that way, not only where software and computers are involved, but in many other unrelated areas. Discontent was what caused dictators and emperors to fall. There is nothing, apart from death, that can stop human beings from devising alternatives. Desktops, together with their software, need not be tied to one 'server', that is, systemd. This can be coded in many ways as follows: (this is a proof of concept, so the function and file names are not real)

Let us assume this is the original file hardwired to use systemd explicitly.

Code: Select all

#include <systemd.h>
....
var_ex = getSystemdService();
....

The modified code would only contain a replacement of the systemd.h header leaving the code intact.

Code: Select all

#include "replacesystemd.h"
....
var_ex = getSystemdService();
....

Then, replacesystem.h would use the same function name to implement it in some other way as to avoid the hard dependence of systemd.

Posted: **2014-09-08 11:18**

edbarx wrote:Discontent with systemd will inevitably motivate those who can create alternatives to code new solutions. It has always worked that way, not only where software and computers are involved, but in many other unrelated areas. Discontent was what caused dictators and emperors to fall. There is nothing, apart from death, that can stop human beings from devising alternatives. Desktops, together with their software, need not be tied to one 'server', that is, systemd.

+1
M.R.

Posted: **2014-09-08 14:29**

edbarx wrote:Discontent ....... will inevitably motivate those who can create alternatives to code new solutions.

Isn't that how we got systemd?

I still have to wonder why anyone would want to use systemd-this-part, systemd-that-part, systemd-some-other-part, and then instead of just using systemd as init as designed and intended, they instead count on some magical shim to act as a go between. The latter sounds nuts to me. Sounds even crazier considering the shim project is only a year old, and cgmanager even younger.

Posted: **2014-09-08 15:10**

@ adenukolnis ( meandean's ghost? )
Destabilise and brainwash, that is your 'contribution'. You think, you can control me? Your attitude is one belonging to pre-World War II.

I pity you.

Posted: **2014-09-08 15:37**

adenukolnis wrote:
edbarx wrote:Discontent ....... will inevitably motivate those who can create alternatives to code new solutions.
Isn't that how we got systemd?

Wrong!
But edbarx leave it. If is is intentional denigration (I can't judge, don't know), it vanishes with good things that shine, which you do.

The focus of ours here should be on returning the option of freedom from systemd and friends for the users.
Common good.
Myself, after seeing that the following on my Grsecurity Tip has surged significantly, although I am risking time to do it, from other things, I have decided to try and do for non-systemd-Debian.

But one at a time, go these things in my Debian updating ways.

I just fixed an inconsistency in:
https://github.com/miroR/jigdo-automate-scripts
and tried to make it more friendly to newbies.
And am using it to download jigdo DVDs.

edbarx, is that the jessie you were talking about? From testing branch like my jigdo-automate-scripts ?

If so, once I download it, and it will take time, I'm only yet at debian-testing-amd64-DVD-2.iso, last update a month and a half ago (like in the README:
https://github.com/miroR/jigdo-automate ... ter/README
that is: Jul 22 13:17 )
then the next thing is the Grsec patched kernel, and upload it on http://www.croatiafidelis.hr/gnu/deb/, and then...

This is what I feel I need to do (I'll try hard to):
then, with my insufficient knowledge of Debian, I'll try and follow what you suggest, and what originally probably Vitaly suggested, long ago now.

And I believe I should try and do it in the System configuration section, because then it won't be just discussion, but real work. I guess.

I'd like to show step by step, so others can do it, how to uninstall systemd and live without it.
Much later, maybe in the evening or later on, tomorrow, this is lots of work, on a slow machine like mine, on top of the slow connection.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

Posted: **2014-09-08 15:49**

timbgo, denigration will not affect me. It is a well known fact that some still use the psychological control strategy of destabilise and brainwash when they have no arguments. If the poster wants attention, he has to seek it in civilised ways.

Attempts at psychological control will not work.

Posted: **2014-09-08 16:44**

You didn't notice my question there, edbarx. I guess it was just oversight.
Never mind.

But can i tell you what I really fear is happening with these strange transitions such as systemd?
I mean what I fear for me, and for anyone else, when these not-in-the-spirit-of-GNU changes take most of the distros? What I think is the danger we are facing?

Right now I'm online, and I just don't anymore feel safe. Do you want me to tell you why, as far as I see and understand it, however imperfectly that I do?

M.R.

Posted: **2014-09-08 17:47**

timbgo wrote:You didn't notice my question there, edbarx. I guess it was just oversight.
Never mind.

The main problem with systemd is the same one afflicting proprietary products whatever they happen to be. It is control by corporate bodies in an attempt to appease their customers to maximize their profits. However, this unwelcome control goes against the spirit of GNU/Linux where lock-ins were a blasphemy a few years back.

GNU/Linux should be an ecosystem where freedom is what empowers innovations. Software lock-ins are diametrically opposite and attempt to streamline software. This means, diversity and choice will suffer.

It is not a question of rejecting systemd but rather a question of rejecting its attempt at creating lock-ins. systemd may have its place in newbie friendly distributions as it tries to integrate the system. However, this should not be done at the expense of killing diversity and choice.

Posted: **2014-09-08 18:35**

I enjoy reading your lines. That's a very accurate description of the state of GNU/Linux and the perils we face as free community.

But there is more.

Tell me, you, edbarx, or other readers, what is there to derive from:

False Boundaries and Arbitrary Code Execution
https://forums.grsecurity.net/viewtopic.php?f=7&t=2522

Don't miss to take notice, if you skim through there, lines like "backdooring a system" and such.

M.R.

Posted: **2014-09-08 19:16**

As I see it, security is a never ending battle. The level of security of a system also depends on the purpose of the system and what data that system holds. This is how experts on security view it which is more than logical. If you want to lift 1000 Kgs a vertical height of 10 stories, you don't hire a crane that can lift 300 tons.

Posted: **2014-09-08 20:03**

Yeah, well... I don't reckon users' privacy unimportant.

I was reading a few days ago a fine, unmaintained but historical short series of articles by Daniel Robbins, the man who started Gentoo, but is not anymore the leader.

Here's the article:
OpenSSH key management, Part 1
http://www.gentoo.org/doc/en/articles/o ... ent-p1.xml
and it's easy find the remaining part 2 and 3, links in bottom.

Sadly, oldish as I am, I would now need to reread it to have fresh arguments in mind...

Never mind. I can offer what I do find amazing about him (what I wonder is how could he have, it appears, left Gentoo in some harder times, and spent time with Microsoft?...)... But what I find amazing about him is how he admits wen things go wrong in a program of his.

Find on Part 3:
http://www.gentoo.org/doc/en/articles/o ... ent-p3.xml

Daniel Robbins wrote: I received an e-mail from Charles Karney of Sarnoff Corporation, who politely informed me of OpenSSH's new authentication agent forwarding abilities, which we'll take a look at in a bit. In addition, Charles emphasized that running ssh-agent on untrusted machines is quite dangerous: if someone manages to get root access on the system, then your decrypted keys can be extracted from ssh-agent. Even though extracting the keys would be somewhat difficult, it is within the skill of professional crackers. And the mere fact that private key theft is possible means that we should take steps to guard against it happening in the first place.

and an interested reader can read more there.

On the other hand, when, back then, that is quite a few days ago actually, last month, when I was looking into keychain and things, I was surprised to find it used by dbus.

This is currently running on my system, this one that I connect to internet with:

Code: Select all

$ ps aux | grep ssh
root      2184  0.0  0.0  54976  1004 ?        Ss   Sep06   0:00 /usr/sbin/sshd
mr        2447  0.0  0.0  10592    32 ?        Ss   Sep06   0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session x-session-manager
mr       15141  0.0  0.0  19980  1796 pts/9    S+   21:48   0:00 grep ssh
mr@naibd6:/Cmn/mr$

And this is not something I installed, but probably a dbus "requirement"...

I doubt that a user can get a completely truthful explanation so easily, publically, on why is this needed, what does it do, and the rest. Not such open explanation like in Daniel's article.
M.R.

Posted: **2014-09-08 20:20**

Actually, privacy is sacrosanct, let alone it being unimportant.

What I said, means that security measures have to be in proportion with the purpose of the machine. On my home computer, I have arno-iptables-firewall, privoxy, adblock plus and no-script installed. I also clear cokies every session automatically. With this, still some websites refuse to give me access because of my 'stringent' security. A shining example is disqus.com. I think, disqus thinks my system is used for cracking although I never did anything of the sort. I remember another website that refuse me access: comcast.com.

Posted: **2014-09-08 21:07**

Maybe I worry too much, but given the easiness an expert can own your system today, because of the treason, yes, allowing such hooks into the kernel is Linus' own treason on the users of his kernel...

What did he think? That no one would read out what those software architecture that goes by the name linux capabilities is for, apart from what it is on the surface?

I thank whom you name (us Christians, and Muslims and other religions, thank God), but if you want me to, I thank the god GNU, if you want, for the fact that such honesty is there in such genius, Brad Spender Spengler, which is maybe the sole match to Linus Torvalds in among the known security experts, for us the general GNU/Linux population, to have that article available for reading.

To me that is one of the most important revelations in computing ever!

Go read it again, whoever is reading this post. There's so much in there!

And couple that with the fact that dbus, which is part of poetteringware architecture, uses ssh-agent for some arcane purposes... Which purposes? ssh is for encryption, and I am allowed to encrypt things in my computer... Only me.

But dbus, consolekit (which may have gone away, replaced with same functionality in systemd itself, whatever)... and such stuff... Uh-uh! I don't like them encrypting, because such programs are done for multiple "seats" (that is their terminology). That is, not just the user sitting at his computer, but other "seats" as well!

I'm scared. Scared for losing my privacy in my own computer.

This is not off topic. Systemd is there for such purposes as I claim above. The plutocracy few people who started those false GNU projects, that can go by the name poetteringware just fine, the unknown to the public small bunch supported by a multitude who care solely/predominantly/sufficiently for their interests more than for the common interest (which, the common good, the GNU was all about since its inception, the freedom and the common good)...

Those tiny fraction of the one percent kind of people who got these projects going, through corporate capital, and with that huge support they are getting from people who care for common good from too little to up to being able to outright easily sell their neighbor, let alone common good!...

...They are taking away all the freedom and common good away from our GNU/Linuces...

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

Debian User Forums

How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?

Re: How to avoid stealth installation of systemd?