i bet people will admire poettering's ability to innovate

​@@MacroAcc He is a Microsoft employee

I remain to be civil and kind as I only believe in love and not hate 😇

Civility is overrated

Tell that to the arch linux people

2035: LENNART/POETERRING

Tbf you should have written 2024: linux, as it refers to how most people forget it's actually GNU/LINUX btw

it will always be gnu/linux did you know it change in the 90s in the early 2000s and of course now... this is just linux being linux :)

​@@no_name4796TBF the comment is referring to how it is supposed to be and not how most people say it

​​@@petertillemans2231 Systemd is now a Microsoft software. Using systemd is using Microsoft software. The developer and maintainer is a Microsoft worker. Systemd had been compromised. Uninstall systemd. You don't use Linux for convenience, find a way.

linus torvalds - I only code in C because i can see how the assembly of it looks. modern developers - well i mean javascript exists, so might as well use it.

Maybe everything has been JavaScript the whole time... 😮

I agree with JS being not a nice language in system level layers. But what I understand it's really only for those rule files stored behind root permissions, and not the core software components. The way security is thought out in Polkit and Systemd is far better then sudo and probably other complex SUID binaries. Security is something you do not want to manage in 1000 different applications separately, but system wide in a well thought out way. Talking about programming languages, I think that new security critical software should absolutely be written in the Rust language, which is designed to be very safe from the ground up.

Yeah it's not really conventional JS either, it's a trimmed down version. It's actually surprisingly common to see JS dialects used for configuring complex security rules (Firebase is the last one I used)

@@jthoward I would actually HOPE if it's a changed and more limited implementation actually. Especially when it comes to value comparison. One of the huge problems of JS is strange ways of type coercions, due to which things like equality comparisons and other conditional code can dangerously go the wrong way. Not good in security critical code.

Well said... brutal haha

​@@Nunya58294Well said indeed.

ideas man, effective ones spread fast!

@@zyansheep Really-really bad ideas spread even faster. Consider heated seats in a car being a subscription.

@@kensmith5694 If you imply that systemd is a Really-really bad idea, then I have to disappoint you. systemd is a good system. I can report and confirm from first hand longtime experience.

I’m ashamed to admit it took me a full minute to get the comment 😂

"run0 doas sudo su -s /bin/sh -c 'rm -rf ....'"

@@Time4Technology It asks me to translate this to English. 🤣

@lightechoes "yeet"

Oh, well, that's Brodie going to be campaigning against this now then, if he has to put work in if convention shifts. 😆 /s

You are not using systemd. This incident will be reported. lol

Microblogging😣

Or ... a forum thread ... sigh

To this day I still don't get why Mastodon went the twitter way with such constraints regarding posts lengths. Sounds like nothing more than historical debt which they should have got rid of long ago.

@@maxanimator9547 to be honest why would you write a long blog post on mastodon as opposed to your website or activitypub

I already call it SystemD/Linux when I need to distinguish form things like Android/Linux.

Yeah, if run0 will end up like all other systemd components we are here for a nice anarchy with privilege escalation everywhere

You know it is coming, that asshat can't stop himself.

kerneld

systemd-texteditord

KernelD

InitialD was right there, like come on.

Why be worried though, if it's better then great, if not then no one will use it.

I'm not a fan or a hater of systemD, but who cares if they create their own kernel if at the end it is FOSS?

that's such a smart satiric comment!!1

​@@AschKrispeople do not like the creator of systemd, because after creating it, he has gone to work for Microsoft.

​@@rj7250aLet's be honest, that's not at all why people hate him

Alright you got me to laugh lol

gottem

+2

@@Nunya58294 it's on the whiteboard behind Brodie dude

Ok, you got me 😂

rm -rf /*

Note, this is coming from someone who's used some of the weirder cases for SUDO on a two user machine. all this is doing is moving the attack surface from Sudo to... system D.

@@JadeLockpicker I'm disappointed at the lack of flack systemd got for the xz shenanigans. Thankfully, they seem to have gotten the memo for that one specific thing.

Reinventing the wheel lmao

@@Ryan-ct3rv I wonder if the pun was intended.

xz backdoor had nothing to do with systemd FFS

I was talking about doas btw. No idea how heavyweight run0 is yet

@@THEMithrandir09 run.c (which is the code for run0 and systemd-run) by itself is ~2400 lines. This doesn't include any lines from libsystemd or polkit tho.

Was about to say, yeah, I wonder how many features does systemd now have that nonody will ever use?

@@THEMithrandir09 As I understand from the posting in the video, it's almost a wrapper for systemd-run so all the weighty stuff is there already. Still not sure that I like the polkit stuff but if you're a real sysadmin - not like me - you probably need to know that stuff anyway.

​@@THEMithrandir09the difference is that doas is still an SUID binary. It still has that attack surface.

The downside of the service support model.

No way me too

You too? I swear, there are dozens of us! Dozens!

I was thinking how it's handy (I do write some units from time to time)... then had this thought that perhaps something that uses yaml could be handier. At any rate, I don't get why so many people have such strong feelings about a bunch of system tools.

$ run0 install sudo I'm sorry Dave, I'm afraid I can't do that

LMFAOOOOOOOOO

I don't think it's a great idea, because that would cause conflicts with the actual sudo. As it is now, you can have both tools on your system, and use either without issues. If you want a shell alias, you can create one. Personally I don't think hiding one utility under the name of another is a good idea either, and you identified the issue with this too - it isn't actually the same tool, it can work in a different way than you expect. Something I despise is aliasing rm to trash - this makes you think every time you delete something with rm, it can be recovered, which is untrue on most systems other than your current install!

@@GrzesiekJedenastka Yes annoying when running 'lynx' invokes 'links' instead (with completely different commands and command line syntax).

just keep sudo...

@@GrzesiekJedenastka well yea but there should be an option

vim does it for vi​@@GrzesiekJedenastka

That is the Lennart way 😉

I'd expect nothing else.

I wish I could Like this a thousand times

before the rc it was still called "uid0", which I personally kinda liked. It was renamed because all the other elevation tools are named after an action and to more associate it with "systemd-run" which it actually is.

Missed opportunity to call it sus

I suggest the name "please-systemd-may-i"

I second this. The name "run0" feels clunky and awkward but the idea seems reasonable.

@@kensmith5694 The fact it's literally what it does (asks the init to run stuff) is pretty funny.

They are not copycatting redhat because its biggest. Gnome is simply the best GUI (for most people) and they took advantage of the fact that everyone and their dog wants to use Gnome to make hard dependency from it into systemd, pulseaudio and other crap they made. Other distro maintainers were just forced to switch because of that. Gentoo maintainers used to support both systemd and non-systemd versions but said that its double the work because of how systemd replaces everything and evetually gave up since most people wanted Gnome which forced systemd.

@@hubertnnn it's up to distro maintainer(s) to decide what's dependency of what, so i have strong disbelief that anyone pointed gun to Debian's maintainers' head and forced them to include systemd-enriched gnome. We have TDE, we have Mate which are basically forks of old KDE and Gnome, i might be wrong but if it was possible to create systemd-less Devuan, creatnig systemd-modern_Gnome shouldn't be that of an issue. As for gen2- latest article on their wiki about openrc is dated 17.03.24, so i am not sure what you're reffering to.

I genuinely thank you for doing so.

OpenRC is GOATed

This man is cooking! Someone should tell Lennart.

It’s your system, you make the aliases

Programmer Dvorak positions the zero key at the right index finger. Just so you know

You can always make your own aliases, symbolic links or scripts with different names...

So many useful tips. Thanks guys!

And other dumb ideas because people just affraid of one SUID flag on the file. That can be set only by the user, in this case only by root himself. And file can't be changed by anyone except the root (if you are doing 755, which is the only right way to do /bin/*). And that's why we need to change kernel security check to Lennart security check, yeah.

Doas

That is actually a very interesting idea. Reducing from two security critical tools to just one might not be a bad idea. The only thing I would worry about is performance of such local ssh connections in scripts that use a lot of sudos.

I know I'll never miss editing /etc/init.d scripts.

Back in the day we had init scripts. And before that we had rc scripts. They all had one thing in common: as a rule of thumb, they each did one thing, and, as a rule of thumb, did it well. Something that cannot be said for systemd, a monolithic monster that runs as PID 1 in your Linux box. One large attack surface just ripe for the picking...

@@damouze Init scripts, rc scripts. Compare these to unit files, they generally do one thing and do it well. The "problem" is there's also a bootloader, dns, sudo, and whatever else all under the same banner. The trap people fall into is that they think all these things are installed on every distro and running as PID1. This is very much not the case. I am, however, on board with the idea that so much low level infrastructure in Linux should not be under the control of one project. Especially when that project is controlled by somebody who works at Microsoft. I trust MS a lot more than say 10+ years ago, but I don't trust them *that* much.

Mint 18 use unstable as anything. I blame that on systemd because 17 was ok. Using 21 now so things seem a lot better.

​@@damouzeI'd agree if systemd was a monolith and not a bunch of separate binaries all managed in one repository. But systemd isn't a monolith so I disagree.

Did you watch the video? This is not starting from scratch.

i dunno the details but being old would often also mean a lot of bloat and a mess to work with. At least the case with X11. Possible it is not the case for Sudo but just not always the case being old is an advantage.

This.. is also a bit of a misnomer. Yes, it has been tested over 40 years, but security holes have also been found over the past 40 years.. that's just the nature of open source. If the thought was for 'stability', then that'd make sense, but not so much for security. That also only lasts for a few years though (more if it was GUI/desktop based). The counter to the counter is that it's based on polkit, which has also been around for 17 years. For security, the general rule of thumb is the more surface area (attact vector) that exists, the more that can (and will) be exploited. Not using the sticky bit is a pretty massive surface area minification.

It has also been compromised many times during those 40 years. You only have to look back to 2021 (CVE-2021-3156) for an example, so this means nothing. Old code does not automatically mean extra secure code. The fact that sudo is that old and how computing has evolved since then is a great argument for replacing it.

You already have systemd-run, so there is no new attack surface, just a new symlink to call the existing binary

A big, powerful and pervasive piece of software becomes so prevalent that it impacts the viability of the less popular alternatives as daily drivers, every developer making their software assuming that everyone uses the big one. And once the big and popular software feels like it's irreplaceable, it starts to feel entitled to making bad decisions and intentionally and/or unintentionally becoming worse for the end user. Feels like I've seen that before. Maybe a cautionary tale.

By saying "dwarf planet size" do you refer to systemd as a whole, the full(ish) suite of executables ? I don't think it's the case here, at least, clearly, not all. From what I know, systemd did made efforts in the last years to be less monolithic, to actually embrace somewhat the unix philosophy. I hope that journald at least is replaceable now. And I don't say that because I'm an apologist or a fan, I still hate systemd and Lennard P. And I use Gentoo with openRC and I'll check sys6 when I'll have a bit more time or on the new laptop.

@@yigitorhan7654 It doesn't have to be that way. Big, powerful, pervasive software can be good. The Linux kernel itself is a powerful, pervasive piece of software that absorbs many smaller pieces of software into one. Before monolithic kernels, micro kernels were the norm. It's just that the Linux kernel is so reliable noone cares.

@@user-cr2xn4rr2s Yes, I know that. But systemd's sheer popularity and power is making the alternatives into obscure choices in an already obscure desktop OS ecosystem. If the alternatives are snuffed away, I fear a case of "monopoly and ensh*tification" might happen where systemd makes a bad decision for the end user and there is nowhere else to go to. People staying away from systemd are already looked at as a bunch of neckbeards detached from reality.

@@yigitorhan7654 I don't know what reason people have to doubt the systemd maintainers' intentions/competence so much. If we get screwed over in such a way and then meekly accept the poor design choice, it's on us as a community for not having the talent / initiative to fork systemd and maintain it ourselves.

Isn't Poettering a Microsoft employee?

@@bltzcstrnx Pretty sure he is. And as a result we should not trust anything he's punping out. Ever heard of Embrace, Extend, Extinguish?

@@TheEvilAdministrator my exposure to Linux is mostly managing servers. So in this regards, systemd have been very nice to me. As for Microsoft, I do daily drive Windows 11. Managing servers gives me somewhat jaded looks on Linux. They're great OS, but outside of my work time, I want an OS that just works. Especially for gaming and watching Netflix without any tinkering.

​@@bltzcstrnxFor just normal watching Netflix and answering personal emails, Linux is totally fine out of the box for a lot of distros, gaming is hit or miss tho.

@@fatrat600284 Netflix is limited to 720p on Linux. Also, video acceleration in the browser is kind of hit or miss. Some streaming sites such as Disney+ often have troubles.

Perhaps, but then again the unix philosphy is over 50 years old and written during a time when computers were still large as school gyms and hard drive space was at a premium even for a 5MB drive. I mean, UNIX itself came into being just when the microprocessor was coming into common use, so any diversion from it isnt entirely a bad thing. I'm not saying i like or hate systemd for that matter but theres still a lot about the UNIX philosophy thats outdated.

​@@themadoneplays7842Once something gets more popular and mainstream the die hards will switch to another obscure and half assed solution. And the cycle continues.

Hush... Let sleeping dogs lie. ;-).

😂

Are you using UNIX today? Really, straight answer, are you? And I mean, UNIX as in the "phylosophy" from 50 years ago when computing needs and memory and storage were very different from now....please enlighten me

One day systemd will be so powerful, that even microsoft will drop their shitty kernel and use systemd kernel instead lol

Not soon enough 😢

​@@no_name4796I sadly don't see that happening....

Still a long way to catch up to Emacs.

Honestly if systemd comes out with a complete display server that works on Nvidia I'd switch instantly. Because Wayland on Nvidia is still painful.

i'd let poettering finger my pie

Serious question: why?

@@Mooooov0815 the tinfoil hat is not blocking the 5g waves anymore, and systemd is at fault.

@@Mooooov0815 Lennart writes too much code that the only purpose of is "the other thing was dumb; there is mine (also dumb)". I respect when software rewritten to be with less stuff to be broken in future and to do specific things it wanted to do. That's why doas is obvious replacement for sudo. That's why if you really care about all this you should just ditch privilege escalation concept out of the window and just log in through already runing logind, maybe even running second Xorg server if you need graphics. Lennart just does things that are dumb in a first place. run0 basically just connects to pid 1 and asks it to create a new TTY that will read input from unprivileged process, running terminal window. This is just security theater. No, its a security circus. Because there is clowns on the arena who debate over "how insecure it is to escalate process straight away and how it'd be better to read input from the same unescalated process".

​@@Mooooov0815it's design decisions of a few with which we have to put up with. some decisions are bad but its the systemd way so they must be good and accepted without question. a big blob of things where either you accept and everything works, or reject and nothing does, seems like proprietary software thinking to me. especially when its based on the whim of a few on the design team

please dont use chatgpt to write your youtube comments

@@jadesprite In what way is my comment reflective of chatgpt? Honest question to your pretentious accusation.

Sorry about the previous response, I hope this is more helpful. One of the biggest strengths of Unix-like OS's such as Linux and BSD is their _modular_ design, usually summarized as the quote "one program for one task" or something similar. Individual applications are (usually) given just the functionality they need and made to depend on each other as little as possible, which not only improves system security by giving fewer places to find exploits in a program ("attack surface") but also prevents problems from one program affecting another. One example is that, on Void Linux (my OS of choice so consider my bias) system services each have their own dedicated folder and are activated/deactivated by creating a symlink to each folder in a dedicated location, enabling them to be managed fully independently of each other. In contrast, proprietary OS's like Windows tend to follow a "binary blob" model where the entire system is managed as one thing. Yes, technically they are built from many individual files (like DLL's) but they depend on each other extensively and a problem in one file can greatly affect the entire system. An infamous example is the extensive dependence of Windows on Internet Explorer, such that it had to be kept in as a system component even after it was replaced with Edge since it was required for Windows Update. The gripe users have with SystemD being so big is that it follows a "blobby" model like Windows and forgoes many of the benefits of the Unix modular design. It depends on a lot, and a lot depends on it. And I acknowledge that "a lot" is pretty vague, but therein lies the problem - SystemD is so large, and its dependencies so complicated, that it's not immediately clear exactly _how_ big it is. I just know at my level of experience that is depends on numerous system libraries such as the compression algorithms and essentially any program that runs as a background service in turn depends on it. Back in late March, there was a serious security scare in Linux, where the xz compression algorithm was intentionally tampered with by one of its developers to open a backdoor which could allow any remote user to log in to an SSH server undetected. It worked by exploiting a dependence between liblzma (the tempered library), SystemD and ssh (the service to manage remote logins). It affected very few systems because it wasn't yet rolled out on most stable OS's, but could have been catastrophic if it wasn't detected early. Having a program with extensive functionality to manage multiple parts of the system isn't inherently bad, but does increase the chance of problems like this to happen and goes against the Unix philosophy that most users want. It's darkly ironic that we're still reeling from the xz scare and trying to determine how badly systems were or could have been affected, and Poettering is suggesting to make SystemD do _even more._ Now, for your question on how to do it better. It has, in my opinion, already been done in non-SystemD systems such as Gentoo and Void. Gentoo actually offers two different instructions for installing with SystemD and with an alternative OpenRC. With OpenRC, facilities to manage things like the host name, system time zone, network time synchronization, kemap and bootloader are all separate programs or files, and are added to a list with OpenRC as needed. OpenRC is very minimal and only controls the starting/stopping of services, so it's easier to choose alternatives that might better suit your needs (for example, network time synchronization can be done with the fast and accurate chronyd, or the clean and full-featured ntpd) and prevents issues in services from affecting others. With the SystemD installation, many or all of these things are controlled by SystemD instead and are not separate programs, leaving only one option for users who aren't willing to take the risk of creating conflicts with alternatives. And, of course, if there is an issue in SystemD it is likely to affect all of these services. Void also uses a system manager called runit which is similar to OpenRC in many ways, with the key difference that the list of services is just a dedicated folder with symbolic links to the desired surfaces, making the activation and deactivation of individual services even easier. TL;DR SystemD makes managing individual parts of the system more difficult and any security issue affecting it will probably affect the whole systems. A better choice, which already exists, is to separate the system into individual programs and components which can be activated and deactivated on their own. And "better" is an opinion, but by my observations, a pretty widespread one.

@@Kyoobur9000 Holy Guacamole, can you _write!_ Most illuminating! I really enjoyed sinking my teeth into that. I reiterate the term _neophyte;_ my knowledge-base is pretty thin, albeit slightly more expanded now. I immediately groked the basic _why_ of the controversy surrounding Systemd, when I became aware of it, and have actually messed around a bit with MXLinux, (installed on another old Acer Potato laptop) which uses InitV, but I always found Debian a bit of a cludge to work with. Arch _feels_ easier, but no-less vexing in it's complexities, the magic spells required to properly utilize it. Arch Wiki can be quite obtuse. I am an aging GenXer, just another post-modern Industrial Drone with limited mental resources and time. I barely grok concepts like symlinks and my hardware (and wet-ware) is a little too old to brutalize with Gentoo. (My next system will probably be a DIY Framework 16, and that'll open up more possibilities. But base price is $1900 Canadian Pesos, so imma wait a little while on that). My main concern with distros like VoidLinux is how much back-engineering/study would be required to get it to work on my old laptops and use a program like, say, Reaper (a DAW), or set up a security camera system (either way, not an easy task on Linux), or, more superficially, get this-or-that-desktop with this-or-that icon-set. I did the standard 'Linux-Twist:" beginning in 2017 with Mint and slowly edged-into things with a small platoon of old (mostly Acer) laptops, before feeling comfortable-enough to purge Win7, since it was going to be losing support anyway (and I've always been offended by Microsoft with their closed-source bloat). But I'm no coder, never took Computer Science, never like computers much until I jumped into Linux. Currently nipples-deep in ArcoLinux (I still need someone to tie my shoes for me) and Vanilla Arch, blundering-along but slowly learning. I despise the corporate tyranny of Microsoft and Apple, never going back. I'm not a gamer and never became addicted to any proprietary software, so it's not that much of a sacrifice for me to swim with the penguin. I'll start researching on Void and runit though. It does sound interesting. Peace/Out.

@@Kyoobur9000 You put it better than I could by far. Thanks - and great work! You might want to consider posting this (in modified, standalone form) in other places too!

we could just make a script called "sudo" that just runs "please-mr-systemd-may-i"

@@kensmith5694 I suggest SystemDeez. I think that makes for a good line of code on the terminal.

:) Using Gentoo. I don't have systemd or polkit. This is irrelevant.

@@user-qd9pg8xt2k Honestly, now that they started providing binary packages, it seems tempting.

@@user-qd9pg8xt2k Thank you for doing so. Genuinely.

Not sure about Gentoo, but do make sure to contribute to Void Linux. Some packages have been hopelessly outdated.

Void Linux is such an example of failure at staff administration. 700mb of installed size is still a lot. I won't help them if they don't go into 350mb like Gentoo's Stage 3. better yet, it's still bloatware, so that they have to cut that to 150mb, such a Termux achievement.

someone is behind this

EA Sports

@@sprinklednights it's in the game

Well, he works for Microsoft after all...

​@@unusedengine"if you pay extra for it" should be added I feel

I think that's what the systemd-run command is designed to do, and you probably already have it on your system today! They just wrapped it with something that behaves more like sudo.

@@arthurmoore9488 appreciate!

Steam works no prob with conty on my pure 64bit Slackware 15.0 (sys V init) I use as my daily. I run Devuan XFCE on my low end Celeron N4020 laptop, native (AFAIR) steam also works no prob and the laptop is much more responsive without systemd.

@@_sneer_ The only way I've been able to get it to work is enabling arch repos which potentially defeats its own purpose. So, I just cut out the middle man. I don't play games on my laptop so I have no problems with artix there.

@@TheSolidSnakeOil Eh? You don't need to enable the Arch repos to use Steam on Artix.

We all need a good contrarian, don't we?

@@yigitorhan7654 it is not contrarian to actively deny an usurper

'su -c' doesn't work on my Debian 12 system where the root user is locked and has no password. This type of configuration is becoming more common. As I understand it, the run0 functionality is already in systemd-run and run0 is more like a wrapper than an additional thing. It actually sounds depressingly rational to me.

@@dingokidneys Then I heavily disagree with that approach, mostly because I'm the only user of the system. I recall switching to root on Mint and Debian just so I can follow LFS and going through the process just introduces more hurdles than necessary - I just want to do my task instead of deal with artificial barriers. If major distros adopt this approach like Arch, then I'll have to roll my own LiveCDs to overcome those hurdles.

@@zeckma It's still possible, with sudo privileges, to unlock root and set a password. It's just not the standard configuration and so 'su -c' won't work on systems using the standard configuration where you don't have authority to make changes to root functionality on.

@@dingokidneys I know, but it is troubling that I had to figure that out just to access root privileges. I just find it unnecessary and even clunky.

​@@zeckma comes with the territory of making Linux more friendly to the normies. Linux nerds are fine with navigating through a maze of pitfalls, because we're used to it, and if you know the right pitfall to jump into allows you to navigate faster; but normies just walk into open pitfalls, break their legs and say "never again" and go back to Windows or MacOS. I am a developer on a cross platform open source project that requires manual setting up on all platforms, because it has to be compiled and set up in a way that's specific to the target system.. either way we have lots of windows users who want to set up our software on Linux systems, and one of the most common problems they encountered when setting up our software was that they themselves kept running every single command in our setup guide as sudo, even without being instructed to, because they intrinsically associate running commands on Linux with sudo. That in the end causes permissions to be horribly messed up. And our project not working, leading to support requests. In the meantime we've put a huge banner in our install guide that tells users to absolutely, under no circumstances use `sudo` unless explicitly instructed to by our install guide... It has improved the problem significantly, but there are of course still people who read only what they want to read😂

Question though. How is that different than the configuration done for SSH? If that's already using polkit, then wouldn't the configuration already be done?

The 'man' page is 571 lines long. It does *a lot* that a single person on a single laptop/desktop does not need, as Brodie said. It allows for fine grained control over user access to privileged resources which is great on a multi-user supercomputer on a research or educational campus but kinda overkill for a dude on his lappy.

@@dingokidneys To me, many things in Linux seem overkill for even professional desktop users. I wonder how much simpler it could be 🤔

I don't think you should focus on the LoC that much. Maybe splitting the functionality might create headache for other people. SLOC depends on the functionality of the program. The only way to make it less to cut down features. But which features to cut down? Why?​@@dovonun

@@glidersuzuki5572 I think it is easier to understand computers/operation systems if you can read the code. Therefore, less code and simpler concepts could allow more people to understand their systems better. Maybe this is not possible anymore. But not long ago, every game was an operation system; nowadays, it seems impossible to even understand one.

@@dovonun It can get pretty simple when you strip things down or build out a minimal system to suit just what you want to do. This is why so many IoT devices use Linux too. A full operating system in under a gigabyte of binaries and scripts. My Alpine system that I use as a wifi scanning appliance occupies 168Mb of disk space and runs in 36Mb of RAM at idle. You can either pick a distro that suits or build a system scaling from what I have running on a 32bit eeePC to massive multiuser system. It's up to you to choose what you want.

The interesting thing is this seem slike just a light wrapper around a pre-existing application. While I haven't looked, probably one designed to allow a process to start service workers and communicate with them. I'd put decent ods that you could hack together a command which would act like run0 using said process right now.

not going to be that guy, but doas is not as secure as sudo ON LINUX.(its pretty much the same on bsd) because of something something persist thing

Changes basically nothing lol. Sure few less MB on HD used, and maybe less options making a little easier. But literally 99% of times everyone just sudo _do stuff_ so what's even the point lol?

Doas on Linux is way more limited than on OpenBSD. There's not even a secure way to have it remember your password. I like doas on OpenBSD, but prefer sudo everywhere else.

​@@no_name4796have you ever tried to configure sudo? Doas is so much better in that regard.

@@no_name4796 its actually faster when cancelling a password prompt

Wayland, Pipewire, Doas.

It does make sense to have a dedicated virtual super user that handles privileged execution so that the unprivileged user doesn't need privilege escalation, but it's not a valid paradigm for all use cases, and I am not sure logging in as that privileged user for the edge cases is a viable solution, that just makes things worse. So in this. I don't think sudo is going anywhere, it will just be heavily discouraged.

@@rich1051414 The problem with sudo is sudo, itself. There's too much going on with it as an authentication method on system with only a single user, and a single seat, connected to a network but isolated from other system interactions. It's more suited for sysadmins which manage multiple machines, where the Linux instance users are using is what we'd refer to these days as a "Thin client". The average end-user would be better suited with something lighter.

It is easy to make it standalone, but if you do that people might only use the good parts instead of the entire system.

isn’t it essentially standalone considering it’s linked to run0 ?

the actual issue with such a thing, whats the point of it if it's locked to the systemd monolith, with other things that not everyone can or wants to have on their system, systemd desktop enviroment that you can't swap when

@@CptJistuce LoL, nice one!

Except that systemd isn’t a piece of software, it’s a family of software

Blame Ubuntu that popularized it... I guess someone at Canonical figured it was easier to remember than `sudo -i` or something

`su -` spawns new login process with empty environment. "Things that Lennart does not want you to know".

I only do this when I'm really desparate and forgot what my root password is, but yea, `sudo su` is extremely cursed 😂

Is this a hobby of yours or something? Standing behind people and watching what they type in at the bash prompt? Have you not just considered a better hobby?

@@terrydaktyllus1320 pry not, but from a POSIX shell scripting perspective (closest actual hobby I can think of), it's very distasteful due to how incredibly redundant it is. It's up there next to `cat file.txt | grep ...` And from a general linux user perspective, it just reeks of desperation, the only realistic reason to do this is because you can't login to the root user account by normal means, but need to access the root user for the remainder of the terminal session. Which for obvious reasons sounds like a major security risk ... So yea, no matter how you look at it, `sudo su` is cursed and should always be looked at with either shame, pity or disdain

Except they did not give us doas. Doas on Linux is just a port by some random guy

@@PeakKissShot Well that sounds like a Linux problem, not an OpenBSD problem. Or is it really a problem?

Opendoas on Linux is not the same. It's a poor port that's abandoned.

@@No-mq5lw it just does some text parsing with stuff like strcmp and then uses systemcalls to drop you into requested user. Go "update" memcpy if you have nothing to do.

​@@No-mq5lw how is it abandoned? it hadn't had commits for two years but for software which is supposed to do one thing and well that doesn't matter that much also there is alternative port by slicer69 which seems to be very alive, but iirc it had security issues

@@netkv *3 years. And it's on v1.49 while OBSD is on 1.99 of doas. Being abandoned for a long while matters when it allows root access (and ports over libs from OBSD). If it was a toy like Neofetch, being abandoned honestly doesn't really matter all too much.

Nah, now that Windows is implementing their own "sudo" it's time to switch on Linux. doas, run0, whatever.

OpenBSD barely works for a desktop system lol

I'm pretty sure they can allow multiple parsers.

You mean that delay when entering a password only to get notified that you typed your password wrong?

From the posting in the video, it looks like a wrapper around systemd-run which as you say is functionality that has been there a long time. My first reaction was "Oh, no!" but as the explanation went on I thought "This sounds pretty reasonable actually." Lennart seems to be one of those people who is (painfully for me) right about what he says. Sadly, I'll probably have to learn some new stuff; more about systemd and a bit about polkit.

init already runs as root, why not communicate with it instead of suid hack? pipewire client-server is better than alsa dmix. syslog is client-server.

What's wrong with that?

I like Systemd/Linux reality. Using it every day since many years.

especially when doas is already right there!

I think he says it's "probably on your system already" because this audience leans more on the modern, cutting edge side of Linux

All this is is a new symlink to the systemd-run binary you already have.

@@Max24871 speak for yourself! runit my beloved

@@Max24871 Well not one that *I* already have; my computers run Void, Artix, and (in the near future) possibly Nitrux and/or AntiX. Just sayin'.

syslog follows unix philosophy, same with systemd-run/run0. sudo attempts to secure itself against user controlled execution environment, run0 executes in protected, controlled environment.

I wouldn't call it massive. All it does was already possible, it's just using the existing systemd APIs. I also wouldn't call it forcing, it's just a tool - you can use it, you can stick to sudo or doas.

@@GrzesiekJedenastka I was under the impression that the goal would be to phase sudo out completely as a systemd wide change, which would be a massive adjustment. well referring more to get adoption of the new tool rather then changes to the codebase.

@@schemage2210 sudo isn't going anywhere. It's up to distros if they want to continue shipping it by default, and up to the user if they want to install it even if the distros don't. The goal of systemd devs is to replace sudo, yes, but if it does or does not is not up to them. Only time will tell.

@@schemage2210systemd has nothing to do with sudo. run0 is just an additional option you much chose instead of sudo

@@schemage2210 sudo is just another program right? They can't "phase sudo out completely" because you can just install it on any Linux system as I'm aware

As far as I know, systemd makes server much easier to operates.

That is what full disk encryption is for. Otherwise anybody can just mount your fs and change things.

Software that isn't running has no practical way to enforce behaviour on software that is. "I can mount your storage to a live OS and read and write to my heart's content" isn't a design decision, it's a law of physics.