I have seen so many times that systemd is insecure, bloated, etc. So i wonder ¿does it worth to switch to another init system?

  • dack@lemmy.world
    link
    fedilink
    arrow-up
    16
    ·
    1 year ago

    I don’t see any fundamental reason why systemd would be insecure. If anything, I would expect it to be less prone to security bugs than the conglomerations of shell scripts that used to be used for init systems.

    The bloated argument seems to mostly come from people who don’t understand systemd init is a separate thing from all the other systemd components. You can use just the init part and not the rest if you want. Also, systemd performs way better than the old init systems anyway. I suspect many of the those complaining online didn’t really have first hand experience with the old init systems.

    If a different init suits your needs better, then sure go with it. But for the vast majority of typical desktop/server stuff, systemd is probably the best option. That’s why most distributions use it.

    • gian @lemmy.grys.it
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      3
      ·
      1 year ago

      I don’t see any fundamental reason why systemd would be insecure.

      You mean aside how the author answer to CVEs, right ?

      If anything, I would expect it to be less prone to security bugs than the conglomerations of shell scripts that used to be used for init systems.

      Not sure. In the end the shell script were just an easy and consistent way to start/stop programs. If the programs were secure (read: checked the input and sanitize it, did the check for permissions and so on) there is not a big difference.

      Also, systemd performs way better than the old init systems anyway.

      In what regards ? Boot faster ? Fine, but on a server it does not mean anything, a server does not reboot that often; for a desktop it not that the 5 seconds you gain are a fundamental gain.

      One problem I see is with the logs: it is true that the format is documented, but a text format is always readable while a binary format… (been here, done that 🤬 )

      • dack@lemmy.world
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        I agree those CVE responses are not great. Those are from quite a few years ago though. Has their handling of CVEs improved since?

        Boot times are not that big of a deal to me either, but some people seem to care about it a lot.

        I’ve never personally had any problems with binary logs. You could always forward to a different logging daemon if that’s a concern.

        • gian @lemmy.grys.it
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          I’ve never personally had any problems with binary logs.

          I had it and I am sure that I could have solved the problem faster if I could have solved it faster if I did not needed to first understand how to access the logs on a damaged system.

          You could always forward to a different logging daemon if that’s a concern.

          This does not solve the problem, it only move it to somewhere else.

      • TCB13@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        In what regards ? Boot faster ? Fine, but on a server it does not mean anything, a server does not reboot that often; for a desktop it not that the 5 seconds you gain are a fundamental gain.

        Are you sure it doesn’t mean anything? It means to a LOT of people.

        Anyways are you aware of systemd-analyze and that you can profile your boot and services even with graphical representations? Have a look at https://www.apertis.org/guides/boot_optimisation/ and https://opensource.com/article/20/9/systemd-startup-configuration

        • gian @lemmy.grys.it
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Are you sure it doesn’t mean anything? It means to a LOT of people.

          Fine, still not understanding why something that I should run once in a while (on a server) or it is not that critical seems to be so important. Look, I had way bigger gain moving from a HDD to a SDD than switching to Systemd from the old init.

          I refuse to belive that for a desktop user a 5 seconds longer boot time is that important. I could understand on a server where, if you work with it, you can have fines for downtime but even in this case it is a thing that could be handled in different ways.

          Anyways are you aware of systemd-analyze and that you can profile your boot and services even with graphical representations? Have a look at https://www.apertis.org/guides/boot_optimisation/ and https://opensource.com/article/20/9/systemd-startup-configuration

          Good, but I am not interested in booting my laptop 5 second faster and for my server I have not fines if it start in 20 seconds instead of 10 😁

          • TCB13@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            systemd-analyze isn’t only about reducing your boot time by 5 seconds, it’s about when you’ve problems knowing exactly what is happening and when and also about having a clear view of dependencies between services.

            • gian @lemmy.grys.it
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              At this point I am not that interested in these aspects, for what I need I am ok if the system boot and I can work 😀

              But thanks anyway, it is a good thing to know if I ever need it.