[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to remove libsystemd0 from a live-running debian desktop system

ok, so there's been quite a discussion, both on slashdot, where
amazingly the comments that filtered to the top were insightful and
respectful, and also here on debian-devel and debian-users.  as i
normally use gmane to reply (and maintain and respect threads) but
this discussion is not *on* gmane, i apologise for having to write a
summary-style follow-up: if people would like me to reply (thank you
christian) please cc me in future, but (see last paragraph) i think
the software libre community's interests are best served if i wait for
replies to accumulate for a few days.

after thinking about this yesterday, a random sentence popped into my
head, which i believe is very appropriate:

    "i disagree with what you are saying, but i will defend your right
to say it".

i believe it was someone famous who wrote that, and it applies to this
situation because this really isn't about the technical merits of the
available software: solutions will come in time (and already are:
eudev, mdev, uselessd and many more).  the reason why i've joined this
debate is because i feel that closing doors on choice in ways that
force people to have to make extremely disruptive and risky decisions
that could adversely affect their livelihoods - i have a *really* bad
feeling about that, and i cannot sit by and let it happen without
speaking up.

in the past two days i've seen a lot of people on this list make it
clear (by saying for example "you have the source, go modify it") that
they do not truly appreciate the responsibility and duty of care that
they have.  in saying that i can say that *i know* how you feel: i've
been the leader of many software libre projects where people would
expect me to feed them answers for no financial reward - and all those
other nuances that we frequently encounter.  but i learned in the past
few years that even if you are not being paid, you *still* have a duty
to those people less intelligent or with less time or less money than
you.  we're *serving others* with our skill, time and intelligence.
it's a really awkward and delicate situation, i know, but answering
"go away and modify the source yourself" is to do both yourself and
the recipient of that answer a very strong disservice.

anyway - down to it.

so, marco, you wrote:

> Again, you clearly do not understand well how systemd works.

marco: understanding or otherwise how systemd works is not the point:
the point is that there has been a unilateral decision across
virtually every single GNU/Linux distro to abandon and remove *any*
alternative to having libsystemd0 installed.  historical precedent in
the software industry and beyond tells us that placing so much power
and trust in a single system and a single group should be ringing
alarm bells so loudly in your head that you should wake up deaf after
having first passed out with dizziness! :)

so could i ask you, as i really genuinely don't understand, why is it
that the lack of choice here *doesn't* bother you?  i'm not asking for
a technical review or a technically-based argument as to "why
libsystemd0 is better" - that has been debated many many times and is
entirely moot.  i'm asking "why does *only* having libsystemd0 as the
sole exclusive startup method, removal of which prevents and prohibits
the use of a whopping FIFTEEN PERCENT of the available debian software
base, and where that exclusive exclusionary process is being rapidly
duplicated across virtually every single GNU/Linux distribution that
we know; why does that *not* make you pause for thought that there
might be something desperately and very badly wrong?"

ric writes, amongst other things:

> You are completely free to fork or go your own direction,

indeed we are, and in fact one person mentions further in the thread
so far that they did exactly that.  they also outline quite how much
work it is.  on the slashdot discussion, someone pointed out that it
was really unconscionable that people have to go to such extreme
lengths.  GNU/Linux distros should be a place where people can make
happy and convenient choices, not extreme decisions!  the extreme
absurd version of what you suggest is to do what very very few people
in the world have ever done (one of them being richard lightman, an
amazingly intelligent and reclusive individual), namely to create an
*entire* linux distribution - on their own - from source.  i take it
you can see, from that example, quite how much of a disservice it is
to say what you said, ric?

no, the very fact that this *doesn't go away* - that discussions about
libsystemd0 are *continuous and ongoing*, should tell you that there
is something very, very badly wrong with what's going on.  and that's
what i want to get to the bottom of.  like... *properly* understand.

the second thing, ric, is that i have to point out, respectfully, that
there are signs that you didn't read the slashdot article summary, nor
my report, as shown here:

> But, to raise comparisons to MicroSoft is very much out of line.

that is a conclusion and an insight that i reached with some care and
consideration, and unfortunately it appears that you reacted badly and
emotionally to that without reviewing the logical reasoning by which i
arrived at that insight.  as a general rule, asking people to retract
a conclusion without first showing that you have read, acknowledged
and understood their rationale is ... well... i won't make judgements
but i _am_ going to ask you to be more conscientious in future, ok?
can i leave it with you to read further and to respect that request?
the reason i say that is because i did actually forsee the argument
about "anyone can fork or patch code", and provided insights as to why
that is not true, both in the slashdot article as well as the report.

russ writes:

> Alas, the resulting distribution is still hopelessly compromised by the
> NSA, who might be even worse than Lennart Poettering.  To see how deep the
> tendrils of US government infiltration go, just try removing libselinux1,
> and marvel at how much concerted malevolent effort has gone into
> destroying your freedom.


> Or, alternately, you could research how and why one would use shared
> libraries in a binary distribution to support optional features.  But
> that's boring, prosaic, and nowhere near as much fun to write about.

ahhh russ - good maaan :)  here we have a hint of a possible solution,
one where i'm going to need to speak to the systemd team for a feature
request / design decision (and can i ask you and anyone else to do the
same?).  you've hit on what i believe is *the* perfect and acceptable
decision that is hinted at by the ridiculousness of the drastic
demonstration that i made [to modify and recompile debian packages].
of *course* libsystemd0 should be dynamically loaded, and the
userspace applications make the decision *at runtime* as to what to

yet the staggering thing is that you are quite literally *the* only
other person whom i've *ever* encountered - in this entire aggressive
storming bloody mess - who has proposed this so simple and respectful
design concept!  why is that, because i really don't know.

now that just leaves the mention of the dreaded NSA and the dreaded
libselinux1 to contend with, which eduard also raises as being a
potential target of ire.  i have the advantage of having answered this
before in other conversations, as well as having worked closely with
libselinux, so have some key insights into both how it works as well
as _why_ it was developed.

SE/Linux is an implementation of a well-researched (independently
researched) security model known as FLASK.  FLASK was developed around
very very good principles that are often implemented right across the
security and defense industry as actual *physical* measures.  the
example i typically give here is when a 5 star General goes to a base,
his papers are *taken away* (preventing and prohibiting him from being
able to travel), and he is given a security badge that *only* allows
him access to the absolute specific locations in the building that he
is there to visit.  on leaving (if he leaves...) that badge is *taken
away* and he is handed back his papers.  but those two transactions of
paper-swapping are actually independent, in SE/Linux (and in the
physical security world) it has to be pointed out.

the key question though is _why_ did the NSA sponsor SE/Linux?  the
reason for that is because the adoption of GNU/Linux in secure
environments and in USA government departments and military
establishments was progressing at an alarmingly high rate, and the NSA
became concerned about how to validate its security.  i don't know if
you're aware of this, but in the intelligence community, *not knowing*
if something is secure *or insecure* is *much worse* even than knowing
that something *is* insecure.  the "not knowing" is their absolute
worst nightmare, because if you *know* something is insecure, you can
at least avoid it or do some risk assessment.  in other words, in the
risk assessment of "things unknown", they are forced to put "infinite
probability of attack" into the equations, and that they really don't
like doing!

however given that the FLASK model is actually a formal mathematical
language, and given that the SE/Linux m4 macros may be likewise
mathematically analysed, the NSA *really can* make formally-provable
statements about the security of computer systems within their care
and responsibility.  and that makes them - and their clients - very
very happy.

so to summarise:

* the use of libselinux1 is dormant (i.e. whilst you can't remove it
without inconvenience, its use is entirely optional, right from the
kernel level)
* its development and documentation is rational and well-researched
* the timeline behind its introduction was done in a respectful and
reasonable way
* it would be *counter* to the NSA's *own remit* for them to compromise it!
* there are several independent people who have reviewed it

now let's compare that to the situation that we find ourselves in with

* the use of libsystemd0 is MANDATORY and EXCLUSIONARY (everywhere
except slackware and FreeBSD)
* its development is a moving target and the documentation of the
roadmap is informal and sparse.
* the timeline behind its introduction indicates that it is being
rail-roaded through
* there have been similar conspiracy theories about libsystemd0 but it
is too early to make rational assessments
* the people who have reviewed libsystemd0 and systemd and found
really good technical as well as sysadmin work-related reasons as to
why it is lacking have been *COMPLETELY IGNORED*.

so from that can you see why libselinux is, far from being a "bad"
example that many people should feel compelled to rip out at the
roots, is in fact a *good* example by virtue of helping to demonstrate
how libsystemd0 *should* have been introduced and most definitely has

the summary is that the process by which SE/Linux was introduced was
done in a respectful way, where people were invited to review the
papers as well as the code at every step of the way.  objections may
have been raised, however we see from the lack of past and ongoing
fuss (in direct contrast to libsystemd0) that those objections must
have been dealt with.

by complete contrast, the shit-storm behind libsystemd0 is *not going away*.

... that's quite a lot, there - did i make the point clearly, russ? :)

marco writes that he believes i accused him of being part of a conspiracy:

> Cool! It has been since my Usenet days that I have not been accused of
> being part of a conspiracy. Thank you, I missed this.

any time, marco - you clearly enjoyed reaching that conclusion, and
whilst i wouldn't wish to take that away from you, i do feel compelled
to point out that the perception of a conspiracy really is in your own
head :)  my reply to christian's kind words make it clearer:

> i'll hazard a guess that it's because they had no idea that, in the
> very near future, all the major desktop developers and all the major
> distros would make the unilateral decision to hard-code the
> *exclusive* use of systemd (or parts of it).

in other words, it's *not your fault* marco.  .it's *not your fault*.
it's *not* your fault.  you didn't do anything wrong, ok?  you made
the best decisions that you could with the information available to
you at the time.  nobody could have predicted how this would turn out.

TheWanderer mentions, in response to the question "how to give people choice"

> As Russ pointed out in a thread on -project last month: either revive
> ConsoleKit, or reimplement logind in a way which isn't dependent on
> systemd, and do either or both in a way which is acceptable to all
> relevant upstreams (including PolicyKit).

russ seems to have a clue, i believe: he's the one that's also raised
the idea of dynamic-loading optional libraries (that may, clearly,
then be packaged as separate optional .debs).  we are, however,
talking not about distro-maintenance but are now talking about making
proposals of design decisions to the upstream developers.

would it be worthwhile starting a separate discussion about doing
that, and where would it be best to do that (where is the best
*public* place to do that, i mean, where the most number of people
with a stake in the outcome would be able to review and contribute?
let's learn from the good example that libselinux1 set, in other

christian makes the following point:

> And what do you mean by "unilateral" decision?

 this came up on slashdot. the relevance is best answered by this post, here:

> If you want to be
> involved in the design and development of a software, do what everyone
> else does -- contribute. That works for everyone else, AFAICT.

 this is not about you, or me.  again, like ric, you appear to not
have read (or you did, but you didn't acknowledge *that* you had
read), the points made both in the report as well as in the text of
the slashdot article.  as you are the second person to have implicitly
indicated that you haven't read what i wrote (in which i foresaw and
forestalled exactly the argument that you make), i will repeat it

" We aren't all "good at coding", or paid to work on Software Libre:
that means that those people who are need to be much more

there's a more detailed version of that on the report, and it was very
interesting to see that people on slashdot agreed with me.  this
*isn't about* you or me.  we *can* (and i have - as you can see from
the report) contribute,  we *can* code.  what do you think i'm doing,
here?? :)  i'm letting people know that their right to choose has been
violated, i'm showing them (if they are brave enough) that they *do*
have a choice, and i have provided instructions on how to get that
choice back, i'm mulling over ways in which that right to choose can
be reinstated in ways that the upstream developers can understand and
appreciate, and i'm finding that i am not the only one (Russ for
example) who has thought of these ideas, which is great!

so i am a bit puzzled, and would really appreciate your insight and
answer: what is it about what i am doing is sufficiently unclear that
you do not perceive it to be a contribution?

> If you know something that all-the-desktops and
> all-the-distros don't, then act on that knowledge.

 i cannot claim to know everything - none of us can - but i *am*
acting on the insights that i am able to perceive, highlighting as
best i can the issues that i perceive to be important.  and i *have* -
and am - taking action.  exactly as the quote hints at, right at the
beginning of this message, i take my duty and responsibility to defend
software freedom - even on behalf of those people who do not
understand why software freedom is important - very seriously.  why do
you think i dedicated four years of my life to bridging the yawning
gap between the microsoft and UNIX worlds - without adequate financial
compensation and without the kind of recognition and awards that
*everyone else* in the samba team received at the time?

also you also make this point, christian:

> I'll hazard another guess, namely that the great vast majority of users
> simply do not care.

and then the NSA was discovered, through the publication of a huge
mountain of undeniable evidence in direct violation of local and
international law, to be doing exactly what all the people who had
been scoffed at and ridiculed for decades, with accusations of them
being "paranoid" and "conspiracy theorists", had said that the NSA was
doing, all along.

at that point, suddenly two things happened:

* the vast unwashed majority of users suddenly cared
* the people who provide service *to* those users took action.

and that's really why i'm pursuing this, cross-posted on these two
mailing lists (yes alasdair, we don't want to lose good developers,
and yes matthias, i believe that both the debian devs and users should
listen.... to each other).  the vast majority of users don't care
because they *don't know*, so it is up to us to make a proper
assessment as best we can on their behalf.  but what i find to be
completely overwhelmingly incomprehensible is how little it is
appreciated to be extremely alarming - by the upstream developers as
well as the GNU/Linux distribution maintainers - the imposition a
monoculture boot system is for software freedom.

and, as mentioned above, i'd genuinely very much appreciate people
explaining to me why they do not perceive this to be a really,
*really* serious problem.  as i can see so clearly why it is such a
severe problem - that has absolutely nothing to do with the technical
merits of any of the available solutions - it's critical for me to
understand why this is so unclear to everyone else.

ok that's enough.  again, apologies for the summarising-nature of the
above (and for its length, in answering everyone as best i can).  if
it's ok i will do the same again next time, leaving it for several
days for the debate to bring out the best from everyone.


Reply to: