#nixos-security on 2019-02-18

00:30 LnL has quit [Ping timeout: 244 seconds]

04:18 pie__ has joined #nixos-security

04:21 pie___ has quit [Ping timeout: 250 seconds]

05:57 MichaelRaskin has quit [Quit: MichaelRaskin]

07:30 LnL has joined #nixos-security

10:51 periklis has joined #nixos-security

11:19 periklis has quit [Ping timeout: 246 seconds]

13:19 sphalerite has quit [Ping timeout: 268 seconds]

13:31 sphalerite has joined #nixos-security

17:46 <andi-> https://www.openwall.com/lists/oss-security/2019/02/18/3 systemd once more :)

17:56 * Foxboron prepares for the screaming choir

18:07 <gchristensen> this is great!

18:08 <gchristensen> I really appreciate the fine toothed comb systemd is getting

18:18 <andi-> Foxboron: do you have the lyrics ready?

18:21 * Foxboron attempts finding a song that asks everyone to be nice

19:53 <pie__> Foxboron, AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

19:53 <pie__> im usually the one doing the screaming so i will oblige

19:53 <pie__> hey i have a new hot-take this time though

19:53 <pie__> the part where they messed up systemd is deciding to write it in c

19:54 <Foxboron> Lennart is inclined to agree, as it so turns out.

19:54 <pie__> they started it before rust really took off though i guess

19:54 <pie__> quick hard-bank before the sunk cost fallacy kicks i-ohwait? :P

19:55 <pie__> (except it not really completely a fallacy i guess)

19:56 <Foxboron> choir on reddit is screaming. I should stay off reddit

19:56 <gchristensen> it isn't useful

19:57 <gchristensen> it just makes everybody feel crappy and down while adding little to no value

19:58 <gchristensen> (in my experience) systemd fixes so much stuff which was really horrible to deal with, and I'm glad for it constantly

19:58 <gchristensen> there are bugs everywhere, but as soon as one in systemd specifically crops up it is "oh man, look at that, systemd fucked up again"

19:58 <gchristensen> meanwhile there have been dozens to hundreds of CVEs which were issued against not-systemd.

19:59 <Foxboron> indeed

19:59 <Foxboron> Pointed out that there are 10-15 Linux DoS CVEs filed for every 1 systemd DoS CVE

19:59 <Foxboron> which are exactly 2. So it's probably closer to 20-30 Linux DoS CVEs :p

19:59 <gchristensen> it is wildly cool that you can use native features in your service manager to drop basically all the capabilities if you want

19:59 <gchristensen> yeah

19:59 <gchristensen> all our software is buggy as hell, it just is a fact of writing software -- systemd is no exception

19:59 <Foxboron> One in KVM it seems!

20:00 <gchristensen> you know what would be cool? working to improve it

20:00 <gchristensen> the people reviewing and finding these bugs in systemd are doing exactly that, which I'm grateful for

20:00 <gchristensen> the howling is not

20:01 * andi- agrees

20:01 <Foxboron> Well, it's hard when the loudest voice on reddit (currently) is patching systemd :p

20:02 <gchristensen> also, the sky isn't falling every time there is a CVE

20:02 <Foxboron> then also yells at how bloated it is

20:02 <Foxboron> gchristensen: Haha. I wrote the same thing!

20:02 <Foxboron> https://www.reddit.com/r/linux/comments/as0050/systemd_pid_1_can_be_crashed_and_panic_the_kernel/egr0mzo/?context=3

20:02 <Foxboron> heh

20:02 <gchristensen> haha

20:03 <disasm> we should hammer the reddit thread with if you used nixos, you could patch your system with one command without worrying of breakage :)

20:03 <gchristensen> it has been a while since the last "y'all suck for using systemd" troll in #nixos, not sure I want to tempt fait :P

20:03 <gchristensen> fate*

20:03 <disasm> true

20:04 <disasm> my biggest problem with the first one was figuring out how to get a bunch of code that hadn't been updated in a year working on 18.09

20:04 <disasm> and I could have just cherry-picked the patch to 18.03, but I kinda wanted an excuse to update to 18.09.

20:20 <pie__> i complain about those too :P <gchristensen> meanwhile there have been dozens to hundreds of CVEs which were issued against not-systemd.

20:21 <gchristensen> those aren't helping either lol

20:21 <gchristensen> it just feels crappy

20:21 <pie__> i know xP

20:21 <pie__> :(

20:22 <gchristensen> and I've not been actively patching for a while, but security patching is really risk for burnout, and panic over them makes it worse

20:22 <pie__> honesly most of the time its "for fucks sake guys we need to find automated ays to not run into this shit, how long have we been doing this now?"

20:22 <pie__> ^for m

20:22 <pie__> ^for me

20:24 <pie__> (ok i was mostly joking about the sky falling for me evey time, im still young)

20:27 <ekleog> Foxboron: IMO, people yell at systemd because they know the world before systemd. Linux is too much anchored in the “well you've got no choice, just use it” mindset that people no longer even care about it

20:27 <ekleog> just give a few decades to systemd and it'll come there

20:32 <Foxboron> I'm from a different camp so I'm not going to continue that debate :)

20:32 * Foxboron wants everyone to get along

20:36 <pie__> \o/

20:36 * pie__ passes out hugs

23:09 pie__ has quit [Ping timeout: 250 seconds]

23:55 <samueldr> *++ for the positivity in CVE