The quest to make Linux bulletproof

"I'm sorry Dave, I can't do that."

See title!!!

Reading this makes me tired...

My take home from all this is that Linux is still a complete mess of competing standards, versions, implementations, flavours, whatever - and that it and the community supporting it just don't seem to get that creating yet another version to solve the problem just... adds to the problem. It may be an acceptable situation for professional greybeards who have *their* systems running *their* preferred setup, but as an ecosystem its awful.

Blockchain

You just need to have blockchain backed filesystem.

Imagine being able to detect that someone (likely yourself when you meet walrus after taking too much Ambien after long day at work) tampered with your precious files.

Remember when BillyG was going to replace the filesystem with a database? If Liam's closing thesis is right, then that's the direction we're heading.

It all makes me pine for the days of RiscOS when everything the app needed was in it's folder and spreading yourself across the OS was rude.

The quest to make Linux bulletproof

I just wanted to thank the author for differentiating between the OpenZFS file system and proprietary Oracle ZFS and I would like to see more of that happening.

There is still the potential for Oracle to initiate vexatious court case litigation which is why support for OpenZFS is not currently included in the Linux kernel. Understandably, Linus Torvalds does not want to include such support in the kernel until a categorical assurance is given:

"And honestly, there is no way I can merge any of the ZFS efforts until I get an official letter from Oracle that is signed by their main legal counsel or preferably by Larry Ellison himself that says that yes, it’s ok to do so and treat the end result as GPL’d".

Don't give up the day job

"git gets easier once you get the basic idea that branches are homeomorphic endofunctors mapping submanifolds of a Hilbert space."

Yes apparently a joke

"https://softwareengineering.stackexchange.com/questions/256450/are-git-branches-in-fact-homeomorphic-endofunctors-mapping-submanifolds-of-a"

and codswallop. The Haskell monad/monoid thing it parodies is apparently correct and humorous.

Comedy night in the maths dept must be a barrel of laughs.

New approaches - ame direction

It seems like all of these are still basing themselves on a reboot for upgrading. I thought the Linux world had progressed further in hotpatching.

It's all about making it easier...

...for humans to manage the huge, sprawling complexity of modern apps

One can't help but wonder if it might actually make sense to go and look at said "modern" apps and determine why they got so huge, sprawling, and complex - because I'm almost certain that in 90% of cases what we're doing here is building complexity in order to manage complexity, rather than doing the smart thing and trying to take the initial complexity out.

I'm sure there are plenty of greyer heads than mine in this here comments section, but I've been doing this quite a while now and I'm far from convinced that most of what we do today is objectively better than what we were doing when I joined the industry twenty years ago. It's more just sort of... different... and probably involves a web browser for some reason no one seems to be able to adequately explain.

For such a supposedly scholarly article

(by length leastways)

not a single mention of puppet is an odd omission.

Snap is a single compressed file,

So IIUC dynamically linked libraries are, to all intents and purposes, a thing of the past: each snap has its own copy of every library it uses.

history

After experimenting with Slack and Red Hat I settled first on SuSE as my distro of choice, later moving to Ubuntu and then Mint on the desktop, plain Debian on servers.

After the anarchy of Windows software, just the very idea of package management was a revelation. But I have to say that RPM/YaST would far too often get totally confused over dependencies and give up, leaving the meatware to sort it out. DEB/APT usually just works, for me, given the existence of suitable repos. Sometime the latter is not given. It's occasionally inconvenient, but I now just don't bother with such software. Usually there's a workable alternative.

Snap? Mint doesn't like it; can't say I've missed it. Flatpack? I've not found any compelling reason to use it.

YMMV.

-A.

This is why we can’t have nice things

Informative article. My biggest takeaway from it is the state of thinking of Linux software devs.

There was a time when we had relatively simple package installation programs. I can see that there are issues with them so I’m not against improvements.

But the “improvements” are a tangled web of complexity and bloat…

- Having the file system functionality being integral to the installation - ref Snapper

- Having multiple copies of libraries installed - Snap

- Relying on the type of init system in use - Snap

- Having to reboot to install software - ALP. And the idea of running your OS as a VM do that you don’t have to reboot is nuts! Not using ALP would be much simpler and less resource hungry

…etc etc etc…

So the “solutions” to a problem that isn’t really THAT big is to add gloop upon gloop, ridiculous dependencies on stuff that nobody sane person would think necessary or desirable, and huge huge complexity.

It’s exactly this kind of thinking that makes multi gigahertz modern systems run like arthritic slugs and means they need gigabytes of memory just to wake up.

"It's all about making it easier for humans to manage the huge, sprawling complexity of modern apps."

Here is an idea how to do that:

By making apps that keep their sprawly-ness well in check and make best efforts to self-contain their complexity as much as they can, instead of smearing it out over a smorgasboard of libs, file locations, services and scripts.

If apps get so complex, that we need ever smarter package management systems, to hide their complexity behind a smileyface, which goes :-( the moment a servers environment doesn't/can't/isn't-allowed-to conform to that management systems way of doing things...then maybe, just maybe, the problem is more with the apps, rather than the way they are managed.

The real elephant in the room

while everyone here is focused upon the operating system, there is a much larger problem no one seems to have fully recognised; user files damaged by software designed to break into such files to force users into rental of software; alongside the deliberate destruction of user rights once purchased under classic free market rules; that are now no longer accepted. A good example was when Microsoft made the decision to remove support for Paint. What they did was deliberately damage ANY illustration, within ANY previous document created in Word, that had been created by the previously totally law abiding owner of their software; someone who had purchased and was the lawful owner of their version of Word. Recently Microsoft announced that they were going after the last owners of Word . . . to force them into being only able to access their previously totally lawfully created files, by renting access to 365.

A very good simile would be the historical ownership of fine china, where to force the previous purchasers of fine china to purchase new items, the manufacturers climbed through every window in every home and smashed their previously purchased fine china. For that is EXACTLY what the likes of Microsoft, and others, have been and continue to do. Of even greater importance, many others now do the same thing, damage the original document to force the use of their new business model upon users.

We need software that will protect the original documents, to remove all the externally applied damage; so that the owner of their work always has full access to it for the future.

Ah....a response from the author!!

@Liam_Proven

So.....a response to (maybe irrelevant) comment about Puppet......some of the other comments might be considered somewhat more substantial.

Just saying!!

May be AC..........but paying attention!!!

journaling file systems

First, some proprietary ones were hacked out of commercial Unixes: we reported on SGI's XFS in 1999, and IBM's JFS in 2000.

Can you spot the elephant in the room?

Bullshit is a problem

With so many silos, one gets security issues and those eventually spread like a fireworks display across the field of view and beyond.

Every time open source went with silos, commercial style, security took a back seat, just as Ubuntu released a new LTS version without it's FIPS and security enhancement package.

Welcome to the new world, the same old one, just with a new fake name for the two dollar whore.

Maybe next, we'll get Hitler 2.0 or something equally idiotic, to rinse and repeat, with much larger losses, as has been the trend for idiots who refuse to learn from history.

Of course, the correspondent also failed with a certain former German brand of Linux, bought and fouled hopelessly up by Novell, then returned to spender. At least they did touch on the ReisderFS debacle and the tossed baby with the bathwater, when there was no other real game in town.

Yeah, we old farts are really inconvenient and stand in the way of regress, erm, "progress".

Welcome all to the newest, most improved silo, all of which previously failed, but this will succeed like a fine Tesla autopilot or autodrive...

It's a shame we outlawed euthanasia...

I'd sign a lot of idiots in business up for it.

"Will it run Quake?"

Whenever there is some new CPU architecture that comes out, there is always some commentard that makes this point--it doesn't matter how cool something is, or how powerful. What matters is that users are satisfied.

NONE of these tools, after apt-get or yum, are helping me in any noticeable fashion. Not Chef, who thinks that it is possible to take "self healing" from biology and apply it to the world of 1s & 0s, and to do so without having absolute control over the system. Not Terraform, that thinks it's a sin to test files written in a Turing complete language. Not K8s, that wants to take Google's solution to Google's problem and make it my problem. And certainly not snap, that introduces itself by violating 50-year old conventions, or systemd, whose premise is that I'm stupid.

I need to be able to take my programmers' code and turn it into an app in an image that I can test, then deploy to my fleet while maintaining sufficient visibility to know about and fix issues before my customers have any clue that something happened. That's it. And, I'm lazy. I want to be able to create and maintain my one-liners to do this without a huge amount of work on my part.

What I DO NOT need is some Microsoft employee's vision of the world being forced on me. Or someone's attempt to violate the most basic rules of system management being forced down my throat. Snap & Flatpack don't look or smell like tools that want to solve problems for me. They look like tools for someone to snatch control of my system from me, while giving me very little in return.

Eureaka!

"For any readers who aren't speakers of British English, the tool's name, git, is UK slang for an annoying or uncooperative person."

So THAT's what "git"means! As I have never been to Britain, I had no idea. Although I do know you guys call math as "maths".

Linux, what a house of cards.

ZFS Boot Environments

If Linux would like to bulletproof then they would implement ZFS Boot Environments that FreeBSD has with beadm(8) or bectl(8) tools.

With ZFS Boot Environments you can change any aspect of the system/upgrade everything/change packages and even leave system in totally broken state ... and just reboot to one of other Boot Environments that you created earlier - once you 'got it' how awesome and useful that is - you will want that everywhere.

Some more info here: https://is.gd/BECTL

Regards.