You can wrap all of that in a downloadable shell script if you like. It's way less of a big deal than you make out; our customers never expressed any problems with installing the software.

Really? apt update && apt install the_software is too complicated?

I've stuck with Debian since ~2003. Sure, Debian has had its organizational and interpersonal dramas, but for the most part, Debian developers care about delivering a stable and useful system without any of the enshittification that comes with being a corporation trying to bring in revenue.

You can create your own apt repo, you know. Back when I ran a company distributing software, we created apt repos for various versions of Debian (stable and oldstable, I believe.)

OMG. My OCD kicks in if I have more than about 7 tabs open at once...

Our laws guarantee certain things, but they certainly do not guarantee freedom from discomfort.

If some women are uncomfortable with the thought of a transgender woman using the washroom at the same time as they do, well then... that's what single-occupant washrooms are for. You can accommodate those women by given them single-user spaces.

It'd be an awful shame if the form were to be flooded with jokes, memes, salacious images or other such tomfoolery that prevented the good leaders of Utah from addressing the most pressing problem in the state and stopped them from efficiently policing hallowed state potties.

I have a semi-smart thermostat. I can program in schedules using the built-in keypad, but I don't think it has any IP connectivity or remote control. There is, however, a USB type B port on it. I recall plugging in a laptop to see what showed up (I was hoping for a TTY or something) but it wasn't recognized.

Anyway, it's fine for my needs. I manually adjust the temperature as needed and have never once felt the need to change the temperature remotely.

I bought a book on BASIC when I was 14. I had no access to a computer, so I wrote programs with pen-and-paper and "ran" them in my head. Then at 15, I went into Grade 10 at a high school and had access to a Commodore PET. None of my programs was correct.

That started me on a 30-year career as a software developer, from which I've only recently retired. Good memories.

I'm 100% sure that would not have happened. The core of our product was in fact open-source and used by many people, but we got essentially no support revenue from it.

No, it's not. I've worked for companies that had that model and it's not easy at all. Furthermore, support is labor-intensive with a low profit margin. With proprietary software, once your costs are covered, each additional sale is just about pure profit. It is far easier to have a profitable company selling proprietary software than selling open-source software and support.

Just. Stop. Being. So. Fanatical. You are so desperate to promote run0 you didn't even read my post.

Jesus. Fucking. Christ. I don't give a fucking rat's ass if people want to use sudo or if they want to use run0. I was attempting to point out that there are security advantages to having privileged programs started by a daemon with a controlled environment that an attacker can't manipulate, vs a SUID program whose environment can be manipulated. That's all.

Then you went all ballistic with accusations of fanaticism. God dammit, take a chill pill, for fuck's sake!

I forgot to mention that leaking file descriptors can't happen with run0. And that's not FUD... there are plenty of CVEs related to that.

Like you could literally check that instead of making a wild-ass claim.

Sudo is 284K lines of code not including blanks and comments.

systemd-run is 2400 lines of code including blanks and comments.

If you don't want to use run0, don't. sudo will always be there for you. I don't understand the vitriol against something that has very clear and obvious security benefits.

I can't easily find the server side of this code because I'm not too familiar with systemd, but I'd be very surprised if it was anywhere near 200K lines of code. (There's a lot more than 200K lines of code in systemd, obviously, but most of them have nothing to do with the server side of systemd-run.)

Run0 doesn't help with most of that

It does. It ensures the program starts with a safe environment. It ensures that no other process context can be manipulated by the person who invoked run0. Environment variables are obviously the most important ones, but I wouldn't be surprised if certain prctl calls could be abused as well. And as Linux evolves, it's possible that more process context could end up impacting security.

This is a red herring. Compared to what? Systemd?

Yes. systemd-run (the client) as well as the server code that invokes the requested program are most likely an order of magnitude simpler than sudo.

I self-host my personal stuff... web site, email, etc. I have good delivability for my email, but to achieve that I had to make sure my server was hosted at a reputable company and set up proper SPF, DKIM and DMARC. This is non-trivial for folks who don't understand email well.

Furthermore, there's always the threat of Hotmail/Google/etc. blackholing my email "just because". Their anti-spam algorithms are notoriously secret and convoluted.

I suspect that if enough people or companies start self-hosting, the Big Ones will not be above some shady turning-of-the-screws. "Great email address you have there. It'd be a shame if you couldn't send anything to our users..."

I make a few bucks a month on donations for my free software projects. Granted, they're small with a relatively small userbase and I don't go out of my way to ask for donations.

When I was running my 12-person company producing proprietary software, we were seeing $200K/month in software revenue. It's orders of magnitude easier to make a living on proprietary software than free software.

I don't pay for any music services, but I buy CDs and I have a subscription to a major newspaper.