I have a semi-smart thermostat. I can program in schedules using the built-in keypad, but I don't think it has any IP connectivity or remote control. There is, however, a USB type B port on it. I recall plugging in a laptop to see what showed up (I was hoping for a TTY or something) but it wasn't recognized.

Anyway, it's fine for my needs. I manually adjust the temperature as needed and have never once felt the need to change the temperature remotely.

I bought a book on BASIC when I was 14. I had no access to a computer, so I wrote programs with pen-and-paper and "ran" them in my head. Then at 15, I went into Grade 10 at a high school and had access to a Commodore PET. None of my programs was correct.

That started me on a 30-year career as a software developer, from which I've only recently retired. Good memories.

I'm 100% sure that would not have happened. The core of our product was in fact open-source and used by many people, but we got essentially no support revenue from it.

No, it's not. I've worked for companies that had that model and it's not easy at all. Furthermore, support is labor-intensive with a low profit margin. With proprietary software, once your costs are covered, each additional sale is just about pure profit. It is far easier to have a profitable company selling proprietary software than selling open-source software and support.

Just. Stop. Being. So. Fanatical. You are so desperate to promote run0 you didn't even read my post.

Jesus. Fucking. Christ. I don't give a fucking rat's ass if people want to use sudo or if they want to use run0. I was attempting to point out that there are security advantages to having privileged programs started by a daemon with a controlled environment that an attacker can't manipulate, vs a SUID program whose environment can be manipulated. That's all.

Then you went all ballistic with accusations of fanaticism. God dammit, take a chill pill, for fuck's sake!

I forgot to mention that leaking file descriptors can't happen with run0. And that's not FUD... there are plenty of CVEs related to that.

Like you could literally check that instead of making a wild-ass claim.

Sudo is 284K lines of code not including blanks and comments.

systemd-run is 2400 lines of code including blanks and comments.

If you don't want to use run0, don't. sudo will always be there for you. I don't understand the vitriol against something that has very clear and obvious security benefits.

I can't easily find the server side of this code because I'm not too familiar with systemd, but I'd be very surprised if it was anywhere near 200K lines of code. (There's a lot more than 200K lines of code in systemd, obviously, but most of them have nothing to do with the server side of systemd-run.)

Run0 doesn't help with most of that

It does. It ensures the program starts with a safe environment. It ensures that no other process context can be manipulated by the person who invoked run0. Environment variables are obviously the most important ones, but I wouldn't be surprised if certain prctl calls could be abused as well. And as Linux evolves, it's possible that more process context could end up impacting security.

This is a red herring. Compared to what? Systemd?

Yes. systemd-run (the client) as well as the server code that invokes the requested program are most likely an order of magnitude simpler than sudo.

I self-host my personal stuff... web site, email, etc. I have good delivability for my email, but to achieve that I had to make sure my server was hosted at a reputable company and set up proper SPF, DKIM and DMARC. This is non-trivial for folks who don't understand email well.

Furthermore, there's always the threat of Hotmail/Google/etc. blackholing my email "just because". Their anti-spam algorithms are notoriously secret and convoluted.

I suspect that if enough people or companies start self-hosting, the Big Ones will not be above some shady turning-of-the-screws. "Great email address you have there. It'd be a shame if you couldn't send anything to our users..."

I make a few bucks a month on donations for my free software projects. Granted, they're small with a relatively small userbase and I don't go out of my way to ask for donations.

When I was running my 12-person company producing proprietary software, we were seeing $200K/month in software revenue. It's orders of magnitude easier to make a living on proprietary software than free software.

I don't pay for any music services, but I buy CDs and I have a subscription to a major newspaper.

I posted in another comment, but there's a good technical discussion at LWN.

Ignoring the usual systemd hate / anti-Poettering rants... there's a lot of technical merit in this proposal.

Writing secure SUID programs is really, really hard.. And sudo is a very complicated piece of software with a huge attack surface.

Having privileged programs started from a daemon with a controlled environment that an attacker cannot manipulate is a very good idea. There's a good technical discussion of the merits over at LWN.

Nah, unless you are extremely popular, you make almost nothing on Spotify. I am a comedian and I have tracks on a comedy album on both Spotify and SiriusXM, and I've made literally a thousand times as much from SiriusXM as Spotify... and I have not yet made $1000 from SiriusXM. So that's the order of magnitude we're talking about.

Overall, I think this is unworkable. If you want to make money selling software, sell proprietary software the way traditional software companies do. If you want to make Free Software, more power to you, but don't expect any money. I have some Free Software projects I maintain for the love of it, and in a previous career I had a company that sold proprietary software, so I know what I'm talking about wrt business models.

Yes, many companies do that, but AFAIK Netflix does not. My sister cancelled her Netflix account about a year ago and it was apparently very easy and painless to do.

This page outlines what looks to be a pretty straightforward process.

The 5th amendment says you can't be compelled to be a witness against yourself. That has a very narrow meaning: You can't be compelled to testify in court against yourself. It doesn't cover destruction of evidence. It also applies only to criminal cases. I'm not sure if the FTC is considering criminal or just civil penalties in this case.

That's a whole different question. Americans in particular seem to be experts at voting against their own best interests. It has to do with money and manipulation of politics by the powerful, I think.

You should trust the government more than you trust Amazon. The government is accountable to the people. Amazon is only accountable to its shareholders.

Your "I'm only asking questions" shtick is a little tired.