Comment Earhart Click Bait (Score 3, Informative) 94
Everything in this article is based on presumption and speculation.
Everything in this article is based on presumption and speculation.
They did that once already in the UK back in 1997... Still washing up to this day
Pfft... I just use webferret from 1997, it bundles up all those fancy search engines into one!
I am not a security adviser, so I cannot say for sure which ones they were referring to and the only info they gave me was a list of about 13 x US-CERN, NVD and Canonical advisories regarding the exploitation of systemd through various methods. These were not noted as "fixed" either and 4 are listed as "Medium".
That list was FROM Redhat, not a troll of any kind... just a list. Sheesh.
We dropped $2.2M on 2 half populated IBM Power 7 780's (redundant VIOS with IBM's tailored 42U cabinets) in 2012 and are running approximately 239 AIX 6+ & 7.1 LPARs for many of our Financial and Business Continuity Applications. LPAR isn't quite as advanced as VMWare, but it is getting there (no more stupid 4 lines of lpar commands for simple resource management/adjustment). Compared to what we spent on the p5 series years ago, we paid 40% less for our Power 7's. Power system prices have come down A LOT over the last 3 years though and I would professionally recommend checking them out if you need some SystemV style stability.
Anyway, we WERE hoping to move away from AIX to RHEL so we did not need to have two separate UNIX SysAdmin groups, but RHEL7 kinda threw that out the window for us sadly. Personally, I am less bemoaning of systemd than I am over the plethora of other MANDATORY changes they decided to dump on the customer all at once. It affects me and my team directly whereas the systemd thing effects my vendors and their applications.
A lot of what I listed was directly from the RHEL Customer Portal article and it was intended to illustrate the number of changes, but none with any particular order of importance or grief.
For my team, the grievances begin with the slurry of ctl command changes like (but not limited to the following off the top of my head):
rhn_register > subscription-manager
system-config-* > gnome-control-center (Who installs gnome on a server?!?!)
chkconfig/service/runlevel/init/shutdown/halt/inittab > systemctl
system-config-date > timedatectl
vi
parted > gdisk
ifconfig/network/hosts/dns/eth > nmcli
netstat > ss
And Apple Xservers were SUCH great performers...
>>So, what alternative are you looking at?
Our vendors who have explicitly stated they will not support systemd in any way (due to +Priv, DoS and bypass issues/concerns) have stated that they recommend either staying with RHEL6 & Oracle Linux 6 until it is no longer supported or switching to AIX or FreeBSD. Two of these vendors are financial software suites, one is a Point of Sale system and the other is a CRM Suite that "may support it in the future". What the other vendors plan on recommending is still TBD for them. Simply put though, many companies are more invested in their applications than any flavor of *NIX.
>>I don't know about how you write scripts, but I find it amazing that a majority of them has to be rewritten.
Have you not seen the number of changes in management, monitoring & configuration commands made within RHEL7? Seriously, it borders on being a completely new distro the way everything has been retooled. Many of our SysAdmin scripts are written in Perl & Bash with remote get for everything from deployment to monitoring and analysis (netstat? gone. ifconfig? redirected. iptables? gone. lsof? switches changed. chkconfig? redirected. So many more...).
> What can't I do anymore?
Let me see, the top 3 I cannot do anymore include:
- More than half of my companies preferred vendor applications will not run on systemd (some of which will never support it)
- Majority of in-house scripts need to be rewritten
- Kickstart now REQUIRED since they removed "Full Custom Install"
The growing list of complaints are raising flags in my company so much so that we are looking at outright dumping Redhat and we have been a dedicated Redhat Enterprise customer since 1997. RHEL7 has ZERO TCO for everyone I've spoken with... Retraining, retooling, reconfiguring and reorganizing are absurd.
I have no idea why Redhat made so many changes in their most recent release, but it is so vast that it may as well be a completely new distro. To name a FEW:
Anaconda RHEL installer completely redesigned
Legacy GRUB boot loader replaced by GRUB2
Procedure for bypassing root password prompt at boot completely different
SysV init system and all related tools replaced by systemd
ext4 replaced by xfs as default filesystem type
Directories
Network interfaces have a new naming scheme based on physical device location (e.g., eth0might become enp0s3)
ntpdreplaced by chronydas the default network time protocol daemon
GNOME2 replaced by GNOME3 as default desktop environment
System registration and subscription now handled exclusively with Red Hat Subscription Management (RHSM)
MySQL replaced by Mariadb
tgtdreplaced by targetcli
High Availability Add-On: RGManager removed as resource-management option (in favor of Pacemaker)
ifconfigand routecommands are further deprecated in favor of ip
netstatfurther deprecated in favor of ss
System user UID range extended from 0-499 to 0-999
locateno longer available by default; (available as mlocatepackage)
nc(netcat) replaced by nmap-ncat
Systemd is pain to use for me and feels backwards... I find troubleshooting processes with it to be more frustrating than anything else Redhat has done in the past 20 years... Well, almost.
Nope! Nothing to hear since it was "an artificial atom". Meaning, they were not really even listening in the first place, but rather determining if it could be done.
I always wondered why we have not advanced to the point of using our DNA or similar as a PIN. Exhaled breath condensate is a non-invasive method for detecting a wide number of molecules as well as genomic DNA in the airways and could easily be a source of information usable as an ID Verification technique.
Pfft... Cirrus Logics were horrible! Everyone who was anyone bought Diamond S3 VLB cards. That is, until the Matrox Mystique came out on PCI!
The hardest part of climbing the ladder of success is getting through the crowd at the bottom.