> IMO Firefox are doing this right. [...] I've worked in more than one organisation
> that was doing MITM on their staff's SSL sessions (unknown to the staff) by silently
> pushing "trusted" DIY certs to the workstations by policy.

1) I don't belive that the organisation was doing it secretly or they were complete legal morons. Almost any larger organization has policies which you as employee/user accept. These policies are in place to inform you of such practices so you cannot sue them back for privacy breaches.
2) If organisation has the power to install certificates on client machines it basically administeres these machines. As an administrator it is safe to assume that they also got the means to block Fx or whatever unsupported software. Also usually serious organizations maintain a policy list of allowed software.

So in fact there is nothing that Fx did right in this scenatrio.

I am personally a Chromium user and as an administrator Fx states to piss me off. We support Fx on workstations, we push new releases form ERS channel via GPO and MSI installs. This usually works but once in a while it stops working and requires manual tweaking - and it is not our fault but Mozillas pushing undocumented new options or different defaults. We do test so it is not a major problem but it is more work that it should be.

> On the one hand, forking is what drives Free Software. It allows us to innovate,
> adapt software to new needs, etc. Without it, the FOSS community would not be
> as strong as it is.

Of course the ability of forking is great. I would compare it to a relationship - if at some point you realize that your goals or whatever are not in sync then you fork it is not easy comes with attached looses to both sides but it is but doable. And an obvious way to go if you can't go together.

BUT this is not a fork in my opinion. A fork it will be if we can get anything usable from it like a working distro in this case. But now it is just an other act of DRAMA. Like in relationship - you know I am forking right now! look this is my fork website! look i WILL fork. Geeesh than do fork and get over it.

These guys are behaving like overly attached boy/girl friend who in fact DOES NOT want to fork but uses threats that she/he will fork to force something on the other side.

I know it is simplification but really right now from my point of view it just looks like emotional drama.

As for techical merits in my own opinion. I dont care. I am not by any means a white bearded system admin. I use Linux profesionally and I like it. I really haven't noticed the whole systemd drama until it popped out in media. Professinaly I use RHEL and CentOS because I can run software on it for my employer and it is OK. We use Oracle, SAP, Zimbra and other products so for me it makes no real difference as what init system is used as far as it works.

In my personal systems I've used RH from like 5.0 release and I liked it. I used it till it separated into RHEL and Fedora - then I've used Fedora but around release 14 or some it becamed very annoying (lots of problems with distro upgrade, hardware etc.). Then I've started to evaluate other distros. Also got a RaspberryPi and tried Pidora on that. More annoyng than ever. Then I've tried Arch Linux and I got hooked imediately - works well on my home systems (server, workstation, laptop) and also on RaspberryPi. And it uses systemd in more fashinable way than Fedora (but things may have gone better - I've not touched it since 14). So I don't really get this systemd "controversy".

First of all - thanks for an interesting comment. Your insight on licensing issues regarding use of systemd never occured to me.

Regarding your comment - I cant validate all your claims right now but I trust they are valid - in Your opinion why there is NO mention about licensing on the new fork site? The site is TL;DR to me as it is in my opinion yet another meaningless fork of Debian but I tried to search the site for terms like "license", "gpl" and there are exactly zero occurances of such terms. It seems to me as the authors of the fork didn't find your arguments about licensing as interesting to mention it.

So how exactly this fork is better for your goals?

If I was in situation in which licensing was critical to me I would use Gentoo since as far as I know it is only decent and recent distro that actually lets you choose init system to your liking.

Mozilla is loosing it. Fx gets more and more irrelevant between various UI changes and more bloat added. Usage is declining. And yet they try to reinvent themselves with such ideas. What for? Just make a decent browser and build developer tools into it like everybody else does. What is the point of such product? To have yet another browser/platform to build and test for?

> For me, Linux is about control.

And exactly what aspect of control is taken from you by systemd?

> Apparently, systemd replaces all that and more with a single monolithic
> structure, which seems more akin to the Windows way of doing things.

No it isn't. Lots of commercial unix like operating systems had moved on to some form of init system not based on shell scripts f.e. Solaris, Mac OS X etc.

> It's main selling point appears to be boot-up speed

No it isn't.

> IMO the cost that we must all pay for that extra speed is just too high

And what is the cost exactly? What exactly do you have against systemd? Only thing you stated is that it is monolithic and non unix way. I don't rally care about it. What practical limitation does it cause? Only valid complains about systemd I've read so far is that is not standard as it is an implementation and in theory this shouldn't be done like that. And I agree but still it exist, it works and it is not going anywhere. The second complaint is that it uses binary log file. It does in fact but I also don't care about that. I can config it to forward to syslog so it is no problem. Actually by using such architecture it can start logging earlier than sysvinit system which is better. These two flaws do exist but they do not rule against systemd in general. It is still a step forward in right dimension.

Look at CoreOS and its components like fleet - this is what systemd was designed for and it is strictly server operating system.

> The init process is a critical stage: failure tends to leave you with no access to
> the system to diagnose the failure.

Nowdays not really a problem. If this is a desktop system then just hook up a LiveCD with your choosen distro or an USB stick and go on from the live system. With live system images you have all the tools you need and as far as the system's storageis not damaged you can do whatever you wish. As for servers - well remote lights out, management cards, flash addons, consoles etc. you can do whatever to rescue the system. Or if you cant afford it just use serial console to the bootloader and add a failsafe recovery system partition with an image containing all the needed tools and you are ready to go. Mind that these means were used like long time ago even before systemd happened. ;) If you are thinking about disaster then get ready for it when your systems work.

> Shell scripts and plaintext log files may be primitive, but they have the advantage of being easy
> to read with minimal access and not requiring complex stuff to run

Look above - complex stuff to run is not as complex as you see it. You can easly run even an graphical desktop system to recover your system even if you wish for doing so (most live cds do so). You just need to plan it ahead.

> mainly they just require that basic binaries be available in the path

Systemd does not depend on these tiny binaries. In my opinion it is an advantage. It still needs to get unit information from somewhere (like local filesystem or fleet).

> Until I've got at least a basic system up and running enough to log in and work

This is probably the old or wrong way of doing stuff. Just boot from something else and chroot to the system and then check the problem.

> text-based tools will probably run to decipher binary logfiles

You reall don't need to decipher anything as the log files are not ciphered. You just need to open them with specialised tool (avaiable on your rescue media from which you have booted). You don't quite get why people have problem with binary log files do you? The problem is not about tools for accessing them - the main problem is if they get corrupt they are much harder to recover than plain text files.

> and modify configurations

With systemd you do not need any special binary tool to modify configuration.

> The only change I'd make is to make systemd use syslogd like everything else

But it does.

> SysV init scripts may be clunky and primitive, but they've been around a long time.

So?

> People know how to manage them, and they've had the kinks worked out of them and
> best practices established. systemd doesn't have that.

It does. But I get what you're getting at - writing a startup script yourself. So maybe try writing systemd unit for your need yourself and then compare it to sysv. IMVHO systemd units are easier (as more simple) to write than shell scipts for sysvinit. But YMMV.

> if Debian were to reverse their earlier decision and go back to sysvinit (or at least make
> systemd optional), then I think we could see many sysadmins converting their RHEL
> systems to Debian jessie

You are joking, right? The reason people use RHEL not Debian is primary because tons of commercial software built on SAP, Oracle and similar are *supported* on RHEL. That has little to do with RHEL or Debian being technically superior from each other. After all Debian and RHEL are just Linux distributions not so much different from technical standpoint you have similar technical limitations using these as both use Linux as kernel. People use RHEL because they need to have support for the apps they are running. Not because it uses this init system or other - none of RHEL admins really care about it as long as it is supported by the business apps they need to operate.

And also I don't quite get the shitstorm going on about systemd. I think compared to sysvinit it is a great step forward. And I'm a professional sysadmin administering just few Linux systems - couple of RHEL boxes (Oracle related stuff), some CentOS (for Zimbra and MariaDB which we use internally) and CoreOS with Docker and all of systemd glory mostly for my own amusement at our own webapps. All of these are systemd powered right now and I don't see any problem with that. Just works as an OS.

Oh and on home laptop, home nettop and few raspis automating stuff I use Arch Linux with systemd of course.

> You can fax legal documents (...) the state of Utah (...) New York allowed (...) Australia allows it [cnet.com], and anther New York [etc.]

But you are you aware that lots of other countries than USA or Austrialia exist and such even tend to have precedent or non-precedent legal systems? I know that general tendency is to go to electronic means where possible but I am quite sure that there still are and still be situations in which the new/current ways are not possible and you need to keep the old system running to support them. For example how do you deliver legal papers to inmates who cannot use email or Facebook?

> Requiring someone to buy a laser device to burn "stamps" onto envelopes and packages won't work.

This I fully agree. The idea is so stupid I don't even know how it got here to Slashdot.

IDK how it is in the US but here in Poland the post is like an institution. Fe. if you have an invoice or legal paper you can send deliver it yourself, you can send it by private held company like TNT, UPS, whatever but only when you send it via Polish Post (national operator) it gets so called the power of postal stamp. Legally if you choose the right delivery type it is valid as delivery in court. Such postage is still deeply embodied in legal system and I think it has some merit. In Poland f.e. you could run a company and register its address for legal purposes as PO box in some large office complex where you just rented a PO box. In case of this special Polish Post delivery it is an obligation to the office complex administrator to deliver this postage physically as he gives the PO boxes to his clients he also has an obligation to deliver such postage.

I think Post Office isn't going anywhere and lots of people still send physical letters due to legal conditions and I don't think it is Polish only thing. Also people tend to send faxes. F.e. I was required to send signed legal papers via fax (snail mail would take longer but was also an option) when we was changing our DNS owner information due to company name change. This is silly but still it has some silly merit.

But as for the gadget in the article - laser postal stamps? It sounds quite cool but it makes no sense as in no real purpose. People who use snail mail en masse tend to have agreements with their posts to bulk send it with stamp or pre-printed stickers or pre-printed envelopes. In some countries to obtain a "stamp" to send an letter you just send an SMS to paid premium number and in reply you get a number which you just write on the envelope/card. In Poland you can get fancy stamps with your design on it etc.

(I've used to work at Polish Post IT department head office)

Cant wait to get my hands on one of these. Unfortunately Amazon doesn't ship to Poland so I can't get it here. I have two concerns regarding this:

I understand this is an amateur class device. Better (or is it?) than Authenticator app as you need to gain the physical key since a phone app can be accessed remotely at least in theory but still not hard security as corporate smart cards, RSA tokens etc. Just hardware two form auth for the masses and I guess it is a good thing to have (or is it?). But as I see the form of distribution of this hardware is quite loose. If I order it via Amazon (if I could) it goes through amazon warehouses, shipping company etc. - could this device be tampered with in shipping? Shouldn't it have a safer distribution method like physical store so you can randomly pick one and it couldn't be identified to your identity?

How does it work? It states that it requires supported browser (Chrome 38) on any platform it runs but does it also work in Chromium (I am using Chromium)? Can it be used in other applications f.e. VPN client, SSH client? Does it use some open source library, tools? How it works as a device - I plug it in and it registers as standard USB class device - what class is it?

I've tried to google these concerns for few seconds but couldn't find good information so please anybody could clarify on this?

Facebook filters your wall posts so not everything you post gets to everybody's feed. They are afraid people using Facebook get too many meaningless information from other people like look I just watched this Youtube video and you should too. So they use algorithms that select data you post to other people. I guess they select it by number of likes, views etc. So given that they DO censor what you post they are afraid that they could censor also such important information regarding your safety. But they are not afraid about you - they are afraid about legal issues surrounding this. So they invented a way to control whether you are allowed or not to post such critical information. In my opinion this is just about covering their asses, not about your safety.

Because from Facebook's POV (huh) such status update is not related to major disaster. As I see it they are doing it to omit liability in case your status update in fact would be real in case of serious incident. Right now they are doing serious filtering of what gets into your feed since they are shit crazed about people leaving Facebook getting sick of all the irrelevant crap they see. This (proposed in the article) way they can select on the basis of fact of some disaster happening who can post such updates and these updates would be omitted by their what-is-interesting-and-what-is-not filters.
 

> The a good thing to do with an iMac would be a decent SSD... as well
> as an external drive appliance with RAID 1, or a volume with software
> RAID that is similar.

To have backups is the good thing to do whatever OS or hardware you run.