Pfft... I just use webferret from 1997, it bundles up all those fancy search engines into one!
I am not a security adviser, so I cannot say for sure which ones they were referring to and the only info they gave me was a list of about 13 x US-CERN, NVD and Canonical advisories regarding the exploitation of systemd through various methods. These were not noted as "fixed" either and 4 are listed as "Medium".
That list was FROM Redhat, not a troll of any kind... just a list. Sheesh.
We dropped $2.2M on 2 half populated IBM Power 7 780's (redundant VIOS with IBM's tailored 42U cabinets) in 2012 and are running approximately 239 AIX 6+ & 7.1 LPARs for many of our Financial and Business Continuity Applications. LPAR isn't quite as advanced as VMWare, but it is getting there (no more stupid 4 lines of lpar commands for simple resource management/adjustment). Compared to what we spent on the p5 series years ago, we paid 40% less for our Power 7's. Power system prices have come down A LOT over the last 3 years though and I would professionally recommend checking them out if you need some SystemV style stability.
Anyway, we WERE hoping to move away from AIX to RHEL so we did not need to have two separate UNIX SysAdmin groups, but RHEL7 kinda threw that out the window for us sadly. Personally, I am less bemoaning of systemd than I am over the plethora of other MANDATORY changes they decided to dump on the customer all at once. It affects me and my team directly whereas the systemd thing effects my vendors and their applications.
A lot of what I listed was directly from the RHEL Customer Portal article and it was intended to illustrate the number of changes, but none with any particular order of importance or grief.
For my team, the grievances begin with the slurry of ctl command changes like (but not limited to the following off the top of my head):
rhn_register > subscription-manager
system-config-* > gnome-control-center (Who installs gnome on a server?!?!)
chkconfig/service/runlevel/init/shutdown/halt/inittab > systemctl
system-config-date > timedatectl
parted > gdisk
ifconfig/network/hosts/dns/eth > nmcli
netstat > ss
And Apple Xservers were SUCH great performers...
>>So, what alternative are you looking at?
Our vendors who have explicitly stated they will not support systemd in any way (due to +Priv, DoS and bypass issues/concerns) have stated that they recommend either staying with RHEL6 & Oracle Linux 6 until it is no longer supported or switching to AIX or FreeBSD. Two of these vendors are financial software suites, one is a Point of Sale system and the other is a CRM Suite that "may support it in the future". What the other vendors plan on recommending is still TBD for them. Simply put though, many companies are more invested in their applications than any flavor of *NIX.
>>I don't know about how you write scripts, but I find it amazing that a majority of them has to be rewritten.
Have you not seen the number of changes in management, monitoring & configuration commands made within RHEL7? Seriously, it borders on being a completely new distro the way everything has been retooled. Many of our SysAdmin scripts are written in Perl & Bash with remote get for everything from deployment to monitoring and analysis (netstat? gone. ifconfig? redirected. iptables? gone. lsof? switches changed. chkconfig? redirected. So many more...).
> What can't I do anymore?
Let me see, the top 3 I cannot do anymore include:
- More than half of my companies preferred vendor applications will not run on systemd (some of which will never support it)
- Majority of in-house scripts need to be rewritten
- Kickstart now REQUIRED since they removed "Full Custom Install"
The growing list of complaints are raising flags in my company so much so that we are looking at outright dumping Redhat and we have been a dedicated Redhat Enterprise customer since 1997. RHEL7 has ZERO TCO for everyone I've spoken with... Retraining, retooling, reconfiguring and reorganizing are absurd.
I have no idea why Redhat made so many changes in their most recent release, but it is so vast that it may as well be a completely new distro. To name a FEW:
Anaconda RHEL installer completely redesigned
Legacy GRUB boot loader replaced by GRUB2
Procedure for bypassing root password prompt at boot completely different
SysV init system and all related tools replaced by systemd
ext4 replaced by xfs as default filesystem type
Network interfaces have a new naming scheme based on physical device location (e.g., eth0might become enp0s3)
ntpdreplaced by chronydas the default network time protocol daemon
GNOME2 replaced by GNOME3 as default desktop environment
System registration and subscription now handled exclusively with Red Hat Subscription Management (RHSM)
MySQL replaced by Mariadb
tgtdreplaced by targetcli
High Availability Add-On: RGManager removed as resource-management option (in favor of Pacemaker)
ifconfigand routecommands are further deprecated in favor of ip
netstatfurther deprecated in favor of ss
System user UID range extended from 0-499 to 0-999
locateno longer available by default; (available as mlocatepackage)
nc(netcat) replaced by nmap-ncat
Systemd is pain to use for me and feels backwards... I find troubleshooting processes with it to be more frustrating than anything else Redhat has done in the past 20 years... Well, almost.
According to top-secret documents from the NSA and the British agency GCHQ, the intelligence agencies are seeking to map the entire Internet, including end-user devices. In pursuing that goal, they have broken into networks belonging to Deutsche Telekom.
The document that Der Spiegel has seen shows a map with the name 'Treasure Map'. On the map are the names of Deutsche Telekom and NetCologne and their networks highlighted in red, where the legend says that within the networks 'access points' exist for 'technical observation'.
Treasure Map is anything but harmless entertainment. Rather, it is the mandate for a massive raid on the digital world. It aims to map the Internet, and not just the large traffic channels, such as telecommunications cables. It also seeks to identify the devices across which our data flows, so-called routers.
Furthermore, every single end device that is connected to the Internet somewhere in the world — every smartphone, tablet and computer — is to be made visible. Such a map doesn't just reveal one treasure. There are millions of them.
The breathtaking mission is described in a Treasure Map presentation from the documents of the former intelligence service employee Edward Snowden which SPIEGEL has seen. It instructs analysts to "map the entire Internet — Any device, anywhere, all the time."
Treasure Map allows for the creation of an "interactive map of the global Internet" in "near real-time," the document notes. Employees of the so-called "FiveEyes" intelligence agencies from Great Britain, Canada, Australia and New Zealand, which cooperate closely with the American agency NSA, can install and use the program on their own computers. One can imagine it as a kind of Google Earth for global data traffic, a bird's eye view of the planet's digital arteries.
The New York Times reported on the existence of Treasure Map last November. What it means for Germany can be seen in additional material in the Snowden archive that SPIEGEL has examined."
Link to Original Source
Nope! Nothing to hear since it was "an artificial atom". Meaning, they were not really even listening in the first place, but rather determining if it could be done.
I always wondered why we have not advanced to the point of using our DNA or similar as a PIN. Exhaled breath condensate is a non-invasive method for detecting a wide number of molecules as well as genomic DNA in the airways and could easily be a source of information usable as an ID Verification technique.
Pfft... Cirrus Logics were horrible! Everyone who was anyone bought Diamond S3 VLB cards. That is, until the Matrox Mystique came out on PCI!
Back in the 90's when places like SharkyExtreme.com, jc-news.com, HardOCP.com and Tomshardware.com were "it", Anand Lai made a name for himself for his more than truthful video reviews. It was a new take on things with this guy Anand, sometimes sitting on a rock outside, chatting about computers.
I still trust much of the content on his site, but worry it'll go the way of sharkyextreme now. Perhaps legitreviews or some other can fill that void without Anand around.
Thank you for helping millions of us make good choices over the years Anand, I wish you the best!
Link to Original Source