Systemd pid 1 takes up 1.5 megabytes on my Fedora system hard drive. For comparison, sysvinit compiles down to 40k. For security purposes, smaller is better, but getting the interfaces right is far more important.

So what is systemd doing with that 1.5 megabytes of compiled code? To answer that question, we find a good place to start, src/core/main.c, which is 2085 lines long. That is not necessarily too long, but if you are a fan of short functions, you will be horrified to learn that the main function is 825 lines long.

Typically a long function starts out well organized, but as people add to it over time, it becomes more and more chaotic, and that is starting to happen here. It is not always clear the order of why things happen, for example. If I were going to refactor this, it would look something like this:

main() {
    init();
    main_loop();
    cleanup();
}

So what is it doing with all those 825 lines of code? I went through and made a rough outline, which I wrote in code form. It could be further simplified, of course, but this will give you a basic understanding of what is in the main function, and it's better than 825 lines of chaotic code:

int main(void) {
 
  getTimestamp();
  parseSomeCommandlineArgs();
  setPIDNameToSystemd();
  setUMaskToZeroIfRequired();
 
  initFilesystems();
  initSELinux();
  initSMACK();
  initIMA();
  initKernelClocks();
  initLogging();
 
  initDefaultUnit();
  initJoinControllers();
 
  mountKernelVirtualFilesystems();
  initSignalHandlers();
  parse_Config_Commandline_Environment_and_KernelCommandLine();
  daemonize();
 
  initIfRunningAsManagerSystem();
  initIfRunningAsManagerUser();
  managerSetup();
 
  setCapabilityBounding();
  enforceSyscallArchitectures();
 
  queueDefaultJob();
 
  do{
      runMainLoop();
  }while(handleStateChange());
 
  reexecuteIfNeeded();
 
  cleanupAndShutdown();
}

I tried pasting the original function here so you could compare, but Slashdot apparently doesn't allow posts that long and chopped it off. If you want to see it, you'll have to put some extra effort in and click on this link.

When code gets too long, you need to break it into smaller pieces, so the human brain can see how the code is organized. When you refactor like this, it's important to make sure that the refactored code shows the overall structure, rather than obscuring it.

As always, please comment or correct me below, I am interested in hearing what you think!
(I've written other reviews, too, check them out).

In some ways, I think of Lennart Poettering as a product manager. He figures out what people want, then builds it. The architecture is not always the best, but 'customers' don't tend to care. The point here is that some people do want some of the features of systemd, and Lennart figured that out.

Lennart's system is sometimes laughably bad (for example, he'd prefer to get rid of BSD because he doesn't know how to write portable software), but he has done the community a service by bringing up the topic of system init. More and more, we are seeing thought provoking commentary, ideas on what a good init should be like. This wouldn't have happened if Lennart hadn't built systemd.

This is how the community should be. One person sees the problem, and tries to solve it. Other people come and say, "I can think of a way to improve that." Eventually we arrive at a solution that is elegant, and effective. Init systems have been controversial for decades, which is why BSD and SysVinit are different. Every major Unix vendor has tried to come up with a solution to that problem, and in each case come up with something rather mediocre. Until recently, the Linux and BSD communities have kept what they had, preferring not to change until something comes that is clearly better. When the better answer comes along, it will be obvious.

Systemd won't be here for the long term, but it's effects will be felt through spurring the community to solve this problem that has plagued the community for decades, again, analyzing the problem with things like this (I'd also like to think my own analysis is worth something).

I think a good start would be to add functions to POSIX like "daemonize()" and "start_dameonize()" "complete_daemonize()" but maybe I'm wrong.

No spoilers, just some quick comments.

It isn't bad, but it isn't great, either. Good enough is where I'd put it. Of the Daniel Craig Bond moves, I'd rank this one as #4 (of 4).

A couple of things that stick out at me were the early car chase scene. WTF people? Who wrote this? It wasn't so much a car chase as "lets watch expensive cars tool around Rome". No shooting, nothing exciting. Just what looked like an orange Lamborghini chasing whatever custom car Bond was driving. (Okay, it was a custom Jaguar C-X75 chasing a custom Aston-Martin DB10.)

See, Bond was driving a bullet-proof, armored car. WTF was he fleeing from? The bad guy couldn't get to him. He could've come to a complete stop, let the guy roll up, wave, and ask him to do his window and it wouldn't have mattered.

The second scene that bothered me was the train fight scene. Holy fuck! Are there no other people on the train? The bash their way through like 4 or 5 cars on a 7 car train and there aren't people scrambling to get out of the way. No staff, no passengers, nothing. It was like a ghost train. Then they get off at the next stop looking freshly showered and pressed, not like both protagonists just got their asses kicked and should be covered in bruises and welts and walking with severe limps.

The final scene that irked me was where Bond was chasing the cars in Austria with the plane. The plane loses its wings and a strut, then slides down the mountain only to bash through a barn and smash into one of the bad guys cars. And NO ONE IS OUTSIDE TO SEE IT! It is like they found the only Austrian ski resort village that IS TOTALLY DEVOID OF PEOPLE.

I guess they smashed up so many cars they had to save money somewhere, and skimped on the extras (except for the opening scene in Mexico City).

A little long, and a little disjoint. It really helped that I was at an Alamo Draft House and ordered a couple of beers while watching it.

All in all it really reminded me of a Roger Moore Bond as opposed to a Daniel Craig Bond. Not Moonraker bad, but still...

A couple of other notes on Ubuntu 15.10 on my hacked-up HP ProBoox 6475b.

1. The fingerprint sensor is a Validity VFS491, 138a:003d. Validity Sensors was bought by Synaptec back in 2013, but regardless those sensors have never been well supported under Linux. I did get this one working by digging out the old driver patch that HP supplied for SuSE Linux 11 back in 2012. I applied that to libfprint-0.0.6 and compiled everything from source. Ugly, but it works. I forwarded the patch over to the fingerprint-gui guys to see if they are interested in adding it in. Every little bit helps.

2. Playing with my Yubikey Neo I found that the pam-u2f package in the PPA (v1.0.2) segfaults on the pamu2fcfg command. I filed a bug report, provided debug and core data, and the developers patched the git HEAD source in a few hours. I rebuilt the utility and supporting libraries from scratch to test and all is working! Score one for open source software! Expect it to be released on the PPA next week.

That was really the last little nit. Everything went much smoother than I expected, and I'm quite happy with the setup. Every last feature on the machine works without a hiccup -- except the WiFI scanner, but that isn't part of the machine.

I'm actually fairly impressed with the open source AMD video drivers (Radeon 7660G, which comes with the A-10 processor), but don't play games on the machine other than WarZone 2100 so I don't really stress it.

I've tried everything, but can't connect to the scanner over WiFi. I can connect over USB, but the scanner is on the other side of the room and that defeats the purpose of the WiFi.

I have installed Epson's iscan, iscan-data and iscan-network-nt packages -- the latter being the one supposed to allow Epkowa devices connect over the network. Yes, I modified the epkowa.conf file in /etc/sane.d/ using both IP address and DNS name, but to no avail.

The printer works, the scanning port (1865) is active, but no joy on using simplescan, xsane, or iscan. Drat!

Ubuntu 15.10 automatically found my Epson XP-610 wireless printer / scanner and tried to install the proper printer driver, but failed miserably.

By "miserably" I mean it got stuck halfway through installing the package file and gummed up their software installation utility. I had to "kill -9" the appropriate, defunct dpkg instance. A reboot will do it as well.

The problem seems to be the proprietary Epson driver relies on LSB (Linux Standard Base), which is no longer installed by default in Ubuntu. The fix is to download the appropriate .deb package from the Epson site. Install the driver with sudo dpkg -i epson-inkjet-printer-201308w_1.0.0-1lsb3.2_amd64.deb, which will install but not configure because of missing LSB as a dependency. Finally, do a sudo apt-get install -f to handle the missing dependencies and you can go into the Printers app and add the printer, as the drivers will now be available.

Just a quick entry because I couldn't find a fix for this issue anywhere online.

Under Linux, using Ubuntu 15.04 and 15.10, my USB-connected Brother QL-500 label printer is detected automatically and available out-of-the-box, no driver install necessary. Very nice.

I tried printing under Glabels and all I got was a flashing LED on the printer. The Brother website has a similar error under Windows, claiming this is caused by a mismatch between the label actually loaded in the printer and the setting in the driver. This was not the issue. I have DK-1201 address labels loaded, and the driver is set to 29 x 90 mm, which is also the template I'm using in Glabels.

In the driver (Printers app, Properties, Printer Options), there is a button labeled "Label Preamble". This is on by default and is the culprit. Un-check that box and the printer should now print properly.

Book about programming.

As an intermezzo while investigating the stability of APIs (since that's not a fun thing to do), here is an analysis of some code: examining random-seed.c, pulled September 1st, 2015 ( link here, for as long as github is around).

When you come across a piece of code, the first thing you ask is, "what does this do?" In this piece of code, you can see the main() on line 34, so we know it's a stand-alone utility. That is the only function in a 165 line file, so come on Poettering, break your code into easy to read functions. It's not 1985 anymore.

Since it's not clear what the utility does from the comments, a web search might be helpful, which finds the man page, which doesn't tell you much. For example, on line 44 of random-seed.c, we can see that a command-line argument is required. However, the man page doesn't tell you what options are available, it's biggest use is telling you where the seed is stored on the filesystem (if you're wondering where that file location is defined, it's in the Makefile.am). The documentation is bad.

The program itself isn't helpful either, it doesn't respond to the --help option. If you give it any option that is not correct, it responds "Unknown verb '%s'." So keep guessing random verbs until you get the correct option.

Moving along to my main complaint, you have to read many lines of this file before you understand what it does. A program like this can be mostly self-documenting, if you structure main correctly. Here is an example of how it could be.

int main(int argc, char **argv) {
      init();
      parseCommandLineArgs();

    if(shouldLoad) {
              writeSeedFromFileToDevUrandom();
    }
    else if(shouldSave) {
              writeSeedFromDevToFile();
    }
      return 0;
}

This can still be improved. There can be comments explaining why things happen. It is much easier to see what the program does when it's broken up like this. The main algorithm should be clear.

One more serious criticism about this file, hard-coding the output file in Makefile.am is double bad: first because it shouldn't be hardcoded, it should be a command-line option. Second because build files should store as little information as possible.

That's a lot of criticism, but they're relatively minor. With a few fixes, the code is cleaned up. The big problems in systemd, the things that really worry me, were mentioned in journal 9. Those are the things that will cause serious degradation over time, and problems for all of us.

I believe I have mentioned before that every bit of media I purchase I digitize and store the files on a central server. That includes over 300 movies and over 100 television episodes, plush a few hundred audio tracks. Everything is available anywhere in my home via wireless streaming, however I had been having problems with reliably streaming 1080p HD video over WiFi to my main television units.

My back end device is simply a Buffalo AirStation AC 1750 running DD-WRT build 27456. It is configured for WiFi AC-only in the 5.8 GHz band, and G/N/AC in the 2.4 GHz band to accommodate some older devices.

A Western Digital My Passport Ultra 2 Tb USB 3.0 drive is plugged into the back of the wireless router, which acts as a NAS and makes media available via SAMBA shares.

Over all I like this set-up, though after several months of use I can't really recommend the Buffalo AirStation for the simple reason that it doesn't have any external antennas. It really suffers in coverage area because of this. DD-WRT is great, as is the little 2 Tb WD drive, but I'll never again get a wireless gizmo that doesn't use an external antenna.

The front end to my televisions scattered throughout the house is a CuBox i4-Pro running OpenELEC. This is a fantastic combination that has been almost -- but not quite -- perfect for me. It is also easy to use for my non-technical wife and future geek 7-year old child.

The one issue has been reliably streaming 1080p HD videos to a CuBox. Even with the unit less than 10 meters away from the access point, with no obstructions, it would routinely have such a poor connection as to not be able to keep up with the playback. Watching the dashboard of DD-WRT showed me it had less than 30% signal strength and constantly would drop to 5.5 Mbps connection rates.

To eliminate interference I got up in the middle of the night and shut off everything that used wifi except the CuBox and it still performed poorly.

The short answer is the built-in wireless on the CuBox is abysmal. Again, no external antenna and 2.4 GHz only. Further investigation showed it would not work with channel bonding, thus not use 40 MHz channels in 802.11n. I don't know if it is a chipset limitation or a driver issue. Either way, it sucks.

My answer was to buy a USB wifi adapter with an external antenna. This one is tiny, totally plug-and-play, and absolutely does the trick. And for $12.99, including Prime shipping, a bargain. It is marketed towards the Raspberry Pi, which is what I bought it for. It uses the Realtek RT5370 chipset and is supported at the kernel level (no extra drivers needed) in Android, OpenELEC, Raspbian and lots of other Linux flavors.

It support 802.11n and bonded, 40 MHz channels and, more importantly, handles HD streams without breaking a sweat. I just ordered 2 more to outfit my 2 other CuBox devices so I can stream everything to the TVs in bedrooms without running wires.

(Note: I'm in a fairly low-population subdivision and not a lot of 2.4 GHz wireless around. I'm not stepping on any of my neighbors with my signal.)

This entry discusses the benefits of good interfaces, then gives a (overly simple) metric for how to recognize them. Then it ties it back to systemd.

The 'unix way' is built around solid interfaces. The actual code to Unix is mostly gone (unless you use SCO or something), but the interface lives on with multiple (mostly compatible) implementations. The interface long outlasted the code. (NB: Unix hasn't always had good interfaces in every place, Unix isn't perfect.)

Another example of a good interface is the Berkeley networking API. It's not user-friendly, but as a low-level 'plumbing' API, it is extremely flexible and effective. It spread and now every OS has an implementation. (That is, every OS more complex than some stuff at http://wiki.osdev.org ). The original code is gone, but the interface will be around for a long, long time.

There are plenty of examples of interfaces in Unix. It doesn't have to be an API.

If you consider a programming language to be an interface between a computer and a human, then think of the C compiler. The original C compiler is no longer in use, but the interface was designed clearly enough that even intentionally bad IOCC code from 30 years ago still compiles.

Cron is another interface, as are the basic CLI commands like ls, mv, ps, grep, etc (which have now taken over almost everywhere....the interfaces, not the original code). The pipe is a powerful interface that seems obvious now, but wasn't at the time......the pipe makes it possible to take the output from any program and send it as input to any other program. That is impressive.

"Robert Metcalf [the inventor of Ethernet] says that if something comes along to replace Ethernet, it will be called Ethernet', so therefore Ethernet will never die. Unix has already undergone several such transformations." -- Ken Thompson

How do you recognize a good API? It's tough, but one thing is sure, a good interface allows easy swapping of components. If it doesn't allow easy swapping of components, it's not a good interface.

"Linux has always been multiple components that you can chose which one suits you best - whether its vi or emacs, gnome or kde, sendmail or postfix, apache or nginx, etc. This is a good thing, where you can swap out component A for B for any reason, and keeps the project competing with each other to get better and better." -- gbjbaanb.

When your component can be easily replaced, because the interfaces are good, it can only compete on its technical merits. That is how you will recognize the best interfaces, because when they are evaluated and put into use by skilled programmers, the best ones will come to the fore.

Time to wrap this back to systemd.

Systemd has gained traction as a init engine because the "unit file" interface provides benefits that a lot of people like. If the "unit file" interface proves durable, then it will last longer than the code. Interfaces can be immortal, code can not.

Throughout systemd there is a lack of understanding of proper interfaces. Making the GUI depend on a particular init system is a particularly obvious example of poor design, but the code was written from a 'code first' perspective rather than an 'interface first' perspective.

Lennart Poettering is a fine programmer. (His code is readable, and let's be honest, anyone who can hack on the Linux kernel has skill. Furthermore he is passionate about it). I don't think he really understands interfaces, though. When he does, his code will move up to next level.

Just a short note. I picked up an Air Dock back when their Indigogo campaign was under way. I have now had this thing for a little over a year.

In general it works fine and does exactly what it says. I use the CD-mount, which has a nice picture down on this page.

The one flaw with that mount is the bolt and nut used to tighten it are fairly large, and extend beneath the mount. On DIN I sized radios, with the CD slot on top of the unit, the nut blocks the view of the display.

The one other thing I have discovered is that after a year of use, it has magnetized my phone! The Nexus 5 comes with small metal plates built in to the back to allow for the native use of devices like this. After all this time they have become magnetized, and that totally screws up the internal compass.

Now any time I start the compass app it complains the magnetic field strength is way too strong and it doesn't give accurate readings.

To be clear, this happens when the device is undocked and I'm walking around.

My next dock will be non-magnetic, as I do sometimes use the compass.

The previous entry investigated Gnome and logind, and found that practically speaking, Gnome does depend on logind. There are some alternatives, but they are not complete or well-maintained.

This entry discusses the dependency between logind and systemd.

Logind is deeply embedded in systemd. Here is a list of logind features, which seem like a grab-bag of vaguely related requirements. If anything, their relation seems to be they are goals of GnomeOS. Maybe Poettering looked at that list and tried to implement as many as possible to convince Gnome to adopt his software.

At a minimum we can say the name 'logind' is a poor choice for a name, since it does much more than that: the name doesn't describe what the product does.

Logind depends on systemd (for example) for calling unit scripts to shutdown or put the computer in sleep mode. In logind-dbus.c function execute_shutdown_or_sleep() you can see an example. Systemd also seems to be required for detecting hot-plugged devices and probably for other stuff. Note also there is a clear dependency on DBUS.

Logind is described as a tiny daemon. That's a lie, the thing has 15491 lines, with the largest file having 3023 lines (3023 lines is large but not necessarily bad).

As always, if you find any errors, please let me know. I'm trying to find the truth, not start fights.

UPDATE: Some people have notified me of ConsoleKit2, which Gnome might be able to use instead of systemd. It is not mentioned in this post, so it's not clear that it actually works with Gnome. When I have time I'll dig in deeper to see if ConsoleKit2 works or not.

This post is flotsam related to some dependencies. If you note any mistakes, please let me know, I'm collecting information.

Gimp doesn't depend on systemd as far as I can tell. Gimp runs on Windows. It does depend on libgtk, whose dependency list is available.

There are reports that Gimp depends on systemd, but that seems to be an artifact of a package dependency tree on one system, not that Gimp actually needs systemd.

What about Gnome? Does Gnome depend on systemd? The answer is yes....., although there are alternatives. Systembsd, systemd-shim, and LoginKit.

LoginKit doesn't seem to be complete, like some files were missing from commit or something. The README is attractive, though. It seems to only be attempting to provide services for logind.

Systembsd provides hostenamed, localed, logind, and timedated.

Systemd-shim provides c-group services, some unit file services, power/sleep/reboot services, and ntpdate services.

Neither code base has been updated in four months, and the code in neither one looks particularly well organized.

I suspect there are other things systemd provides that Gnome relies on, but those aren't immediately apparent. I'm not sure where to look to figure that out.

Before logind, Gnome used ConsoleKit to provide login support. Fascinatingly, the commit to remove support for ConsoleKit was made by Florien Mullner.

A lot of this stuff depends directly on DBus. In my opinion that is a mistake; the communication mechanism should be separate from the API interface.

In the next journal entry I will investigate how deeply libsystemd is tied into the init system, or whether it is truly modular.

In this post, Lennart explains that he doesn't know how to write portable C code. He says:

The purpose of my post here is to explain how to write portable code, without #ifdefs on every other line. If that happens, you are doing it the hard way.

An easier way is to create an OS independent layer. Call it OSI (since no one is using that acronym anymore, right?). Create a header file that declares all your functions, then create an implementation file for each platform. Every time you find a piece of functionality that is different on different platforms, throw it into that header file.

For example, if you need to take a screenshot, it will be different on every platform you find. In the header file, create a function OSI_Screenshot(). Then in your OSI_Windows.c file, add an implementation for windows. In your OSI_Linux.c, add a screenshot implementation for Linux. In your OSI_OSX.c, add your implementation for OSX. This technique can also work for extremely incompatible platforms, with OSI_printf(), or OSI_malloc(), etc. If you use your compiler correctly, you can compile it without any extra overhead from the function call.

An example of this technique can be found in Android (look at sysdeps.h and sysdeps_win32.c), demonstrating that this technique works. They don't have #ifdefs scattered throughout their code. The Android example is tougher than it needs to be, because Android added the compatibility layer after the code was written. If they had started at the beginning, the code would have been much simpler.

The lack of knowledge (about how to write portable code) in the systemd team is causing them to make bad decisions, because the alternative seems too hard. For example:

Those who don't understand the failures of the past are destined to repeat them. Plenty of vendors try to focus on a single platform, and their work disappeared, to be replaced by something that was cross-platform compatible, and usually better work. The discipline required to keep things portable results in better code (there's a quote from Mythical Man Month that fits here but I'm too lazy to look it up). The Gnome developers understand the importance of portability but that's a story for another post.