Become a fan of Slashdot on Facebook


Forgot your password?
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment systemd fails at reliability and fault-tolerance (Score 2) 469

My main problem with systemd is the lack of robustness in its design and implementation. It seems like an attempt at reimplementing Solaris' SMF, but poorly. Even the SMF itself could probably be called 'overengineered', however, it is certainly a more sophisticated, less monolithic design that provides a much higher level of fault-tolerance.

systemd is basically a huge pile of modules compiled into the PID 1 init process. The problem with that is, that if PID 1 dies, the system stops (e.g., kernel panic). On Solaris, a small basic init process starts the SMF master restarter (svc.startd), which is responsible for starting, stopping or restarting the other components of the SMF as well as all services managed by the SMF. If a component of the SMF fails (maybe it just dies/SEGVs, or say, you kill it, cause it hangs), the master restarter will respawn it. Even if the master restarter goes south, that small basic init process will respawn the entire SMF, and you're still up and running.

Then, let's take a look at the implementation of systemd:
static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
_cleanup_free_ char **argv = NULL;

r = socket_arm_timer(s);
if (r < 0)
goto fail;

...snip... (function call with lots of undocumented arguments, returning r)
if (r < 0)
goto fail;

r = unit_watch_pid(UNIT(s), pid);
if (r < 0)
/* FIXME: we need to do something here */
goto fail;

*_pid = pid;
return 0;

fail: s->timer_event_source = sd_event_source_unref(s->timer_event_source);
return r;

Actual code from systemd-216; see full source at src/core/socket.c

Most of the systemd source code looks like this.
Virtually no comments; lots of single-letter variable names, confusingly similar names like "_pid" and "pid"; throwing 'int' return codes back up five calls, where the original caller cannot even remember what all the possible return codes might be (how about enum?); lots of arbitrary goto- and return-jumps out of the middle of somewhere; lots of break and continue, even mixed in the same loop; even substantial amounts of three-star-programming (never heard of it? google it, it's funny); etc.

Okay, I have to add, that the code of lots of the "good, old, reliable UNIX codebase" does not look a lot better (and upstart, or even the Linux kernel, are guilty of at least some of the same bad coding habits). But we have paid the price for writing code that way numerous times, and it seems we did not learn from history.

Coding like that is probably okay if you're writing a nice, little command line utility. But if systemd wants to be THE new init system, it had better look like it had been written by the inventor of reliability engineering.

Right now, the systemd source looks like it violates virtually all of the best practices for writing reliable code. Take a look at what those people who know their craft recommend - e.g., the Federal Aviation Association, European Space Agency, Lockheed Martin's avionics section, etc. - and compare that to systemd's source.

It's like a disaster waiting to happen.

Comment Formal design, fail-closed programming, etc. (Score 1) 333

Design your application and implement your code to let it do exactly what it should do and nothing else.

Put more specificaly, if you want to add two numbers, make sure that there is no way the result could be out of the range of its data type. If you want someone to enter a name for something, define what that string can contain - maybe only a to z, A to Z, 0 to 9, and it must have a length from 1 to 20 bytes.

Write every function of your program so that it has deterministic behavior, and that it has a clearly defined result for every possible input.

By the way, I doubt that banking account management systems are as secure as people might feel comfortable to think they are. Most commercial systems have poor security, because companies prefer cheap but insecure mainstream IT systems over expensive but secure custom IT systems.

Comment Maximum profit (Score 1, Insightful) 210

The IBM home page tells me about IBM's "responsibility" regarding things like:
societal issues
the environment
( -- also click the links on the left, for example about politics)

But what's more important, is how to be good friends with chinese dictators who don't give a shit about any of the topics mentioned above, so as to make more $$$ by doing business with china.

I doubt that acting like this is going to turn this world into a "smarter planet".

Comment It is not about scripting alone (Score 1) 427

This is a more complex problem than what scripting language you are going to use. Automating things is about job management, process management, signals, connecting streams and terminals, setting device modes, filesystem permissions, modifying network settings, and many other things. Unix is designed in a way that lets you change almost every property of the system in numerous ways, following general principles of its architecture. It is a very logical and consistent system.

The problem is that Windows lacks such an modular, abstract foundation. It is a much more arbitrary and inflexible system, it is not designed for putting different pieces of it together in different ways for automation.
For example, on Unix you have numerous small utilities that work together nicely by piping the output of one utility into the input of another one. Windows is really bad at doing such things, and the output format of most of its utilities is not easily machine parseable.

I think, the question is not: How do I automate Windows? The question should be: What system should I use, which one is good at automation?
And the answer is definately Unix, not Windows.

Comment Open letter to Microsoft (Score 1) 344

I just tried to post that to MS' TechNet article, but it seems that the comment function has been disabled. So I am posting it here as an open letter to MS.

Two ot the most ridiculous so-called patents:

"Enable display of a webpage’s content before the background image is received"
"Permit users to easily select text in a document and adjust that selection"

How is that a patent-worthy innovation? Just about EVERY application that has ever been created works like that, and any programmer that writes code different from what has been described in these patents should really look for a new job.

If Microsoft thinks that this is not "standard practice", but patent-worthy innovation, then this only proves that Microsoft's software designers and programmers must have below-average abilities.

I request that you folks stop trolling the rest of the world with such ridiculous claims immediately. If you want to compete, then work on increasing your skills instead of trying to forbid other people to make use of theirs.

Comment 2 hour Pixar course (Score 1) 294

"Learn how to create cutting-edge 3D animations like Pixar and Dreamworks in the next 2 hours or less..."

Well, if that IllusionMage homepage had slashdot's "score" feature, this statement would certainly deserve a "+5: funny". They can't be serious!? I've never seen anyone who has created something more exciting than a couple of textured spheres and cubes in no more than 2 hours after starting to use Blender for the very first time.

Slashdot Top Deals

The superior man understands what is right; the inferior man understands what will sell. -- Confucius