How I learned to not worry and love systemd (sort of)

I wrote this little piece originally on June 25, 2013 but did not to push the publish button because I think it is incendiary, in more of one sense. But…

I’ve decided to continue adding to and editing this little piece: we’ll see how it ends up.

Systemd is truly a remarkable piece of technology. In the beginning I was skeptic for two reasons:

a.) I tend to orthodoxy when it comes to the core. I started using old skool init more than 20 years ago and it was with *real UNIX®*; at some point I even deemed SysV init style startup scripts the work of the devil. Ha! Like I miss BSD 4.2 System 7 init scripts! Everything mashed up in one single 5000 line shell script, *shudder*. Before I go tangential into a rant that is truly for another day, let me say this: All those weenies that say “FreeBSD start up scripts are the simplest and coolest thing since sliced bread” are a bunch of Christmas geese (if you lost the reference, it means they are full of shit).

b.) I’ve my share of battle scars with “advanced” init systems. Ever had to write a startup script for HP-UX? AIX? What about that horrid abomination Sun Microsystems (R.I.P.) invented for Solaris (their SysVR4/BSD FrankenUNIX)? Startup scripts written in a horrible dialect of XML? Honestly, I suspect SMF was written in the middle of a Colt 45 and crack brogrammer frat binge.

Then when Canonical pulled upstart out of the hat (or should I say, arse?), I certainly put attention. I was already a user of Ubuntu, though not a convert. I had the chance to exchange a couple of mails with Shuttleworth when the planning and design of the PPA system was in swing and he came across as a narcissistic know-it-all. In fact, I was vindicated some years later when the man had to do exactly what I told him: People need the option to have several PPAs under the same account particularly if they are a project that hosts in Launchpad. There and then I decided I was not invested enough in Ubuntu nor would I be ever. I just kept using it because it was the best GNOME experience at the time. And I stuck until they moved to unity. After some time back with Debian (my first real comfortable desktop GNU/Linux in the 90’s after all the false starts with Slackware and its predecessors), I moved to Fedora but found it was inherently unstable in my hardware, due to the serial patching to all software, something that also breaks many things in Debian. So I ended up using Arch, clean not-patched source code, and there I met systemd close and personal.

I was happy with the simplicity of the original scripts Arch used to boot with SysV init although I was very aware of the ugliness of the scripts in the back-end. When the developers announced that they were planning to replace it with systemd, I was not enthusiastic even for a moment; why change something that works even if it is half-broken? Luckily, they took their time to implement it In the end it took the longest part of a year to replace the old init with the new. I was wary it would have a negative impact on me and the distro. So I decided to plunge in and install the test packages to have a go while I still could fall back into the old init system.

At first I was totally astounded. It wasn’t as anything I’d seen yet, so naturally I was very unhappy. I didn’t understand the whole damned thing and even the man pages seemed to be written in classical Cantonese. But digging through the supplied service files while reading the manual pages and the articles published by the authors made my mind click and after some months I began to like and appreciate the simplicity and power of expression of the systemd configuration system.

But not everything is wine and roses, I was perplexed when the systemd project subsumed udev and the efforts of late that make the project the only source of basic parts of user-space plumbing. I wonder if this can create a single-point of failure considering the questionable quality of core parts of systemd’s source code (the parts written by the two main developers!). I can see why a few very shouty people make such ruckus, but to be honest, those making the most noise are the most ignorant, thus the most damaging. They drown in their noise the voices with valid concerns expressed by knowledgeable and reasonable people who don’t need to resort to violence to express their opinions and ideas. In the end if systemd becomes unmanageable and quality plummets, there is always the option of a fork. I stay open to change, but I am keeping an eye on Void Linux.

Why Void Linux? Well, because they are the first to have the cojones to go their own way and adopt a different init: runit. Now, runit has been around for 11 years, and there are other tools as old or older that try to address the init and the PID 1 problems, that is both the problem of being the first process that starts everything else and that of process supervision; problems that are to some extent orthogonal. Dan Bernstein’s daemontools or monit address the second problem; tools like OpenRC, runit and s6 address both. You can read about many more in this research paper.

These are interesting times in Linux land to live in. I am enjoying the show from the peanut gallery and to all those who shout madly and throw tantrums I have this to say: Go forth and create your own Linux distribution; why didn’t you do it 4 years ago when Poettering showed up with this thing you hate? The owner of Distrowatch will be grateful and perhaps the 5 fools that end up using it. But believe me, those 5 fools will be all a bunch of self-entitled ungrateful bastards that will make you consider suicide as an honorable exit. If you can’t create your own distribution that works as you see fit because of your technical inaneness, why don’t you try PC-BSD? Sorry, it doesn’t run in computers bought 2 years ago, but  who cares? ZFS is way cool!!

Trolling Requires Quality

I’ve found “Things that BSD owes GNU/Linux | BSD, the truth” http://aboutthebsds.wordpress.com/ a most amusing read. Most of the write ups have the ring and weight of truth, but it is unfortunate that:

a.) The author enjoys personal attacks and character assassination, too much. It is immature and destroys whatever real arguments he/she may present in his/her rants.

b.) The author’s first language is not English and the command is poor. I suspect poor knowledge of his native language as well. Hey! Not all of us have a sound literary education. Unfortunately it shows in the incoherent expression of ideas. This removes credibility. A lot.

Static network IP with systemd

One of the few real hurdles I’ve found with systemd is setting up a static network configuration. This is a solution that cuts the middleman, be it ifupdown, netcfg, NetworkManager or wicd and uses systemd to do it. This comes originally from the Archlinux Wiki on systemd services, but it seems to be deleted and reinstated at the whim of some God entitled pedant so you may not find it there tomorrow.

Make sure that iputils2 are installed. Create a service file network-static.service and a confguration file network-static as shown below and install in the suggested places. Then enable the service with systemctl:

;; /etc/systemd/system/network-static.service
[Unit]
Description=Static Network Service
Wants=network.target
Before=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/conf.d/network-static
ExecStart=/usr/sbin/ip link set dev ${IF} up
ExecStart=/usr/sbin/ip address add ${ADDR}/${NM} broadcast ${BC} dev ${IF}
ExecStart=/usr/sbin/ip route add default via ${GW} dev ${IF}
ExecStop=/usr/sbin/ip addr flush dev ${IF}
ExecStop=/usr/sbin/ip link set dev ${IF} down

[Install]
WantedBy=multi-user.target
;; /etc/conf.d/network-static
IF=eth0
ADDR=AAA.BBB.CCC.DDD
NM=24
BC=AAA.BBB.CCC.255
GW=AAA.BBB.CCC.EEE

And that’s all there is to it.

Using a *real* x.509 certificate with Irssi and OFTC.

Due to random reasons — read: highest point in the yearly “I’m bored to death” bell distribution curve — my x.509 certificates expire on the last days of the year. Now, I don’t really use them much if at all because PKI certificates have been out of vogue for several years now. But that doesn’t say anything about their usefulness! They can help you be more secure and more conscious of the need of security. In fact, there are places where using a x.509 certificate can simplify your life. Case in file: OFTC.

If you don’t use a x.509 certificate to log in to OFTC, they will make sure your life is miserable, trust me. What do you think of having 10 seconds to login with your password every time you connect. OK, I exaggerate with the time, but you get my point. Right? OFTC’s website is a wiki. Not particularly well-organized, I’m afraid, so you need to go digging for a while to find instructions on how to use a x.509 certificate to login to the network, but after a while you find the darned instructions.

So, I won’t touch that particular theme. Besides I’m sure there are at least 5,230 places out there where you can find that information. What I do want to touch in this post is the matter of x.509 certificates.

What do I call a real certificate? One emitted by a recognized certificate authority. And if I can get it for free, I’m in for as long as the ride lasts. So instead of creating my own self-signed x.509 certificate as the OFTC instructions suggest, I decided to use a real x.509 certificate with a real certificate chain. What to do?

First, there was the matter of choosing a certificate authority that would give me a x.509 certificate for free. Thawte stopped its personal PKI a couple of years ago. So the ones left, to my knowledge, are CAcert and StartSSL. After some thought I chose StartSSL, because they work as a OpenID authentication source as well.

Now, the problem was how to use the certificate. To generate the certificate I used Firefox, not because I wanted to but rather because I had trouble with Chromium doing the right thing. After exporting it I had a PKCS12 file where both public and private keys are encrypted with a password of my choice. But irssi needs a PEM file where both keys are unencrypted in ASCII armor format. So what now? Here is the hack:

openssl pkcs12 -in in.p12 -out out.pem -nodes -clcerts

Give your encryption password when asked. Make sure you don’t give a password to the private key! Use out.pem according to the instructions in OFTC’s wiki, and that’s it. Of course, the usual “don’t be a moron” precautions ensue: Set file permissions so that only you can read the file, don’t do it in a shared or public computer, perhaps use something like ecryptfs to keep your $HOME/.ssh directory encrypted, or do it with your whole home directory or, better yet, encrypt your partitions with dmcrypt! All depends on your level of paranoia and real need of security.

¿Es el infierno exotérmico o endotérmico?

[La nota original se encuentra en http://www.pinetree.net/humor/thermodynamics.html]

¿Es el infierno exotérmico o endotérmico?

Cuando estudie para exámenes, recuerde que no es la cantidad si nó la calidad. Y que no hay substituto para la mierda pura y sin adulterar.

El Dr. Robert L. Shambaugh de la Escuela de Ingeniería Química de la Universidad de Oklahoma es conocido por preguntar cosas como “¿Por qué vuelan los aviones?” en sus exámentes finales. La única pregunta de su exámen final del curso “Momento, calor y transferencia de masa II” en mayo de 1997 fué: “¿Es el infierno exotérmico o endotérmico? Soporte su respuesta con pruebas.”

La mayoría de los estudiantes escribió pruebas de sus creencias usando la ley de Boyle u otra variante. Un estudiante, sin embargo, escribió lo siguiente:

Primero, postulamos que si las almas existen deben tener alguna masa. Si estas la tienen, entonces un mol de almas también puede tener masa. Así que, ¿a que tasa de transferencia entran las almas al infierno y a que tasa de transferencia salen? Yo creo que podemos asumir con seguridad que una vez una alma entra al infierno, no saldrá.

Por lo tanto, no salen almas. Respecto a las almas que entran al infierno, examinemos las diferentes religiones que existen en el mundo hoy. Algunas de estas religiones establecen que si no eres miembro de esa religión, te irás al infierno. Ya que hay mas de una de estas religiones y la gente no pertenece a más de una religión, podemos proyectar que toda la gente y almas se van al infierno. Con las tasas de nacimiento y muerte tal como están podemos esperar que el número de almas en el infierno incremente exponencialmente.

Ahora, veamos la tasa de cambio en el volumen del infierno. La ley de Boyle establece que para que la temperatura y presión en el infierno permanezcan constantes, la relación de la masa de almas al volumen del infierno debe permanecer constante.

Existen dos opciones:

  1. Si el infierno se expande a una tasa menor que la tasa a la que entran almas al infierno, entonces la temperatura y presión en el infierno aumentarán hasta que el infierno explote.
  2. Si el infierno se expande a una tasa mayor que el incremento de almas en el infierno, entonces la temperatura y presión disminuirán hasta que el infierno se congele.

Entonces, ¿cual es? Si aceptamos la afirmación dada a mí por Theresa Manyan durante mi primer año de universidad, “será una noche fría en el infierno antes de que yo me acueste contigo” y tomando en cuenta el hecho que yo todavía NO he podido tener relaciones sexuales con ella, entonces la opción 2 no puede ser cierta… Así pues, el infierno es exotérmico.

El estudiante, Tim Graham, obtuvo la única A.

On the Difference Between Being Opinionated and Being a Fool

We all are entitled to our opinions but there is a huge difference between a private opinion and a public opinion.

Private opinions are based on cultural bias, ignorance, hubris and vanity. Yes. you are entitled to believe in the tooth fairy despite all facts denying its existence. But when you start shouting it to the four winds and to deceptively convince people you not only know what you are talking about but that they should believe in everything you say, you have crossed the boundary into that realm where madness lives. And in the process, those who are not weak of mind nor heart will know for certain that you are a fool.

Thus, here is my little piece of free advice to all self-appointed pundits out there: Check your facts and make sure you are not an ignorant sod.