I mean to a certain degree, I can understand if people find a problem with Poetterings approach of doing things !CORRECTLY!. Like, systemd-resolved resolving A-records with multiple addresses ina deterministic fashion because it’s not defined not to be deterministic, and because actual load balancing would be better. It’s not wrong, but it’s breaking everything. And it got patched after some uproar. And there are a few things like that.

But at the same time - I don’t think people appreciate how hard doing process management right on linux can be, especially if the daemon to run is shitty. Like, init scripts just triggering the shutdown port on a tomcat - except the tomcat is stuck and not reacting to the normal shutdown port and now you have a zombie process and an init script in a fucked up state. Or, just killing the main process and for some reason not really removing the children, now there’s zombies all over the place. Or, not trying appropriate shutdown procedures first and just killing things, “because it’s easier” - except my day just got harder with a corrupt dataset. Or, just trying soft and “Pwease wexit Mr Pwocess” signals and then just giving up. Or having “start” just crash because there was a stale PID from an OOM killed process around. Man I’m getting anxiety just thinking about this.

And that’s just talking about ExecStart and ExecStop, pretty much, which I have done somewhat correct in a few init scripts back in the day (over months of iteration of edge cases). Now start thinking about the security features systemd-analyze can tell you about, like namespaces, unmapping syscalls, masking parts of the filesystem, … imagine doing that with the jankyness of the average init.d script. At that point I’d start thinking about rebooting systems instead of trying to restart services, honestly.

And similarly, I’m growing fond of things like systemd-networkd, systemd-timesyncd. I’ve had to try to manage NetworkManager automatically and jeez… Or just directly handling networking with network-scripts. Always a pleasure. Chucking a bunch of pretty readable ini-files into /etc/systemd/networkd is a blessing. They are even readable even to people rather faint on the networking heart.

And even password based disk encryption can be defeated with 2-3 physical accesses if an organization wants to hard enough. Keyloggers can be very, very sneaky.

At that point you’d have to roll something like Yubikey-based disk encryption to be safe, because this re-establishes control over some physical parts of the system. Until they find the backup Yubikey you had to not lose all data by losing the primary key you’re carrying around to maintain control over it.

It’s not a battle the defending side can win.

Hier kommt btw auch Wiederstand gegen Digitalisierung her. Ich hab hier mal im Hotel mit ner Altenpflegerin geredet.

Und, rein technisch ist die Digitalisierung erstmal ne Erleichterung. Ok, jemand komplett erfahrenes kann so nen Formular über nen Patienten in 5 - 10 Minuten ausfüllen, und die Software mit der sie gearbeitet hat war halt Scheisse, darum hat das 10-20 Minuten gedauert. Aber, dann muss man keine Formulare leer rumtragen, ausgefüllt abgeben, sortieren, Leute anmotzen um die Formulare rumzuschieben.

Aber… aus Gründen der grossartigen Digitalisierung und Integration von IT-Systemen im Land wurde aus einem kaputten System 2 Systeme, dann 3 Systeme, dann 4 Systeme. Dann kümmert man sich ne Stunde um nen Patienten und statt 10 Minuten auf nem Formular zu dokumentieren hat man dann 80 Minuten Dateneingabe vor sich. Und man gibt 4x die gleichen Daten ein. Komplett die gleichen Daten.

Und, wenn man das sorum strickt, dann versteh ich vollkommen warum Digitalisierung scheisse ist.

Ich frag mich aber auch, was man zu sich nehmen muss um das derartig hart zu versauen?

Wobei es da auch genug Stories gibt. Erfahrene Admins mit physikalischer Arbeitskomponente, die ehrenamtlich anbieten in einer Schule mal nen Wochenende Access Points an Decken zu schrauben und Strippen zu ziehen, aber das darf man nicht, weil da “gesicherte Netze” im Spiel sind und so. Krampf-Thema.

And that skeleton of a system becomes easier to test.

I don’t need to test ~80 - 100 different in-house applications on whatever many different versions of java, python, .net and so on.

I rather end up with 12 different classes of systems. My integration tests on a buildserver can check these thoroughly every night against multiple versions of the OS. And if the integration tests are green, I can be 95 - 99% sure things will work right. The dev and testing environments will figure out the rest if something wonky is going on with docker and new kernels.