Debian User Forums

Writing as a user, that has adopted GNU/Linux in order to have more security on his computer, the following are (besides the very good principles of diversity in evolution - that should also be applied to "init" systems, and other pieces of the GNU/Linux operating system - to allow us to compare which ones are the best results that better suit each particular situation) the reasons why I really don't like "systemd".


First of all,

Whenever I hear of "unification" and "uniformization" applied to human organizations or development (in situations where they are not needed, for practical reasons, and don't make people's life better) I raise my guard. Because, it automatically makes me thing of the same principle applied to bigger/political organizations.

The more centralized the power of decision is, the less democratic it becomes. Since that, it makes it much harder for minority voices to be heard, and doesn't allow for different groups to follow each one their own path.

(When I speak of this happening in "bigger/political organizations", just look at the example of small Iceland, where the people easily changed their own government when they realized that it was corrupt, and compare that to the situation in the EU, where this super-state repeatedly imposes its will on whole different countries, and doesn't allow them to do things their own way.)

And, I've heard part of this same principle being discussed by the people who criticise the uniform adoption of "systemd" by the major GNU/Linux distributions.

But, the main problem I see with the adoption of "systemd" is (not even this one - but) one that relates to security.

(Important note: The following, is something that I'm writing as a mere user, with limited knowledge of how GNU/Linux works. And, therefore, I might be wrong concerning some of the details of what I describe. But, the general principle of such concern of mine, is something that I believe to the undoubtedly true...)

And, what I mean by this is,

(From the limited knowledge I have of what the different "init" systems do - and, knowing that "systemd" is not now responsible for everything yet,)

If you want to install a piece of malware on a computer, that surveils/controls the different aspects of its operating system...

1) In a pre/non-"systemd" environment, in order to surveil/control all those same different components, you will have to build a piece of software that does that altogether, including possibly at the same time - which results in a rather complex piece of software whose (complex - and, therefore big) activity might be spotted by the operating system or its user.

2) While, on the other hand, if you already have a daemon running, that controls all those same different aspects/components of the operating system, if you want to install a surveilling/controlling malware, all that you have to do is "stick" to that same daemon. That is, if you want to surveil/control the different aspects/components of the operating system altogether, there's no need to go any further than infecting (or remain connected to) one single daemon. Which,

a) not only reduces greatly the complexity of such malware - and, by that,

I) reduces greatly the probability of it being spotted, from its reduced size and activity, or

II) makes it possible for it to operate within certain limits/restrictions - like those of a small chip implanted on your hardware (ex: https://libreboot.org/faq.html#intel) - but also

b) serves as a perfect hiding place and, above all, *cover* (that couldn't be used before the existence of "systemd") for the activity of such piece of malware - because, if a knowledgeable user notices something odd and asks "What is this active program that is surveilling and controlling all these different aspects of my computer?" his/her reaction now will be "Oh, that's just 'systemd'...".

It's a similar security risk as the one created by the "zeitgeist" daemon, whose development is sponsored by Canonical...

If you have a daemon that already keeps a log of all of the user's most important activity,

You don't even need to have a piece of malware installed on the computer, all the time, to know what the user is up to.

All that you need now, is to somehow read that same log, whenever you can - like, when a user decides to try out one of the many proprietary programs that Ubuntu encourages people to, on its "Software Centre" (and, more specifically, one that behaves like this: http://linux.slashdot.org/story/07/08/2 ... ox-profile) - and there goes a whole log of the user's activity into the hands of Big Brother.

Wheelerof4te wrote:^If systemd is such a big problem for you, why are you using Debian? Debian devs have decided to ship systemd as default init/service software in Jessie. It's been 3+ years now. While heading to Buster, it's impossible to revert that decision.
Along with OpenBSD and other BSDs, you have several non-systemd distros such as MX Linux. Maybe try those?

n_hologram wrote:I've always found the zeitgeist daemon pretty disrespectful to Marxism.

I personally use what_is_to_be_done.sh to encrypt my logfiles into Marxist rhetoric, and trotsky.sh to decrypt them later if needed.

Communist puns aside, I find your points reasonable. I personally refrain from the daemon for similar reasons, along with it being fundamentally superfluous to me. I think it's another example of a program that would be desirable from a business distribution's standpoint (RHEL), for the same reasons why Intel's ME was pitched (greater sysadmin maintenance on company laptops), but doesn't translate well to the consumer side of things. However, it's also important to note that if someone has access to your logfiles, you probably have bigger problems to worry about than the logging program, malware or not.

I liked this comment in the slashdot post you shared:

If they really want to watch my online activity I'm sure AT&T would bend over backwards to assist them

https://www.smbc-comics.com/comics/20120220.gif