Why Use Linux, Systemd Complications, Debian's Security
There have been numerous articles written answering why to use Linux and they all pretty much say the same thing. However, today OMG!Ubuntu! answered it quite differently. Elsewhere, Dedoimedo penned a spot-on example of why folks just really don't like systemd and Kees Cook discussed the lifetime of security bugs. And finally, Bruce Byfield today pondered the reason so many security distributions choose Debian as their base.
Everyone has their own reasons for choosing Linux over other operating systems. Some say security, others say better development platform or the open source license. Some even choose Linux based on cost. Many articles have been penned answering "Why to Use Linux," again usually involving some version of the above. However today Joey-Elijah Sneddon at OMG!Ubuntu! put it quite succinctly. It comes down to just three words.
Why do so many security focused distributions choose Debian as their base? Bruce Byfield detailed several reasons beginning with Debian's transparency in dealing with security issues and its free and Open Source commitment. But primarily, "security and privacy are built into Debian policy and procedure." Keeping out intruders is better than trying to expel them he said. And finally, Byfield believes stability trumps "newness" everyday of the week especially since "newer packages are more apt to have vulnerabilities than older."
Speaking of security bugs, Kees Cook said the lifetime of your typical security bug is approximately five years (from the time it's injected to the time it's patched). This was the situation in 2010 and it hasn't improved much since in terms of lifetime. Cook said they're getting better at fixing bugs, but new changes go into the kernel so often that new ones are introduced all the time. Many times once support for something is added, the code isn't attended to and bugs go unchecked. Cook said, "We need to get proactive about self-protection technologies. The systems using a Linux kernel are right now running with security flaws. Those flaws are just not known to the developers yet, but they're likely known to attackers."
Dedoimedo today shared a recent experience trying to deal with systemd, the SysVinit replacement hoisted upon the community by our Linux overlords. He said systemd is too complicated to try and administer, it's difficult to diagnose problems when they arise, and "systemd does not keep logs in a simple way." They aren't human readable. They are in binary and require a special systemd journalctl utility. The location of logs and the naming convention is counter-intuitive." Then once he finally finds and can try to read them, they're practically unreadable and offer little to no clues. Dedoimedo is not your average user, his resume includes being a Linux programmer for Intel, and "with Systemd, I had to concede defeat." He said systemd is just not the answer to SysVinit's shortcomings. "As far as Systemd is concerned, I am concerned."