Ariadne Conill 🐰Apr 2, 2024

as I explain in my blog, the real problem is libraries which are large amalgamations of unrelated routines, such as libsystemd in the case of CVE-2024-3094.

a good solution is to split up these giant libraries into smaller ones, thus allowing for the dependency graphs of programs to remain leaner.

there is nothing about sd_notify() which requires LZMA compression. nothing. it is a function which writes a supplied string to a UNIX socket, the path of which is provided on an environmental variable.

Show threadDavid JONESApr 2, 2024
@ariadne "Let Unix be Unix" ... Is the catchphrase I came up with yesterday. I have some thoughts around it, but they have yet to coalesce into an article. Needless to say, part of it was that systemd does not follow this philosophy.
Show threadZiggy the Hamster ☎️ 4ZTHApr 2, 2024

@drj @ariadne tell me you know nothing about how systemd is architected without telling me you know nothing about how systemd is architected

(Hint: it’s a whole bunch of “Unix philosophy” binaries, united in their mission.)

Show threadZiggy the Hamster ☎️ 4ZTH

@drj @ariadne it’s perfectly valid to criticize systemd because it’s opinionated and you don’t like its opinions (maybe you’re a vintage configuration file format maximalist)

But “it’s not Unix philosophy” isn’t valid

Apr 2, 2024 at 11:19amWeb
Show threadDavid JONESApr 2, 2024

@ZiggyTheHamster a) a follow up post wasn't necessary; b) it's clear that phrases like "Let Unix be Unix" and "Follows Unix Philosophy" are just cover for "i don't like it".

I almost didn't mention systemd in my reply (as it's a fairly ancillary part of both the xz attack and "Let Unix be Unix"). So there's a lesson learned.

Show threadZiggy the Hamster ☎️ 4ZTHApr 2, 2024
@drj except your reply is entirely dependent on the incorrect assertion that systemd doesn’t follow the Unix philosophy and not mentioning systemd makes your entire reply not make any sense
Show threadDavid JONESApr 2, 2024
@ZiggyTheHamster ok keith