Edited again: 2023-02-23
Antix is to Debian what Joborun is to Arch, and Devuan is to debian what Artix is to arch. Such projects/distributions seem to be very promising in concept and execution. Equally promising, if not more, is Void, Sabotage, and Kiss linux taking an independent path. Continue reading
Bibliography of this mini-tragedy for systemd and the “provocative” vindication of zstd (which usually is compiled using lib-lzma).
Here is some reading material to print and keep on your bedside:
The list will be enhanced as good material and analysis is found, and please make suggestions for more through comments
Systems running without systemd are apparently safe
What crisis? CVE-2024-3094
Compromised lzma library triggered by an openssh-hook to systemd notify (sd_notify) to obtain code hidden in liblzma to create a backdoor to any debian/fedora/ubuntu ssh server. Apparently not even openssh-selinux is safe under those conditions (glibc, x86-64, preconfigured tarball source from github 5.6.0 and 5.6.1, systemd, openssh, rpm or deb packaging, with enabled calls to systemd through the openssh.service ). If source was built from git with native clean autoconf/make the suspect code is not included. Musl systems have nothing to worry about, probably because they can’t compile sd_notify to trigger this whole thing.
Psychopath, paranoid, not knowing shit about software
When we criticized zstd and advocated that long term friend xz, suspecting zstd of a trojan horse for security and encryption, those were some of the names I/we were called by the fan-club of facebook-hired ex-military author of zstd. Mind you zstd is commonly built with lzma library enabled!
IMPOSSIBLE, it is just a compression algorithm, it can’t be used to exploit security of a system. they said
Sorry, I may had no clue how but IT IS now POSSIBLE!!!
Good news: As far as experts in debian fedora arch ubuntu can TELL it takes systemd to energize the backdoor, specifically a hook used by debian to build openssh a certain way that systemd/dbus/sd-bus/sd-notify run rogue code to obtain material from a blob (check/test result) from lzma to modify running binaries to open the backdoor.
Read these two comments by Eric-here for background on the discussion
Eric’s 1st comment Eric’s 2nd comment
Then read the announcement of joborun-linux from March 21st 24 here and here
Basically make dependency to dependency to make dependency gnupg a core dependency of most linux systems depends on basu, or elogind, or lib-systemd. So a systemd signature goes deep into no-systemd territory. Alternatives?
The juice of it here: Continue reading
boot screen of iso
ProwlerGr:
I am proud to announce the release of my UNOFFICIAL antix 23.1 remaster which includes 4 inits that can be selected through grub in an MX style grub menu
antix-23.1_amd64_init-diversity-edition_UNOFFICIAL_20240205.iso
antix-23.1_amd64_init-diversity-edition_UNOFFICIAL_20240205.iso.md5
antix-23.1_i386_init-diversity-edition_UNOFFICIAL_20240205.iso
antix-23.1_i386_init-diversity-edition_UNOFFICIAL_20240205.iso.md5
user: antix
passwd: antix
root passwd: antixThis includes many refinements from all of my previous s6-rc/s6-66 respins most notably:
– Everything has been installed from debs – my sources are available in my experimental-s6 repo http://deb-s6-rc-66-init-experimental.duckdns.org:8080/dists/experimental-s6/antix-s6/
NO!
NO, what? To which question, both?
Then what is the problem with systemd or replacing it with another system?
The quick answer is NO, but in reality one must be able to match the resources of IBM/x-RH to chase behind this dog when this dog does its best to try to shake all tailgaters away from it. “It” wants to run throughout the system, from bios/efi/boot-loading to every click you make on the desktop with your mouse or finger touch to the touch-screen. PRECISELY what google has done on android, for which we have no say it is a private non-open non-free system. Monkey see, monkey do, monkey governments enforce its use, monkeys conform. Fuck you google and fuck the state that mandates its use (I wonder if North Korean sites have google apis in them, RT do!).
HOW does this work? Continue reading
Nice trick that works coming from Reik Reid in the VTWM community
Firefox and some of its clones in recent times, when used in a non-systemd, non-DM, non-dbus/logind environment they open up without the topline menus being visible. Mozilla trying to log and control through those spying environments all they can will allow the menus to vanish when their spying gadgets aren’t present.
Simple fix: Continue reading
Posted as comment by “sage” (we can correct this if you want a pseudo-name associated as editor) – we only replaced reddit with runit 🙂
Regarding Alpine linux.
On a whim, I gave alpine a try. I wanted to see if I could get a nice minimal desktop going similar to what Antix-23-runit has done on another (matching in specs) PC. It was rough going at first, but I was able to install the setup-xorg package and the herbstluftwm from their repos but could not get access to the xserver (most likely the elogind thing, which was not installed on the bare system). Continue reading
Interesting discussion taking place in a r/joborun thread about building syslog-ng without systemd and telemetry!
What is interesting is that the author of syslog-ng took notice of the article and responded himself defending his choice.
This may continue so visit the link directly but here are the first two responses to the article:
https://www.reddit.com/r/joborun/comments/16x7u8o/users_of_syslogng_beware_telemetry_is_coming_not/
users of syslog-ng beware …. telemetry is coming! Not from skarnet
Continue reading
About the most outdated software in Obarun is s6 and 66. The first stack from skarnet is about 4-5 versions behind on each piece, who knows why, maybe no time to test the changes? The next, if it was rebuilt on top of skarnet’s latest stable stack maybe it would fall apart? It hasn’t for Joborun after several rebuilds. But the aging 66 hasn’t received much attention in recent time, many commits but no release for nearly 2 years now. The next release will make your known 66 appear as very different software all together. All documentation written in the past will have to be re-written, all procedures and commands changed, all options and ways of doing things will be new. And new is always better!! Right? Right?
What is new in Obarun is the way packages are being built. No longer labor intensive processes of overseeing bumps on software editions, it is all algorithm triggered. How? Since obarun chases arch-stable behind, as soon as a package placed on the new system is bumped by arch, the previous arch pkgbuild is contrasted against the new, its differences from obarun are saved in a patch file, and the patch is applied to the new pkgbuild. Then the software is placed on the builder, tested that it is built without errors and warnings, and then placed on the repo. Continue reading
Recent excitement revolves around talk about eudev deficiencies as a replacement for systemd’s udev. Consolekit2 having too many functionalities missing against elogind that it will eventually run out of steam. In particular this package named libgudev requires now particular version specific udev utilities to compile and eudev has not reached this stage of development. Developer/s said when time comes available it will receive some refreshing and incorporation of this utility. But what is the rush? For packages that are used to auto-discover and mount disks (particularly usb hot-plugs) and for them to be the latest of edition need this updated libgudev that eudev can’t support.
Should a community critical against systemd domination mind such dis-functionality? Hopefully nobody here believes it should. Didn’t we expect this to be a struggle or did we expect it to come easy? Are there people here who think they can have the choice of not using systemd/elogind and libraries but have 100% functional Gnome or Plasma desktops and tools (gui-gadgets)? Being against systemd is being critical of the sacrifices a system/distro should make in order to incorporate growing automation and convenience. Isn’t it? Continue reading
Welcome antiX and Noir linux to the strict list, with edition 23 antiX is fully functional and lighter than ever without a trace of elogind!
Edited: September 24th 2023 (replacing older strict list)
This list is going to be short and there may be a sublist of distros with a medium strict standard. We shall explain what the object is, below the short list (which we hope the community will assist in making longer as we have not been able to currently review the work of every distro and fork).
Fall 2023 list of “healthy” hardcore distros in alphabetical order with date/activity indicator (xxx)
recently removed:
Please keep the recommendations going, for inclusion and exclusion from the list. We can not keep and maintain installations for all of them, we count on you.
Hardcore because they seem honest and dedicated to the war against totalitarianism by IBM and other mega corporations to dominate the Open and Free software world.
Question: Is it a conspiracy theory that make the act of publishing on the net anything anonymously impossible?
Answer: You can go on facebook, twitter, social media and publish anonymously, so this doesn’t hold water as an argument, most people will tell you they publish stuff anonymously every day, like memes they came up with, giggle giggle, LoL, etc.
Q: But to publish through this social media you are bound with an agreement that gives the power to the social media site the right to remove, block, users and content without any reason for debate. To publish something like code or binaries for a system, or ideas in a wiki/document/html in a site, where only you can control the content of, you can not do anonymously.
A: There are disroot, osdn, neocities, indymedia (what’s left of it after m-l marxists managed to destroy it, almost in alignment with capitalist state agencies) and a few others, that still allow a brief window of opportunity. Who knows for how long more. Legislation, just like in the US, travels and replicates itself against such freedoms world wide, and the consequences for using “their wires” are always economic. People have this false notion because of “cheap” access, that the wiring and network belong to us. Nobody wants to lose their shelter, food, health, evem freedom or life, for publishing your strange ideas, or code. Continue reading
systemd-free linux community 