I also don’t like the duplication of logs in journald and syslog, so I always disable forwarding to syslog
I also don’t like the duplication of logs in journald and syslog, so I always disable forwarding to syslog
Encryption and compression don’t play well together though. You should consider that when storing sensitive files. That’s why it’s recommended to leave compression off in https because it weakens the encryption strength
Familiarity
No idea tbh. I edited my message to fix my mistake too
I doubt iPhone is better, and it’s marketing instead. Or it’s a matter of time before they wanna go the data mining road. You can also get a fairphone and install a custom ROM
Good is relative tbf. I’ve had issues installing something natively while installing flatpak just worked
As KVM is part if the Linux kernel, I assume you’ll have to look into kernel hardening instead, next to OS hardening. Hardware is also important to consider when talking about VM escaping. A CPU that supports better VM isolation features and encrypted memory
I was arguing how it is a very useful tool with many great additions, rather than rely on the: “no old better!” reply based on ignorance. But it looks like your replies have turned full removed, so no point in continuing here to try and educate you.
You can set the space limit for journals logs really low then, to avoid double space usage. As for the last argument, that also was an issue for me years ago because not all tools were compatible with the journald format, but that’s since long fixed now and I’ve not experienced any issue for a long time. Journal logs provide a standard format for all applications, so third party tools don’t need to be compatible with every log format of your applications. And it also comes with great additional features like -b or --since etc. So I still don’t get the issue here
You can still forward to text syslog or to a central logging server like Loki if working with multiple hosts. I still don’t get the issue with binary logs.
Why do you consider it as poisoning? I’ve heard the argument about not doing things the traditional Linux way (binary logs for example). But if the alternative provides so many benefits, why is it an issue? Systemd is a piece of cake for all parties compared to sysvinit and alternatives, so why is it bad when it solves so many issued, and makes it super easy to use by just adding e.g. a new option to a Unit?
Another example: timers are more complex than cronjobs, but timers offer additional needed features like dependencies, persistence, easy and understandable syntax, and more. So although more complex, once you get the hang of them, they’re a very welcomed feature imo
I can understand that it makes it easier to add changes that would benefit systemd and distros in general. I read that they introduced run0 to solve long shortcomings of sudo (I’m not aware of which). That sounds logical.
Actually no. The thing is just that systemd handles so many things that makes the lives both developers/distro maintainers and users easier, but most of it happens in the background. You can forget about having to learning complexer tools, just do it all via systemd
I’m actually happy that they don’t follow the feature bloat trend.
Also a big downside for me but they said because of privacy focus they don’t wanna do that. That said,I’ve been using them happily as a second provider for more than 5y
Here’s some more examples:
Systemctl edit
: create an extension for the unit file and add some changes
S edit --full
: edit the full unit file (and timer too iirc)
S enable --now:
enable + start
S disable --now
: disable + stop
Arch could use better standard MAC security applied to systemd units like Debian does.
Arch could have an easy few clicks installer, something like a default modern setup.
Live kernel patching.
I’m not a supporter of the approach of blocking sudo access from capable people (non tech yes), because they can still download and execute binaries as their user. Or go to rescue mode to make modifications. I had to do that myself because of a micro managing IT team. Allowed? No. Allows me to focus on my work and let me be efficient? Yes. Usually this approach also requires a backdoor tool on your device that they install, which is just ridiculous.
Just communicate setup requirements (drive encryption, firewall, AV,…) And have some tool to check the security requirements and rating and this way you can apply proper security policies in the company and respect the user’s privacy
Tbf you only need iwd, as systemd can take care of the rest. But it’s not an option for me on desktop anyway because signal and vpn connection visibility are important for me and that’s not possible without a GUI running
I can’t explain, perhaps due to my limited knowledge about the subject. I understood that compression was a weakening factor for encryption years ago when I heard about it. Always good to do your own research in the end 🙃