Daniel Moch's Weblog

Hardening Services With Systemd

Systemd gets a lot of hate. There's a lot of heat and very little light in those discussions, in my opinion, and I don't expect that this post will change the mind of anyone who has already decided to hate Systemd. My goal here is far more modest. I want to share a feature of the new init system that I find really compelling, and that I hadn't seen discussed pretty much anywhere: Systemd's native ability to leverage the Linux kernel's namespacing features to run services in a sandboxed environment.

Read more…

A Letter To Senator Rubio

Senator Rubio,

As a registered Republican, a citizen of the state of Florida, and an evangelical Christian, I have watched with a mix of anger and horror as our President has subverted the core values this party has stood for and abused high office what appears to be his own selfish gain. Over the past several weeks that mix of emotions has been replaced by heartbreak as his administration has enacted, and then defended, a set of policies that have directly resulted in the separation of children from their parents. As both a seminary graduate and an ordained church elder, it brings additional pain to see that that the Bible, the same Scripture this party has used to defend "family values," has been perverted to defend practices that are the antithesis of that phrase.

Read more…

Facebook Defends Universal Data Collection

Since June of last year, Facebook has been publishing a series called Hard Questions. In the latest installment in that series, David Baser, Facebook's Product Management Director, gives some details about what kind of data Facebook collects on you even if you don't have a Facebook account. David acknowledges that his post is partly a response to a question Congress posed to Mark Zuckerberg last week, which puts him a bit on the defensive with regard to the fact of this type of data collection. To wit, why does Facebook do something as arguably intrusive as collect data on folks who have no other relationship to the site?

Read more…