Symfony Profiler

null

Proxies\__CG__\App\Entity\Entry {#1585
  +user: Proxies\__CG__\App\Entity\User {#2448 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1525 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#1618 …}
  +slug: "Fedora-40-Will-Enable-Systemd-Service-Security-Hardening"
  +title: "Fedora 40 Will Enable Systemd Service Security Hardening"
  +url: "https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening"
  +body: """
    Summary\n
    =======\n
    \n
    Improve security by enabling some of the high level systemd security hardening settings that isolate and sandbox default system services.\n
    \n
    Benefit to Fedora\n
    =================\n
    \n
    Fedora services will get a significant security boost by default by avoiding or mitigating any unknown security vulnerabilities in default system services.
    """
  +type: "link"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 12
  +favouriteCount: 107
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1702643082 {#1717
    date: 2023-12-15 13:24:42.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#1625 …}
  +votes: Doctrine\ORM\PersistentCollection {#1617 …}
  +reports: Doctrine\ORM\PersistentCollection {#1723 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2364 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2359 …}
  +badges: Doctrine\ORM\PersistentCollection {#1908 …}
  +children: [
    App\Entity\EntryComment {#1640
      +user: App\Entity\User {#265 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1585 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1525 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1593 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1591 …}
      +body: """
        Yeah, it’s not really advertised as an init system anymore. It’s an entire system management suite, and when seen from that angle, it’s pretty good at it too. All of it is consistent, it’s fairly powerful, and it’s usually 10-20 lines of unit files to describe what you want. I wanted that for a long time.\n
        \n
        I feel like the hate always comes from the people that treat the UNIX philosophy like religion. And even then, systemd is very modular, just also well integrated together: networkd manages my network, resolved manages my DNS, journald manages my logs, timesyncd manages my NTP, logind manages my logins and sessions, homed mounts my users profiles on demand.\n
        \n
        Added complexity, yes, but I’ve been using the hell out of it. Start services when a specific peripheral is plugged in? Got it. Automatically assign devices to seats? Logind’s got you covered, don’t even need to mess with xorg configs. VM network? networkd handles it. DNS caching? Out of the box. Split DNS? One command. Don’t want 2000 VMs rotating their logs at exactly midnight and trashing your ceph cluster? Yep just slap a RandomizedDelaySec=24h to the units. Isolate and pin a VM to dedicated cores dynamically? Yep it’ll do that. Services that needs to run on a specific NUMA node to stay close to PCIe peripherals? Yep easy. All very easily configurable with things like Ansible or bash provisioning scripts.\n
        \n
        Sure it may not be for everybody, but it solves real problems real Linux admins have to deal with at scale. If you don’t like it, sysvinit still works just fine and I heard good things about runit too. It’s an old and tired argument, it’s been over 10 years, we can stop whining about it and move on. There’s plenty of non-systemd distros to use.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 55
      +score: 0
      +lastActive: DateTime @1702615718 {#1698
        date: 2023-12-15 05:48:38.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Chewy7324@discuss.tchncs.de"
        "@PseudoSpock@lemmy.dbzer0.com"
        "@NekkoDroid@programming.dev"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1590 …}
      +nested: Doctrine\ORM\PersistentCollection {#1553 …}
      +votes: Doctrine\ORM\PersistentCollection {#1662 …}
      +reports: Doctrine\ORM\PersistentCollection {#1656 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1563 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1559 …}
      -id: 223452
      -bodyTs: "'-20':46 '10':45,299 '2000':182 '24h':200 'ad':121 'admin':262 'advertis':6 'also':88 'alway':68 'angl':24 'ansibl':243 'anymor':11 'argument':294 'assign':146 'automat':145 'bash':245 'box':174 'cach':170 'ceph':193 'close':230 'cluster':194 'come':69 'command':178 'complex':122 'config':163 'configur':239 'consist':36 'core':211 'cover':154 'deal':265 'dedic':210 'demand':120 'describ':52 'devic':147 'distro':317 'dns':99,169,176 'dynam':212 'easi':235 'easili':238 'entir':15 'even':81,157 'everybodi':254 'exact':188 'fair':39 'feel':64 'file':50 'fine':279 'good':28,283 'got':143,152 'handl':167 'hate':67 'heard':282 'hell':130 'home':114 'init':9 'integr':90 'isol':204 'journald':100 'like':65,78,242,273 'line':47 'linux':261 'll':215 'log':103,186 'login':111 'logind':108,150 'long':61 'manag':17,93,97,101,105,109 'may':250 'mess':160 'midnight':189 'modular':86 'mount':115 'move':308 'need':158,220 'network':95,165 'networkd':92,166 'node':227 'non':315 'non-systemd':314 'ntp':107 'numa':226 'old':291 'one':177 'pcie':232 'peopl':72 'peripher':139,233 'philosophi':77 'pin':206 'plenti':312 'plug':141 'power':40 'pretti':27 'problem':259 'profil':118 'provis':246 'randomizeddelaysec':199 'real':258,260 'realli':5 'religion':79 'resolv':96 'rotat':184 'run':222 'runit':286 'scale':268 'script':247 'seat':149 'seen':21 'servic':135,218 'session':113 'slap':197 'solv':257 'specif':138,225 'split':175 'start':134 'stay':229 'still':276 'stop':303 'suit':18 'sure':248 'system':10,16 'systemd':83,316 'sysvinit':275 'thing':241,284 'time':62 'timesyncd':104 'tire':293 'togeth':91 'trash':191 'treat':74 'unit':49,203 'unix':76 'use':128,319 'user':117 'usual':44 've':126 'vm':164,208 'vms':183 'want':55,57,181 'well':89 'whine':304 'work':277 'xorg':162 'yeah':1 'year':300 'yep':195,213,234 'yes':123"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.max-p.me/comment/1693808"
      +editedAt: null
      +createdAt: DateTimeImmutable @1702615718 {#1609
        date: 2023-12-15 05:48:38.0 +01:00
      }
      +"title": 223452
    }
  ]
  -id: 22335
  -titleTs: "'40':2 'enabl':4 'fedora':1 'harden':8 'secur':7 'servic':6 'systemd':5"
  -bodyTs: "'avoid':36 'benefit':22 'boost':32 'default':19,34,44 'enabl':5 'fedora':24,25 'get':28 'harden':13 'high':9 'improv':2 'isol':16 'level':10 'mitig':38 'sandbox':18 'secur':3,12,31,41 'servic':21,26,46 'set':14 'signific':30 'summari':1 'system':20,45 'systemd':11 'unknown':40 'vulner':42"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1702694070
  +visibility: "visible             "
  +apId: "https://discuss.tchncs.de/post/7809185"
  +editedAt: null
  +createdAt: DateTimeImmutable @1702607670 {#1645
    date: 2023-12-15 03:34:30.0 +01:00
  }
  +__isInitialized__: true
   …2
}

Proxies\__CG__\App\Entity\Entry {#1585
  +user: Proxies\__CG__\App\Entity\User {#2448 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1525 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#1618 …}
  +slug: "Fedora-40-Will-Enable-Systemd-Service-Security-Hardening"
  +title: "Fedora 40 Will Enable Systemd Service Security Hardening"
  +url: "https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening"
  +body: """
    Summary\n
    =======\n
    \n
    Improve security by enabling some of the high level systemd security hardening settings that isolate and sandbox default system services.\n
    \n
    Benefit to Fedora\n
    =================\n
    \n
    Fedora services will get a significant security boost by default by avoiding or mitigating any unknown security vulnerabilities in default system services.
    """
  +type: "link"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 12
  +favouriteCount: 107
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1702643082 {#1717
    date: 2023-12-15 13:24:42.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#1625 …}
  +votes: Doctrine\ORM\PersistentCollection {#1617 …}
  +reports: Doctrine\ORM\PersistentCollection {#1723 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2364 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2359 …}
  +badges: Doctrine\ORM\PersistentCollection {#1908 …}
  +children: [
    App\Entity\EntryComment {#1640
      +user: App\Entity\User {#265 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1585 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1525 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1593 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1591 …}
      +body: """
        Yeah, it’s not really advertised as an init system anymore. It’s an entire system management suite, and when seen from that angle, it’s pretty good at it too. All of it is consistent, it’s fairly powerful, and it’s usually 10-20 lines of unit files to describe what you want. I wanted that for a long time.\n
        \n
        I feel like the hate always comes from the people that treat the UNIX philosophy like religion. And even then, systemd is very modular, just also well integrated together: networkd manages my network, resolved manages my DNS, journald manages my logs, timesyncd manages my NTP, logind manages my logins and sessions, homed mounts my users profiles on demand.\n
        \n
        Added complexity, yes, but I’ve been using the hell out of it. Start services when a specific peripheral is plugged in? Got it. Automatically assign devices to seats? Logind’s got you covered, don’t even need to mess with xorg configs. VM network? networkd handles it. DNS caching? Out of the box. Split DNS? One command. Don’t want 2000 VMs rotating their logs at exactly midnight and trashing your ceph cluster? Yep just slap a RandomizedDelaySec=24h to the units. Isolate and pin a VM to dedicated cores dynamically? Yep it’ll do that. Services that needs to run on a specific NUMA node to stay close to PCIe peripherals? Yep easy. All very easily configurable with things like Ansible or bash provisioning scripts.\n
        \n
        Sure it may not be for everybody, but it solves real problems real Linux admins have to deal with at scale. If you don’t like it, sysvinit still works just fine and I heard good things about runit too. It’s an old and tired argument, it’s been over 10 years, we can stop whining about it and move on. There’s plenty of non-systemd distros to use.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 55
      +score: 0
      +lastActive: DateTime @1702615718 {#1698
        date: 2023-12-15 05:48:38.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Chewy7324@discuss.tchncs.de"
        "@PseudoSpock@lemmy.dbzer0.com"
        "@NekkoDroid@programming.dev"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1590 …}
      +nested: Doctrine\ORM\PersistentCollection {#1553 …}
      +votes: Doctrine\ORM\PersistentCollection {#1662 …}
      +reports: Doctrine\ORM\PersistentCollection {#1656 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1563 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1559 …}
      -id: 223452
      -bodyTs: "'-20':46 '10':45,299 '2000':182 '24h':200 'ad':121 'admin':262 'advertis':6 'also':88 'alway':68 'angl':24 'ansibl':243 'anymor':11 'argument':294 'assign':146 'automat':145 'bash':245 'box':174 'cach':170 'ceph':193 'close':230 'cluster':194 'come':69 'command':178 'complex':122 'config':163 'configur':239 'consist':36 'core':211 'cover':154 'deal':265 'dedic':210 'demand':120 'describ':52 'devic':147 'distro':317 'dns':99,169,176 'dynam':212 'easi':235 'easili':238 'entir':15 'even':81,157 'everybodi':254 'exact':188 'fair':39 'feel':64 'file':50 'fine':279 'good':28,283 'got':143,152 'handl':167 'hate':67 'heard':282 'hell':130 'home':114 'init':9 'integr':90 'isol':204 'journald':100 'like':65,78,242,273 'line':47 'linux':261 'll':215 'log':103,186 'login':111 'logind':108,150 'long':61 'manag':17,93,97,101,105,109 'may':250 'mess':160 'midnight':189 'modular':86 'mount':115 'move':308 'need':158,220 'network':95,165 'networkd':92,166 'node':227 'non':315 'non-systemd':314 'ntp':107 'numa':226 'old':291 'one':177 'pcie':232 'peopl':72 'peripher':139,233 'philosophi':77 'pin':206 'plenti':312 'plug':141 'power':40 'pretti':27 'problem':259 'profil':118 'provis':246 'randomizeddelaysec':199 'real':258,260 'realli':5 'religion':79 'resolv':96 'rotat':184 'run':222 'runit':286 'scale':268 'script':247 'seat':149 'seen':21 'servic':135,218 'session':113 'slap':197 'solv':257 'specif':138,225 'split':175 'start':134 'stay':229 'still':276 'stop':303 'suit':18 'sure':248 'system':10,16 'systemd':83,316 'sysvinit':275 'thing':241,284 'time':62 'timesyncd':104 'tire':293 'togeth':91 'trash':191 'treat':74 'unit':49,203 'unix':76 'use':128,319 'user':117 'usual':44 've':126 'vm':164,208 'vms':183 'want':55,57,181 'well':89 'whine':304 'work':277 'xorg':162 'yeah':1 'year':300 'yep':195,213,234 'yes':123"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.max-p.me/comment/1693808"
      +editedAt: null
      +createdAt: DateTimeImmutable @1702615718 {#1609
        date: 2023-12-15 05:48:38.0 +01:00
      }
      +"title": 223452
    }
  ]
  -id: 22335
  -titleTs: "'40':2 'enabl':4 'fedora':1 'harden':8 'secur':7 'servic':6 'systemd':5"
  -bodyTs: "'avoid':36 'benefit':22 'boost':32 'default':19,34,44 'enabl':5 'fedora':24,25 'get':28 'harden':13 'high':9 'improv':2 'isol':16 'level':10 'mitig':38 'sandbox':18 'secur':3,12,31,41 'servic':21,26,46 'set':14 'signific':30 'summari':1 'system':20,45 'systemd':11 'unknown':40 'vulner':42"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1702694070
  +visibility: "visible             "
  +apId: "https://discuss.tchncs.de/post/7809185"
  +editedAt: null
  +createdAt: DateTimeImmutable @1702607670 {#1645
    date: 2023-12-15 03:34:30.0 +01:00
  }
  +__isInitialized__: true
   …2
}

Proxies\__CG__\App\Entity\Entry {#1585
  +user: Proxies\__CG__\App\Entity\User {#2448 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1525 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#1618 …}
  +slug: "Fedora-40-Will-Enable-Systemd-Service-Security-Hardening"
  +title: "Fedora 40 Will Enable Systemd Service Security Hardening"
  +url: "https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening"
  +body: """
    Summary\n
    =======\n
    \n
    Improve security by enabling some of the high level systemd security hardening settings that isolate and sandbox default system services.\n
    \n
    Benefit to Fedora\n
    =================\n
    \n
    Fedora services will get a significant security boost by default by avoiding or mitigating any unknown security vulnerabilities in default system services.
    """
  +type: "link"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 12
  +favouriteCount: 107
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1702643082 {#1717
    date: 2023-12-15 13:24:42.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#1625 …}
  +votes: Doctrine\ORM\PersistentCollection {#1617 …}
  +reports: Doctrine\ORM\PersistentCollection {#1723 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2364 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2359 …}
  +badges: Doctrine\ORM\PersistentCollection {#1908 …}
  +children: [
    App\Entity\EntryComment {#1640
      +user: App\Entity\User {#265 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1585 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1525 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1593 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1591 …}
      +body: """
        Yeah, it’s not really advertised as an init system anymore. It’s an entire system management suite, and when seen from that angle, it’s pretty good at it too. All of it is consistent, it’s fairly powerful, and it’s usually 10-20 lines of unit files to describe what you want. I wanted that for a long time.\n
        \n
        I feel like the hate always comes from the people that treat the UNIX philosophy like religion. And even then, systemd is very modular, just also well integrated together: networkd manages my network, resolved manages my DNS, journald manages my logs, timesyncd manages my NTP, logind manages my logins and sessions, homed mounts my users profiles on demand.\n
        \n
        Added complexity, yes, but I’ve been using the hell out of it. Start services when a specific peripheral is plugged in? Got it. Automatically assign devices to seats? Logind’s got you covered, don’t even need to mess with xorg configs. VM network? networkd handles it. DNS caching? Out of the box. Split DNS? One command. Don’t want 2000 VMs rotating their logs at exactly midnight and trashing your ceph cluster? Yep just slap a RandomizedDelaySec=24h to the units. Isolate and pin a VM to dedicated cores dynamically? Yep it’ll do that. Services that needs to run on a specific NUMA node to stay close to PCIe peripherals? Yep easy. All very easily configurable with things like Ansible or bash provisioning scripts.\n
        \n
        Sure it may not be for everybody, but it solves real problems real Linux admins have to deal with at scale. If you don’t like it, sysvinit still works just fine and I heard good things about runit too. It’s an old and tired argument, it’s been over 10 years, we can stop whining about it and move on. There’s plenty of non-systemd distros to use.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 55
      +score: 0
      +lastActive: DateTime @1702615718 {#1698
        date: 2023-12-15 05:48:38.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@Chewy7324@discuss.tchncs.de"
        "@PseudoSpock@lemmy.dbzer0.com"
        "@NekkoDroid@programming.dev"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1590 …}
      +nested: Doctrine\ORM\PersistentCollection {#1553 …}
      +votes: Doctrine\ORM\PersistentCollection {#1662 …}
      +reports: Doctrine\ORM\PersistentCollection {#1656 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1563 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1559 …}
      -id: 223452
      -bodyTs: "'-20':46 '10':45,299 '2000':182 '24h':200 'ad':121 'admin':262 'advertis':6 'also':88 'alway':68 'angl':24 'ansibl':243 'anymor':11 'argument':294 'assign':146 'automat':145 'bash':245 'box':174 'cach':170 'ceph':193 'close':230 'cluster':194 'come':69 'command':178 'complex':122 'config':163 'configur':239 'consist':36 'core':211 'cover':154 'deal':265 'dedic':210 'demand':120 'describ':52 'devic':147 'distro':317 'dns':99,169,176 'dynam':212 'easi':235 'easili':238 'entir':15 'even':81,157 'everybodi':254 'exact':188 'fair':39 'feel':64 'file':50 'fine':279 'good':28,283 'got':143,152 'handl':167 'hate':67 'heard':282 'hell':130 'home':114 'init':9 'integr':90 'isol':204 'journald':100 'like':65,78,242,273 'line':47 'linux':261 'll':215 'log':103,186 'login':111 'logind':108,150 'long':61 'manag':17,93,97,101,105,109 'may':250 'mess':160 'midnight':189 'modular':86 'mount':115 'move':308 'need':158,220 'network':95,165 'networkd':92,166 'node':227 'non':315 'non-systemd':314 'ntp':107 'numa':226 'old':291 'one':177 'pcie':232 'peopl':72 'peripher':139,233 'philosophi':77 'pin':206 'plenti':312 'plug':141 'power':40 'pretti':27 'problem':259 'profil':118 'provis':246 'randomizeddelaysec':199 'real':258,260 'realli':5 'religion':79 'resolv':96 'rotat':184 'run':222 'runit':286 'scale':268 'script':247 'seat':149 'seen':21 'servic':135,218 'session':113 'slap':197 'solv':257 'specif':138,225 'split':175 'start':134 'stay':229 'still':276 'stop':303 'suit':18 'sure':248 'system':10,16 'systemd':83,316 'sysvinit':275 'thing':241,284 'time':62 'timesyncd':104 'tire':293 'togeth':91 'trash':191 'treat':74 'unit':49,203 'unix':76 'use':128,319 'user':117 'usual':44 've':126 'vm':164,208 'vms':183 'want':55,57,181 'well':89 'whine':304 'work':277 'xorg':162 'yeah':1 'year':300 'yep':195,213,234 'yes':123"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://lemmy.max-p.me/comment/1693808"
      +editedAt: null
      +createdAt: DateTimeImmutable @1702615718 {#1609
        date: 2023-12-15 05:48:38.0 +01:00
      }
      +"title": 223452
    }
  ]
  -id: 22335
  -titleTs: "'40':2 'enabl':4 'fedora':1 'harden':8 'secur':7 'servic':6 'systemd':5"
  -bodyTs: "'avoid':36 'benefit':22 'boost':32 'default':19,34,44 'enabl':5 'fedora':24,25 'get':28 'harden':13 'high':9 'improv':2 'isol':16 'level':10 'mitig':38 'sandbox':18 'secur':3,12,31,41 'servic':21,26,46 'set':14 'signific':30 'summari':1 'system':20,45 'systemd':11 'unknown':40 'vulner':42"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1702694070
  +visibility: "visible             "
  +apId: "https://discuss.tchncs.de/post/7809185"
  +editedAt: null
  +createdAt: DateTimeImmutable @1702607670 {#1645
    date: 2023-12-15 03:34:30.0 +01:00
  }
  +__isInitialized__: true
   …2
}

null

App\Entity\EntryComment {#1640
  +user: App\Entity\User {#265 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1585
    +user: Proxies\__CG__\App\Entity\User {#2448 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1525 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1618 …}
    +slug: "Fedora-40-Will-Enable-Systemd-Service-Security-Hardening"
    +title: "Fedora 40 Will Enable Systemd Service Security Hardening"
    +url: "https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening"
    +body: """
      Summary\n
      =======\n
      \n
      Improve security by enabling some of the high level systemd security hardening settings that isolate and sandbox default system services.\n
      \n
      Benefit to Fedora\n
      =================\n
      \n
      Fedora services will get a significant security boost by default by avoiding or mitigating any unknown security vulnerabilities in default system services.
      """
    +type: "link"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 12
    +favouriteCount: 107
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1702643082 {#1717
      date: 2023-12-15 13:24:42.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1625 …}
    +votes: Doctrine\ORM\PersistentCollection {#1617 …}
    +reports: Doctrine\ORM\PersistentCollection {#1723 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2364 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2359 …}
    +badges: Doctrine\ORM\PersistentCollection {#1908 …}
    +children: [
      App\Entity\EntryComment {#1640}
    ]
    -id: 22335
    -titleTs: "'40':2 'enabl':4 'fedora':1 'harden':8 'secur':7 'servic':6 'systemd':5"
    -bodyTs: "'avoid':36 'benefit':22 'boost':32 'default':19,34,44 'enabl':5 'fedora':24,25 'get':28 'harden':13 'high':9 'improv':2 'isol':16 'level':10 'mitig':38 'sandbox':18 'secur':3,12,31,41 'servic':21,26,46 'set':14 'signific':30 'summari':1 'system':20,45 'systemd':11 'unknown':40 'vulner':42"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1702694070
    +visibility: "visible             "
    +apId: "https://discuss.tchncs.de/post/7809185"
    +editedAt: null
    +createdAt: DateTimeImmutable @1702607670 {#1645
      date: 2023-12-15 03:34:30.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1525 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1593 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1591 …}
  +body: """
    Yeah, it’s not really advertised as an init system anymore. It’s an entire system management suite, and when seen from that angle, it’s pretty good at it too. All of it is consistent, it’s fairly powerful, and it’s usually 10-20 lines of unit files to describe what you want. I wanted that for a long time.\n
    \n
    I feel like the hate always comes from the people that treat the UNIX philosophy like religion. And even then, systemd is very modular, just also well integrated together: networkd manages my network, resolved manages my DNS, journald manages my logs, timesyncd manages my NTP, logind manages my logins and sessions, homed mounts my users profiles on demand.\n
    \n
    Added complexity, yes, but I’ve been using the hell out of it. Start services when a specific peripheral is plugged in? Got it. Automatically assign devices to seats? Logind’s got you covered, don’t even need to mess with xorg configs. VM network? networkd handles it. DNS caching? Out of the box. Split DNS? One command. Don’t want 2000 VMs rotating their logs at exactly midnight and trashing your ceph cluster? Yep just slap a RandomizedDelaySec=24h to the units. Isolate and pin a VM to dedicated cores dynamically? Yep it’ll do that. Services that needs to run on a specific NUMA node to stay close to PCIe peripherals? Yep easy. All very easily configurable with things like Ansible or bash provisioning scripts.\n
    \n
    Sure it may not be for everybody, but it solves real problems real Linux admins have to deal with at scale. If you don’t like it, sysvinit still works just fine and I heard good things about runit too. It’s an old and tired argument, it’s been over 10 years, we can stop whining about it and move on. There’s plenty of non-systemd distros to use.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 55
  +score: 0
  +lastActive: DateTime @1702615718 {#1698
    date: 2023-12-15 05:48:38.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Chewy7324@discuss.tchncs.de"
    "@PseudoSpock@lemmy.dbzer0.com"
    "@NekkoDroid@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1590 …}
  +nested: Doctrine\ORM\PersistentCollection {#1553 …}
  +votes: Doctrine\ORM\PersistentCollection {#1662 …}
  +reports: Doctrine\ORM\PersistentCollection {#1656 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1563 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1559 …}
  -id: 223452
  -bodyTs: "'-20':46 '10':45,299 '2000':182 '24h':200 'ad':121 'admin':262 'advertis':6 'also':88 'alway':68 'angl':24 'ansibl':243 'anymor':11 'argument':294 'assign':146 'automat':145 'bash':245 'box':174 'cach':170 'ceph':193 'close':230 'cluster':194 'come':69 'command':178 'complex':122 'config':163 'configur':239 'consist':36 'core':211 'cover':154 'deal':265 'dedic':210 'demand':120 'describ':52 'devic':147 'distro':317 'dns':99,169,176 'dynam':212 'easi':235 'easili':238 'entir':15 'even':81,157 'everybodi':254 'exact':188 'fair':39 'feel':64 'file':50 'fine':279 'good':28,283 'got':143,152 'handl':167 'hate':67 'heard':282 'hell':130 'home':114 'init':9 'integr':90 'isol':204 'journald':100 'like':65,78,242,273 'line':47 'linux':261 'll':215 'log':103,186 'login':111 'logind':108,150 'long':61 'manag':17,93,97,101,105,109 'may':250 'mess':160 'midnight':189 'modular':86 'mount':115 'move':308 'need':158,220 'network':95,165 'networkd':92,166 'node':227 'non':315 'non-systemd':314 'ntp':107 'numa':226 'old':291 'one':177 'pcie':232 'peopl':72 'peripher':139,233 'philosophi':77 'pin':206 'plenti':312 'plug':141 'power':40 'pretti':27 'problem':259 'profil':118 'provis':246 'randomizeddelaysec':199 'real':258,260 'realli':5 'religion':79 'resolv':96 'rotat':184 'run':222 'runit':286 'scale':268 'script':247 'seat':149 'seen':21 'servic':135,218 'session':113 'slap':197 'solv':257 'specif':138,225 'split':175 'start':134 'stay':229 'still':276 'stop':303 'suit':18 'sure':248 'system':10,16 'systemd':83,316 'sysvinit':275 'thing':241,284 'time':62 'timesyncd':104 'tire':293 'togeth':91 'trash':191 'treat':74 'unit':49,203 'unix':76 'use':128,319 'user':117 'usual':44 've':126 'vm':164,208 'vms':183 'want':55,57,181 'well':89 'whine':304 'work':277 'xorg':162 'yeah':1 'year':300 'yep':195,213,234 'yes':123"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.max-p.me/comment/1693808"
  +editedAt: null
  +createdAt: DateTimeImmutable @1702615718 {#1609
    date: 2023-12-15 05:48:38.0 +01:00
  }
  +"title": 223452
}

App\Entity\EntryComment {#1640
  +user: App\Entity\User {#265 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1585
    +user: Proxies\__CG__\App\Entity\User {#2448 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1525 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1618 …}
    +slug: "Fedora-40-Will-Enable-Systemd-Service-Security-Hardening"
    +title: "Fedora 40 Will Enable Systemd Service Security Hardening"
    +url: "https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening"
    +body: """
      Summary\n
      =======\n
      \n
      Improve security by enabling some of the high level systemd security hardening settings that isolate and sandbox default system services.\n
      \n
      Benefit to Fedora\n
      =================\n
      \n
      Fedora services will get a significant security boost by default by avoiding or mitigating any unknown security vulnerabilities in default system services.
      """
    +type: "link"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 12
    +favouriteCount: 107
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1702643082 {#1717
      date: 2023-12-15 13:24:42.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1625 …}
    +votes: Doctrine\ORM\PersistentCollection {#1617 …}
    +reports: Doctrine\ORM\PersistentCollection {#1723 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2364 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2359 …}
    +badges: Doctrine\ORM\PersistentCollection {#1908 …}
    +children: [
      App\Entity\EntryComment {#1640}
    ]
    -id: 22335
    -titleTs: "'40':2 'enabl':4 'fedora':1 'harden':8 'secur':7 'servic':6 'systemd':5"
    -bodyTs: "'avoid':36 'benefit':22 'boost':32 'default':19,34,44 'enabl':5 'fedora':24,25 'get':28 'harden':13 'high':9 'improv':2 'isol':16 'level':10 'mitig':38 'sandbox':18 'secur':3,12,31,41 'servic':21,26,46 'set':14 'signific':30 'summari':1 'system':20,45 'systemd':11 'unknown':40 'vulner':42"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1702694070
    +visibility: "visible             "
    +apId: "https://discuss.tchncs.de/post/7809185"
    +editedAt: null
    +createdAt: DateTimeImmutable @1702607670 {#1645
      date: 2023-12-15 03:34:30.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1525 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1593 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1591 …}
  +body: """
    Yeah, it’s not really advertised as an init system anymore. It’s an entire system management suite, and when seen from that angle, it’s pretty good at it too. All of it is consistent, it’s fairly powerful, and it’s usually 10-20 lines of unit files to describe what you want. I wanted that for a long time.\n
    \n
    I feel like the hate always comes from the people that treat the UNIX philosophy like religion. And even then, systemd is very modular, just also well integrated together: networkd manages my network, resolved manages my DNS, journald manages my logs, timesyncd manages my NTP, logind manages my logins and sessions, homed mounts my users profiles on demand.\n
    \n
    Added complexity, yes, but I’ve been using the hell out of it. Start services when a specific peripheral is plugged in? Got it. Automatically assign devices to seats? Logind’s got you covered, don’t even need to mess with xorg configs. VM network? networkd handles it. DNS caching? Out of the box. Split DNS? One command. Don’t want 2000 VMs rotating their logs at exactly midnight and trashing your ceph cluster? Yep just slap a RandomizedDelaySec=24h to the units. Isolate and pin a VM to dedicated cores dynamically? Yep it’ll do that. Services that needs to run on a specific NUMA node to stay close to PCIe peripherals? Yep easy. All very easily configurable with things like Ansible or bash provisioning scripts.\n
    \n
    Sure it may not be for everybody, but it solves real problems real Linux admins have to deal with at scale. If you don’t like it, sysvinit still works just fine and I heard good things about runit too. It’s an old and tired argument, it’s been over 10 years, we can stop whining about it and move on. There’s plenty of non-systemd distros to use.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 55
  +score: 0
  +lastActive: DateTime @1702615718 {#1698
    date: 2023-12-15 05:48:38.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Chewy7324@discuss.tchncs.de"
    "@PseudoSpock@lemmy.dbzer0.com"
    "@NekkoDroid@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1590 …}
  +nested: Doctrine\ORM\PersistentCollection {#1553 …}
  +votes: Doctrine\ORM\PersistentCollection {#1662 …}
  +reports: Doctrine\ORM\PersistentCollection {#1656 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1563 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1559 …}
  -id: 223452
  -bodyTs: "'-20':46 '10':45,299 '2000':182 '24h':200 'ad':121 'admin':262 'advertis':6 'also':88 'alway':68 'angl':24 'ansibl':243 'anymor':11 'argument':294 'assign':146 'automat':145 'bash':245 'box':174 'cach':170 'ceph':193 'close':230 'cluster':194 'come':69 'command':178 'complex':122 'config':163 'configur':239 'consist':36 'core':211 'cover':154 'deal':265 'dedic':210 'demand':120 'describ':52 'devic':147 'distro':317 'dns':99,169,176 'dynam':212 'easi':235 'easili':238 'entir':15 'even':81,157 'everybodi':254 'exact':188 'fair':39 'feel':64 'file':50 'fine':279 'good':28,283 'got':143,152 'handl':167 'hate':67 'heard':282 'hell':130 'home':114 'init':9 'integr':90 'isol':204 'journald':100 'like':65,78,242,273 'line':47 'linux':261 'll':215 'log':103,186 'login':111 'logind':108,150 'long':61 'manag':17,93,97,101,105,109 'may':250 'mess':160 'midnight':189 'modular':86 'mount':115 'move':308 'need':158,220 'network':95,165 'networkd':92,166 'node':227 'non':315 'non-systemd':314 'ntp':107 'numa':226 'old':291 'one':177 'pcie':232 'peopl':72 'peripher':139,233 'philosophi':77 'pin':206 'plenti':312 'plug':141 'power':40 'pretti':27 'problem':259 'profil':118 'provis':246 'randomizeddelaysec':199 'real':258,260 'realli':5 'religion':79 'resolv':96 'rotat':184 'run':222 'runit':286 'scale':268 'script':247 'seat':149 'seen':21 'servic':135,218 'session':113 'slap':197 'solv':257 'specif':138,225 'split':175 'start':134 'stay':229 'still':276 'stop':303 'suit':18 'sure':248 'system':10,16 'systemd':83,316 'sysvinit':275 'thing':241,284 'time':62 'timesyncd':104 'tire':293 'togeth':91 'trash':191 'treat':74 'unit':49,203 'unix':76 'use':128,319 'user':117 'usual':44 've':126 'vm':164,208 'vms':183 'want':55,57,181 'well':89 'whine':304 'work':277 'xorg':162 'yeah':1 'year':300 'yep':195,213,234 'yes':123"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.max-p.me/comment/1693808"
  +editedAt: null
  +createdAt: DateTimeImmutable @1702615718 {#1609
    date: 2023-12-15 05:48:38.0 +01:00
  }
  +"title": 223452
}

App\Entity\EntryComment {#1640
  +user: App\Entity\User {#265 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1585
    +user: Proxies\__CG__\App\Entity\User {#2448 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1525 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#1618 …}
    +slug: "Fedora-40-Will-Enable-Systemd-Service-Security-Hardening"
    +title: "Fedora 40 Will Enable Systemd Service Security Hardening"
    +url: "https://fedoraproject.org/wiki/Changes/SystemdSecurityHardening"
    +body: """
      Summary\n
      =======\n
      \n
      Improve security by enabling some of the high level systemd security hardening settings that isolate and sandbox default system services.\n
      \n
      Benefit to Fedora\n
      =================\n
      \n
      Fedora services will get a significant security boost by default by avoiding or mitigating any unknown security vulnerabilities in default system services.
      """
    +type: "link"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 12
    +favouriteCount: 107
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1702643082 {#1717
      date: 2023-12-15 13:24:42.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#1625 …}
    +votes: Doctrine\ORM\PersistentCollection {#1617 …}
    +reports: Doctrine\ORM\PersistentCollection {#1723 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2364 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2359 …}
    +badges: Doctrine\ORM\PersistentCollection {#1908 …}
    +children: [
      App\Entity\EntryComment {#1640}
    ]
    -id: 22335
    -titleTs: "'40':2 'enabl':4 'fedora':1 'harden':8 'secur':7 'servic':6 'systemd':5"
    -bodyTs: "'avoid':36 'benefit':22 'boost':32 'default':19,34,44 'enabl':5 'fedora':24,25 'get':28 'harden':13 'high':9 'improv':2 'isol':16 'level':10 'mitig':38 'sandbox':18 'secur':3,12,31,41 'servic':21,26,46 'set':14 'signific':30 'summari':1 'system':20,45 'systemd':11 'unknown':40 'vulner':42"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1702694070
    +visibility: "visible             "
    +apId: "https://discuss.tchncs.de/post/7809185"
    +editedAt: null
    +createdAt: DateTimeImmutable @1702607670 {#1645
      date: 2023-12-15 03:34:30.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1525 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1593 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1591 …}
  +body: """
    Yeah, it’s not really advertised as an init system anymore. It’s an entire system management suite, and when seen from that angle, it’s pretty good at it too. All of it is consistent, it’s fairly powerful, and it’s usually 10-20 lines of unit files to describe what you want. I wanted that for a long time.\n
    \n
    I feel like the hate always comes from the people that treat the UNIX philosophy like religion. And even then, systemd is very modular, just also well integrated together: networkd manages my network, resolved manages my DNS, journald manages my logs, timesyncd manages my NTP, logind manages my logins and sessions, homed mounts my users profiles on demand.\n
    \n
    Added complexity, yes, but I’ve been using the hell out of it. Start services when a specific peripheral is plugged in? Got it. Automatically assign devices to seats? Logind’s got you covered, don’t even need to mess with xorg configs. VM network? networkd handles it. DNS caching? Out of the box. Split DNS? One command. Don’t want 2000 VMs rotating their logs at exactly midnight and trashing your ceph cluster? Yep just slap a RandomizedDelaySec=24h to the units. Isolate and pin a VM to dedicated cores dynamically? Yep it’ll do that. Services that needs to run on a specific NUMA node to stay close to PCIe peripherals? Yep easy. All very easily configurable with things like Ansible or bash provisioning scripts.\n
    \n
    Sure it may not be for everybody, but it solves real problems real Linux admins have to deal with at scale. If you don’t like it, sysvinit still works just fine and I heard good things about runit too. It’s an old and tired argument, it’s been over 10 years, we can stop whining about it and move on. There’s plenty of non-systemd distros to use.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 55
  +score: 0
  +lastActive: DateTime @1702615718 {#1698
    date: 2023-12-15 05:48:38.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@Chewy7324@discuss.tchncs.de"
    "@PseudoSpock@lemmy.dbzer0.com"
    "@NekkoDroid@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1590 …}
  +nested: Doctrine\ORM\PersistentCollection {#1553 …}
  +votes: Doctrine\ORM\PersistentCollection {#1662 …}
  +reports: Doctrine\ORM\PersistentCollection {#1656 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1563 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1559 …}
  -id: 223452
  -bodyTs: "'-20':46 '10':45,299 '2000':182 '24h':200 'ad':121 'admin':262 'advertis':6 'also':88 'alway':68 'angl':24 'ansibl':243 'anymor':11 'argument':294 'assign':146 'automat':145 'bash':245 'box':174 'cach':170 'ceph':193 'close':230 'cluster':194 'come':69 'command':178 'complex':122 'config':163 'configur':239 'consist':36 'core':211 'cover':154 'deal':265 'dedic':210 'demand':120 'describ':52 'devic':147 'distro':317 'dns':99,169,176 'dynam':212 'easi':235 'easili':238 'entir':15 'even':81,157 'everybodi':254 'exact':188 'fair':39 'feel':64 'file':50 'fine':279 'good':28,283 'got':143,152 'handl':167 'hate':67 'heard':282 'hell':130 'home':114 'init':9 'integr':90 'isol':204 'journald':100 'like':65,78,242,273 'line':47 'linux':261 'll':215 'log':103,186 'login':111 'logind':108,150 'long':61 'manag':17,93,97,101,105,109 'may':250 'mess':160 'midnight':189 'modular':86 'mount':115 'move':308 'need':158,220 'network':95,165 'networkd':92,166 'node':227 'non':315 'non-systemd':314 'ntp':107 'numa':226 'old':291 'one':177 'pcie':232 'peopl':72 'peripher':139,233 'philosophi':77 'pin':206 'plenti':312 'plug':141 'power':40 'pretti':27 'problem':259 'profil':118 'provis':246 'randomizeddelaysec':199 'real':258,260 'realli':5 'religion':79 'resolv':96 'rotat':184 'run':222 'runit':286 'scale':268 'script':247 'seat':149 'seen':21 'servic':135,218 'session':113 'slap':197 'solv':257 'specif':138,225 'split':175 'start':134 'stay':229 'still':276 'stop':303 'suit':18 'sure':248 'system':10,16 'systemd':83,316 'sysvinit':275 'thing':241,284 'time':62 'timesyncd':104 'tire':293 'togeth':91 'trash':191 'treat':74 'unit':49,203 'unix':76 'use':128,319 'user':117 'usual':44 've':126 'vm':164,208 'vms':183 'want':55,57,181 'well':89 'whine':304 'work':277 'xorg':162 'yeah':1 'year':300 'yep':195,213,234 'yes':123"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://lemmy.max-p.me/comment/1693808"
  +editedAt: null
  +createdAt: DateTimeImmutable @1702615718 {#1609
    date: 2023-12-15 05:48:38.0 +01:00
  }
  +"title": 223452
}

null

null