| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
en:philosophy:dbus_failure [2022/03/28 04:25]
i3_relativism [Introduction] add missing links |
en:philosophy:dbus_failure [2024/01/14 16:10] (current)
throgh [What are the issues?] |
| ====== About ====== | ====== Failure of D-Bus ====== |
| |
| With [[https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/|hyperbolaBSD]], d-bus and related linux specific frameworks will **eventually be deprecated**, according to our [[en:contrib:hyperbola_roadmap|Roadmap]] | With [[https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/|HyperbolaBSD]], D-bus and related Linux specific frameworks will **eventually be deprecated**, according to our [[en:manual:contrib:hyperbola_roadmap|Roadmap]]. |
| With release of version 0.4, the **end of support for D-Bus** was marked [[https://www.hyperbola.info/news/milky-way-v04-release/|among other inovations]]. | With release of version 0.4, the **end of support for D-Bus** was marked [[https://www.hyperbola.info/news/milky-way-v04-release/|among other inovations]]. |
| | |
| ===== Introduction ===== | ===== Introduction ===== |
| |
| **D-Bus** is [[https://dvdhrm.github.io/rethinking-the-dbus-message-bus/|over-engineered and orphaned]], ussually on critical systems which prioritize privacy, security and freedom like [[en:start|hyperbola]], it becomes **unecessary** and **avoidable**. In fact, pure C API is quite laborious and its use, requires writing large amounts of boilerplate code, to the point where its own API documentation states: “If you use this low-level API directly, you're signing up for some pain.” | **D-Bus** is [[https://dvdhrm.github.io/rethinking-the-dbus-message-bus/|over-engineered and orphaned]], ussually on critical systems which prioritize privacy, security and freedom like [[en:start|Hyperbola]], it becomes **unecessary** and **avoidable**. In fact, pure C API is quite laborious and its use, requires writing large amounts of boilerplate code, to the point where its own [[https://dbus.freedesktop.org/doc/dbus/libdbus-tutorial.html|API documentation]] states: “If you use this low-level API directly, you're signing up for some pain.” |
| Therefore the adopting of this kinds of frameworks is hard to **respect modular and lightweight** premisses and by consequence our [[en:project:social_contract|Social Contract]]. While atack surface is [[https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/net/unix/af_unix.c?id=27eac47b00789522ba00501b0838026e1ecb6f05|massively and exponentional increased]]. | Therefore the adopting of this kinds of frameworks is hard to **respect modular and lightweight** premisses and by consequence our [[en:project:social_contract|Social Contract]]. While atack surface is [[https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/net/unix/af_unix.c?id=27eac47b00789522ba00501b0838026e1ecb6f05|massively and exponentional increased]]. |
| |
| ===== What are the issues? ===== | ===== What are the issues? ===== |
| |
| There are also many nasty open and known vunerabilities in d-bus codebase. | There are many **nasty**, **absurd** open **bugs** and also known **vulnerabilities**, as well as **conceptual problems** in d-bus codebase. The bugs range from uncontrolled [[https://bugs.freedesktop.org/show_bug.cgi?id=80817|memory usage]], over silent [[https://bugs.freedesktop.org/show_bug.cgi?id=52372|dropping of messages]], to [[https://bugs.freedesktop.org/show_bug.cgi?id=28355|dead-locks by design]], unsolved for up to 7 years. Looking closer, most of them simply **cannot be solved without breaking** guarantees long given by [[https://dbus.freedesktop.org/doc/dbus-daemon.1.html|dbus-daemon(1)]], the reference implementation. |
| * Absurd bugs and and conceptional problems: The bugs range from uncontrolled memory usage, over silent dropping of messages, to dead-locks by design, unsolved for up to 7 years. Looking closer, most of them simply cannot be solved without breaking guarantees long given by dbus-daemon(1), the reference implementation. | |
| |
| | Besides that even the reference-implementation is also made obsolete by others done, like [[https://github.com/bus1/dbus-broker|dbus-broker]] **being only implemented for GNU/Linux**. This is another approval about the on-going removal of standards ([[https://github.com/bus1/dbus-broker/wiki|source]]). |
| ===== Privacy problems ===== | ===== Privacy problems ===== |
| |
| Not to speak that **D-Bus leaks machine-id** across applications and userland which causes concerns on what regards to [[https://unix.stackexchange.com/questions/395331/is-machine-id-a-uuid|privacy, fingerprinting, and user control]]. | Not to speak that **D-Bus leaks machine-id** across applications and userland which causes concerns on what regards to [[https://unix.stackexchange.com/questions/395331/is-machine-id-a-uuid|privacy, fingerprinting, and user control]]. |
| ===== Replacement ===== | |
| |
| In packages where **D-Bus** is required, explore [[https://openwrt.org/docs/techref/ubus#what_s_the_difference_between_ubus_vs_dbus|ubus]], **gio** and **kio** as possible replacements, [[https://www.github.com/bus1/dbus-broker/wiki|dbus-broker]] isn't a solution because it requires bus-1 (D-Bus inside kernel) and [[https://www.hyperbola.info/news/end-of-systemd-support/|libsystemd]]. | |
| |
| [[https://openwrt.org/docs/techref/ubus|Ubus]] is the planned **D-Bus replacement** for those packages where D-Bus is required, however its development was focused to be used in [[https://dvdhrm.github.io/rethinking-the-dbus-message-bus/|OpenWrt for embedded machines and contains a different syntax]]. | |
| |
| <note>more **research** is needed to see if **its possible** the adoption in a more **complex environment**.</note> | Furthermore there are implementations based on **D-Bus** to record metrics events locally on the device ([[https://github.com/endlessm/eos-metrics|link to project]]). |