Diligesker IT/AI Digest

Tag: Linux

  • systemd timers vs cron: a cleaner way to run scheduled Linux jobs

    systemd timers vs cron: a cleaner way to run scheduled Linux jobs

    systemd timers are worth another look if your Linux servers already run systemd and your scheduled jobs have grown beyond a one-line cron entry. The argument is not that cron is obsolete. It is that many production tasks need logs, status, retry behavior, missed-run handling, and readable schedules more than they need the shortest possible config file.

    The short version

    • systemd timers split the schedule from the work: a .timer decides when to run, while a .service defines what runs.
    • For operators, the biggest win is observability. systemctl status, journalctl, and systemctl list-timers make failures easier to inspect than a quiet crontab.
    • Timer expressions can be wall-clock based, such as OnCalendar=daily, or event based, such as OnBootSec=1h and OnUnitActiveSec=1h.
    • Options like Persistent=true, RandomizedDelaySec, and WakeSystem help with laptops, fleets, and jobs that should not all fire at the same second.
    • Cron still matters, especially across mixed Unix, BSD, embedded, or older Linux environments where systemd is not guaranteed.

    What happened

    Tyler Langlois published a long, practical defense of systemd timers as a better default for many scheduled Linux jobs. The piece walks through a service-and-timer pair, shows how timer units activate matching service units, and points readers toward systemd.time(7) and systemd-analyze calendar for checking schedule expressions before trusting them in production.

    The useful part is the framing. Cron makes it easy to say “run this at this time.” systemd timers make it easier to say “run this service under the same supervision, logging, environment, and failure semantics I use for the rest of the machine.” That matters for backups, cleanup jobs, refresh tasks, polling loops, and other background work that becomes painful only after it fails.

    If you follow Linux and infrastructure tooling, this fits naturally beside other practical operations notes in the IT & AI archive: small workflow changes that do not look dramatic, but remove a lot of late-night debugging.

    Why this is worth watching

    systemd timers change the shape of a scheduled job. Instead of hiding the command inside a crontab line, you describe the command as a service unit. That means stdout and stderr land in the journal, the job can use systemd features such as ExecCondition=, OnFailure=, and Restart=, and the current state is visible through familiar systemctl commands.

    The schedule language is also less narrow than classic cron. OnCalendar= covers fixed dates and times. OnBootSec= handles jobs that should run after a machine has been up for a while. OnUnitActiveSec= handles “run again one hour after the last successful activation” style tasks. For many jobs, that is closer to the real requirement than “run at minute 0 of every hour.”

    The fleet angle is easy to miss. If every server checks the same API at midnight, cron can create avoidable spikes unless you build jitter yourself. systemd timers include randomized delay options, so the schedule can spread work across machines without turning the command into a pile of shell glue.

    What Hacker News readers are arguing about

    The Hacker News discussion was tiny, so there is no broad community verdict to report. The most useful objection came from a commenter who works across mixed commercial environments: cron is still the portable skill, and good cron setups can explicitly set PATH, redirect output, and feed audit logs or syslog pipelines.

    That is the right caveat. systemd timers are compelling when systemd is already the operating layer. They are a weaker default if you support BSD, embedded Linux, vendor appliances, HPC systems, or older distributions where systemd is absent or politically unwelcome. The practical takeaway is not “replace every crontab.” It is “do not leave production Linux jobs in cron by habit when systemd would give you better inspection tools.”

    systemd timers in practice

    The safest first test is a job with annoying failure modes: a backup, cleanup task, local cache refresh, or polling script that already sends people looking through logs. Those are the jobs where systemd timers usually pay for their extra unit file.

    The practical read

    Use cron for simple, portable, low-risk jobs. Use systemd timers when you care about status, logs, dependency ordering, missed runs, restart behavior, or event-based scheduling.

    A reasonable migration path is boring: pick one recurring job that already causes questions when it fails. Move the command into a .service, create a matching .timer, validate the schedule with systemd-analyze calendar, then check it with systemctl list-timers and journalctl -u your-job.service. If that feels clearer than the old crontab, move the next job.

    For developer tool builders, there is also a product lesson here. Scheduled work is easier to trust when the system can answer three questions quickly: when did it last run, what happened, and when will it run again? systemd timers get closer to that model than a bare cron line.

    Sources

  • NixOS 26.05 makes early boot the upgrade to test first

    NixOS 26.05 makes early boot the upgrade to test first

    NixOS 26.05 is less interesting as a package refresh than as an operations release. The headline change is that Stage 1, the early initrd phase before the root filesystem is mounted, now uses systemd by default. For teams that use NixOS because they like reproducible infrastructure, that is exactly the sort of default you test before touching production.

    The short version

    • NixOS 26.05, code-named “Yarara,” ships with seven months of bug fixes and security updates, ending on December 31, 2026.
    • Stage 1 is now systemd-based by default, while the old scripted implementation is deprecated and scheduled for removal in 26.11.
    • Nixpkgs added 20,442 packages, updated 20,641, and removed 17,532, so the release has real package churn.
    • This is the last Nixpkgs release to support x86_64-darwin, which matters for Intel Mac development setups.
    • GNOME 50 and GCC 15 are included, while LLVM stays at version 21.

    What happened

    NixOS 26.05 was announced on May 30, 2026 by the NixOS release managers. The release will receive fixes until December 31, 2026, while NixOS 25.11 reaches end of life on June 30, 2026.

    The scale is large even by Nixpkgs standards. The project says 2,842 contributors produced 59,703 commits for this cycle. Nixpkgs added 20,442 packages, updated 20,641, and removed 17,532 outdated packages. NixOS itself added 85 modules and 1,547 configuration options, while removing 25 modules and 355 options.

    The practical point is simple: NixOS 26.05 is not a casual channel bump for every machine. It deserves the same treatment as any infrastructure upgrade that touches boot behavior, package availability, desktop components, and compiler defaults.

    Why this is worth watching

    The most operationally sensitive change is Stage 1. This is the early boot environment inside initrd, before the system has mounted the real root filesystem. In NixOS 26.05, that stage is now based on systemd by default.

    That may be a welcome cleanup for many users. It aligns early boot with the system manager most Linux operators already know. But it also changes the assumptions around custom initrd hooks, encrypted disks, unusual storage layouts, network boot, recovery flows, and any setup that depended on the older scripted implementation.

    The old scripted Stage 1 is deprecated in this release and scheduled for removal in NixOS 26.11. That gives operators a clear window: test the new path now, while rollback is still easy and the old behavior has not disappeared.

    Nixpkgs 26.05 is also the last release that will support x86_64-darwin. The project says it will keep platform support and binary builds available until Nixpkgs 26.05 goes out of support at the end of 2026. After that, Nixpkgs 26.11 will no longer build packages for x86_64-darwin or support building them from source.

    The stated reasons are ordinary but important: Apple has moved away from the platform, build infrastructure is limited, and volunteer maintainer time is finite. If your team still uses Intel Macs with Nix-managed development shells, this is the moment to decide whether those machines stay pinned, move to Apple Silicon, shift to Linux builders, or run more of the workflow remotely.

    For teams that discover developer tools through package sets and reproducible environments, this is also an app-store-like discovery issue in miniature. The packages that remain easy to install tend to become the tools people actually try. That is why Nix and Linux operations stories often belong beside broader coverage in the IT & AI archive, even when they are not about AI directly.

    NixOS 26.05 upgrade checklist

    Use this release to check the parts of your setup that are hardest to fix after a reboot: initrd behavior, disk access, network boot, Intel Mac builders, compiler-sensitive packages, and desktop extensions.

    What Hacker News readers are arguing about

    The Hacker News thread is small, so it should not be treated as a broad community poll. The useful signal is still clear enough.

    One commenter focused on the package numbers. Updating roughly 20,000 packages sounded plausible given the size of Nixpkgs, but adding 20,442 and removing 17,532 looked unusually high. The question was whether renames or accounting details inflated the turnover, since recent releases had reportedly added closer to 7,000 or 8,000 packages.

    Another commenter pointed at the new NixOS modules as the fun part of each release. That is a good reminder of how people actually use NixOS release notes: not only to check breaking changes, but to discover mature projects that have become first-class enough to get a module.

    The thread is too thin for a verdict on NixOS 26.05. It does show the two checks many Nix users care about: how much churn is real, and what new modules are worth stealing ideas from.

    The practical read

    If you run NixOS on servers or workstations, start with machines that have custom boot behavior. Verify systemd Stage 1 with encrypted storage, remote disk access, nonstandard filesystems, or hardware-specific initrd logic before the old scripted path is removed.

    If you maintain development environments, audit package removals and compiler-sensitive builds. GCC 15 can expose warnings or build failures that were hidden before. GNOME 50 is also worth testing on machines with extensions or display-specific settings.

    If you still depend on Intel Mac builders or x86_64-darwin development shells, treat NixOS 26.05 as the last comfortable planning point. Pinning may buy time, but it is not the same as staying on the maintained path.

    The best upgrade plan is boring: test one representative machine, keep rollback generations available, read the release notes for the modules you use, and only then move the wider fleet.

    Sources

  • Gentoo Linux still asks who controls your system

    Gentoo Linux still asks who controls your system

    Gentoo Linux is easy to caricature as the distribution for people who enjoy waiting for compilers. Michał Górny’s new essay makes a sharper case: the point is not raw speed, it is control. Gentoo is still useful because it forces an old but unresolved question onto the table: who gets to decide what your system includes, how it is built, and which code you trust?

    The short version

    • Gentoo Linux is less about squeezing out a few percent of performance and more about letting users choose build options, dependencies, init systems, libc variants, and patches.
    • Its governance pitch is independence: no single company, donor, forge, or business model should be able to steer the distribution on its own.
    • The security argument is practical, not nostalgic. Gentoo cares about bundled dependencies, static linking, pinned libraries, mirrors, OpenPGP distribution channels, and QA policy.
    • Its ban on LLM generated contributions has become part of the project’s trust model, even though upstream software may still contain AI-assisted code.
    • For more open source and AI infrastructure briefs, see the IT & AI archive.

    What happened

    Górny opens by pushing back on the usual Gentoo joke. Yes, Gentoo builds from source. No, that does not mean the main payoff in 2026 is turning on exotic compiler flags and beating Ubuntu in a benchmark. Modern CPUs are fast, mainstream distributions optimize their packages, and most desktop users will not feel a meaningful difference.

    The better argument is that source builds give Gentoo Linux a different contract with the user. Portage and USE flags make build choices visible. You can decide which optional features a package should include, patch a package before it builds, keep or reject parts of the dependency graph, and run combinations that a binary distribution may never ship as first-class options.

    That matters most when defaults are not enough. A developer can drop a local patch into Portage and have it applied across future package rebuilds. A systems operator can keep a narrow stack rather than accept every optional feature a maintainer enabled for the average user. None of this is frictionless. The trade is time and attention in exchange for a system that explains itself.

    Why this is worth watching

    The essay also frames Gentoo as a governance project. There is no company behind it, no SaaS funnel, and no single commercial roadmap. Infrastructure comes from donations and volunteer work. Górny says the project is even moving away from the Gentoo Foundation toward Software in the Public Interest to reduce the chance that legal or financial administration becomes a bottleneck.

    That may sound organizational, but it affects the software. A distribution depends on servers, mirrors, signing keys, package review, bug handling, and release discipline. If those pieces sit behind one sponsor or one platform, the technical system inherits that dependency.

    Gentoo’s position is more conservative. Codeberg and GitHub can be useful mirrors and contribution channels, but the project does not want to depend on either. That is not a fashionable answer, and it is not the cheapest answer. It is the answer you expect from people who think a distribution should survive a platform policy change or a sponsor walking away.

    Security is where the philosophy gets concrete

    The most practical part of the essay is the security section. Gentoo’s maintainers talk about a dedicated security team, project-controlled infrastructure, OpenPGP-protected distribution channels, and QA rules that often push against upstream habits.

    The examples are familiar to anyone who has dealt with software supply chain risk: bundled dependencies, static linking, pinned versions, and old libraries hiding inside packages. These choices may make upstream development easier, but they can make downstream security updates painful. A distribution that builds from source has more room to catch and unwind those choices, although it also inherits more combinations to test.

    This is the part of Gentoo Linux that feels newly relevant. The industry has spent years hiding build systems behind container images, package registries, managed runtimes, and remote development environments. Those tools are often the right choice. But when something breaks or a dependency becomes toxic, somebody still has to understand the layers underneath.

    What Hacker News readers are arguing about

    The Hacker News discussion is small, but the split is useful. Some longtime users defended Gentoo as a uniquely customizable system. One practical example stood out: putting a local patch under /etc/portage/patches/ so it applies automatically whenever a package is rebuilt. That is the kind of feature that explains Gentoo better than a performance benchmark.

    The more heated thread was about LLM generated code. One commenter said AI tools had helped them fix Arch User Repository package builds and that Gentoo’s strict policy would make contributing less appealing. Others argued that overlays still let users maintain their own packages, while critics called the policy inconsistent because upstream projects may already include AI-assisted changes before Gentoo packages them.

    The strongest defense of the policy was not anti-AI in the abstract. It was about review burden. If maintainers cannot tell whether a patch is understood by the person submitting it, the project absorbs risk it did not choose. The skeptical reply is fair too: a downstream distribution cannot fully audit how every upstream project writes code. Gentoo can set rules for its own tree, but it cannot make the wider ecosystem human-written by decree.

    There was also the expected comparison to Nix and Guix. That comparison is worth making because those systems offer a more formal model for reproducibility and package composition. Gentoo’s answer is different. It is less about a pure functional model and more about giving the local machine, the local maintainer, and the local patch set a lot of room.

    Gentoo Linux trade-offs

    The harder part is deciding when this model is worth the work. Gentoo Linux gives you more control, but it also asks you to carry more context in your head. That is a bad bargain for casual use and a good bargain when the build itself is part of what you need to understand.

    The practical read

    Most people should not switch to Gentoo Linux after reading one essay. Fedora, Ubuntu, Debian, Arch, NixOS, and managed developer environments are easier defaults for many teams. Convenience is not a moral failure.

    But Gentoo remains a useful benchmark for a different value system. If your team ships infrastructure, maintains internal developer tools, or depends on a large open source supply chain, Gentoo’s questions are worth borrowing. Which dependencies are bundled? Which features are enabled by default? Can you patch a package without forking your whole workflow? Who reviews code generated by an LLM? Who understands the system when the abstraction leaks?

    That is the reason this story still travels. Gentoo Linux is not only a distribution. It is a reminder that control has a cost, and sometimes that cost is the point.

    Sources