[H-GEN] Linux Distribution for A Dell Poweredge 840?

Tue Feb 27 22:50:54 EST 2007

*chomp* :)

Anthony Irwin wrote:
> What they are saying is if there are services you don't use why
> install and run them. It takes up ram and provides another service
> that could potentially be exploited if a security vulnerability arises
> in that application.

I understood exactly what Robert said. It appears you missed the
completely obvious statement about users.

But what are you doing a distribution that does this by default? If
that's the operating system's default mode of operation, you can only
begin to wonder what other brain dead choices have been made along the
way.

> And in the case of the op they wanted to cut down the amount of
> resources on the host machine to provide the most resources to the
> virtualized systems. 

Modern virtualisation environments can do very interesting things with
memory sharing. Just because you think you have 10 copies of something
loaded across 10 VMs, doesn't mean you're actually using 10 times the
RAM. Heck, you don't even need to make 10 disk images of the full
capacity. Make one, and use a copy on write style disk change log for
each virtual host. 

> Why run extra things like cups, samba, apache, mysql, xorg and what
> ever else if it is not going to be used. Give the resources (most
> importantly ram not disk space) to the virtual machines. I believe
> that is what the op wanted to know about.

Because a lot of it is required by commonly used applications. Adrian
does more than just provide PHP virtual hosts to clients, and Java can
have a set of requirements best described as "interesting". If you're
not using them, they're sitting dormant on disk, there is very minimal
cost. 

"But I can just install them..." I hear the peanut gallery cry
repeatedly.

Well congratulations Son, you're now back to the original position, and
you've actually saved nothing, and actually spent more time undoing the
work done previously.

Security is not a valid reason, as upon closer examination of where the
known and updated security flaws exist one begins to realise nobody
found the bug in xyz foobar application server, but rather the kernel or
PHP yet again. If that application is not running, it can't possibly do
any harm. If it can, I suggest you review your security policies and
implementations.

High profile targets attract more attention. Simple fact of life in the
IT world.

> Are you serious. Debian caters for a lot more then a corporate
> environment that wants to lock everything down to a standard set of
> applications that they approve for usage.

Completely serious. I don't take my profession and career choice
lightly, and I live in a corporate environment. I never said that Debian
wasn't suitable for a hobbiest. To suggest otherwise is rather
disingenious.

I challenge you to prove that your home hobby systems are administered
to the same standard as my global fleet of servers. 

> So what if I have pine, mutt, thunderbird and evolution on the same
> system. Different users want different email programs is that such a
> bad thing if different people work differently.

You've just stated the example case that you're trying to argue against
in a proposed baseline server image. However, home hobby systems are
tangental to the tangent and I won't continue down this path.

-- 
David Jericho
Senior System Administrator, AARNet
Of course, I'm speaking for myself and not my employer