[H-GEN] Linux Distribution for A Dell Poweredge 840?

Anthony Irwin anthony at server101.com
Wed Feb 28 01:36:49 EST 2007 

David Jericho wrote:
> 
> Anthony Irwin wrote:
>> What they are saying is if there are services you don't use why
>> install and run them. It takes up ram and provides another service
>> that could potentially be exploited if a security vulnerability arises
>> in that application.
> 
> I understood exactly what Robert said. It appears you missed the
> completely obvious statement about users.
> 
> But what are you doing a distribution that does this by default? If
> that's the operating system's default mode of operation, you can only
> begin to wonder what other brain dead choices have been made along the
> way.

Ok I think we have conflicting ideas here. When I think servers I 
think of systems that users don't have access to. They don't do their 
day to day work on them and they don't have accounts to go installing 
software.

They may have access to do certain things like download mail, access 
file shares, print, ftp etc depending on what the server does.

>> Why run extra things like cups, samba, apache, mysql, xorg and what
>> ever else if it is not going to be used. Give the resources (most
>> importantly ram not disk space) to the virtual machines. I believe
>> that is what the op wanted to know about.
> 
> Because a lot of it is required by commonly used applications. Adrian
> does more than just provide PHP virtual hosts to clients, and Java can
> have a set of requirements best described as "interesting". If you're
> not using them, they're sitting dormant on disk, there is very minimal
> cost. 
> 

I thought he said some where that the system was dedicated to the 
virtual systems that he is running for the php cms systems.

> "But I can just install them..." I hear the peanut gallery cry
> repeatedly.
> 
> Well congratulations Son, you're now back to the original position, and
> you've actually saved nothing, and actually spent more time undoing the
> work done previously.
> 
> Security is not a valid reason, as upon closer examination of where the
> known and updated security flaws exist one begins to realise nobody
> found the bug in xyz foobar application server, but rather the kernel or
> PHP yet again. If that application is not running, it can't possibly do
> any harm. If it can, I suggest you review your security policies and
> implementations.
> 

Yes no harm will happen to a system if a service is not running. But 
like a previous poster said it is sometimes quicker to start with a 
base system with nothing rather then systematically turn off all the 
services you don't want running.

I guess you won't agree with the above but I know many people who work 
in such a way.

> High profile targets attract more attention. Simple fact of life in the
> IT world.
> 

Not sure what you are suggesting here. I still think people should 
work to secure their systems as best as they can. Even if you don't 
care what happens to your system you should try to avoid having people 
  use your system for their own purposes such as sending spam and dos 
attacks etc.

I looked at my home systems /var/log/auth.log file and the last time 
someone tried to brute force the system for a ssh login was less then 
6 hours ago. So just because my home system is not a high profile 
target does not mean that people don't want to use it to do nasty 
things to others.

>> Are you serious. Debian caters for a lot more then a corporate
>> environment that wants to lock everything down to a standard set of
>> applications that they approve for usage.
> 
> Completely serious. I don't take my profession and career choice
> lightly, and I live in a corporate environment. I never said that Debian
> wasn't suitable for a hobbiest. To suggest otherwise is rather
> disingenious.
> 
> I challenge you to prove that your home hobby systems are administered
> to the same standard as my global fleet of servers.

Not sure why you assume your the only one who looks after larger 
networks or works in the industry. I delete my work signature as what 
I say on humbug lists is me and not the company I work for.

You seem to think if people don't agree with your way that they are 
wrong. Well there is more then one method of doing things and believe 
it or not multiple approaches can be correct depending on the situation.

At the moment I work for a company that has a nice infer structure 
with ciso firewalls, load balancers, ssl acceleraters as well as emc 
network storages devices with more space then I would think you could 
ever fill.

But in the past I have worked for companies where I had to go 
scrounging around for new hardware. When sales people would get new 
systems cause they where complaining I snapped up their old systems to 
upgrade servers because the company would not buy decent servers.

Just because hardware is cheap doesn't mean that everyone in humbug is 
going to have access to it. Being able to strip down systems to their 
minimum and get the most out of them is a handy skill to have even if 
in larger companies you will never have to do it.

Many of my home systems are used for different things and I don't want 
to go buy newer systems when I can make it work on an older system and 
   spend my money on something other then new hardware all the time.

Perfect example for a home user is why would someone buy a new 
computer for vista when they can keep their current computer and 
install beryl if they want wiz bang effects so much.

> 
>> So what if I have pine, mutt, thunderbird and evolution on the same
>> system. Different users want different email programs is that such a
>> bad thing if different people work differently.
> 
> You've just stated the example case that you're trying to argue against
> in a proposed baseline server image. However, home hobby systems are
> tangental to the tangent and I won't continue down this path.
> 

Yes I guess I did mix and match points for server systems and 
workstations.

But I don't see why you put home hobby systems in there as a 
description of people wanting to use different software on their 
system. Is a windows or mac user who tweaks their work computer and 
installs extra software to make them more productive a hobby user also.

The company I work for allows us to look after our own workstations 
and use any operating system and tools we want on our workstations and 
we have people using all sorts of different things with mainly debian 
and fedora with kde and gnome as the norm for most and lets not even 
think about text editors, web browsers and email because everyone is 
different there.

Sure for the servers and other hardware their is set policy on what we 
use to make it standard across the board.

I guess I have ranted and raved in here at places and your likely to 
put your ideal corporate structure and buy better hardware for the job 
  attitude but I think both is right to some degree if the company is 
bigger then get better hardware and migrate old services over and 
remove old hardware from the rack but believe it or not there are home 
users, non-profits and even small companies that don't want to spend a 
lot of money on the IT infer structure and if they can grab an old 
desktop and turn it into a print server with no other services besides 
ssh, samba and cups and have it work fine then that is what they will do.

Just today there was a message about the computer bank an organisation 
which I believe takes old hardware puts linux on it and turns it into 
a workable system for people who can't afford a computer. I am 
guessing they use a customized system to get better performance out of 
the older hardware.

Anyway I know that we are not going to agree we have and similar 
discussions on list before but free software can be used on big 
budgets and no budget where you scrounge around for hardware. Why else 
would humbugers go sprinting to the front of the room to sift through 
ancient hardware that I would think no one would want.


Kind Regards,
Anthony Irwin

More information about the General mailing list