[H-GEN] Linux Distribution for A Dell Poweredge 840?
Anthony Irwin
anthony at server101.com
Wed Feb 28 01:36:49 EST 2007
David Jericho wrote:
>
> Anthony Irwin wrote:
>> What they are saying is if there are services you don't use why
>> install and run them. It takes up ram and provides another service
>> that could potentially be exploited if a security vulnerability arises
>> in that application.
>
> I understood exactly what Robert said. It appears you missed the
> completely obvious statement about users.
>
> But what are you doing a distribution that does this by default? If
> that's the operating system's default mode of operation, you can only
> begin to wonder what other brain dead choices have been made along the
> way.
Ok I think we have conflicting ideas here. When I think servers I
think of systems that users don't have access to. They don't do their
day to day work on them and they don't have accounts to go installing
software.
They may have access to do certain things like download mail, access
file shares, print, ftp etc depending on what the server does.
>> Why run extra things like cups, samba, apache, mysql, xorg and what
>> ever else if it is not going to be used. Give the resources (most
>> importantly ram not disk space) to the virtual machines. I believe
>> that is what the op wanted to know about.
>
> Because a lot of it is required by commonly used applications. Adrian
> does more than just provide PHP virtual hosts to clients, and Java can
> have a set of requirements best described as "interesting". If you're
> not using them, they're sitting dormant on disk, there is very minimal
> cost.
>
I thought he said some where that the system was dedicated to the
virtual systems that he is running for the php cms systems.
> "But I can just install them..." I hear the peanut gallery cry
> repeatedly.
>
> Well congratulations Son, you're now back to the original position, and
> you've actually saved nothing, and actually spent more time undoing the
> work done previously.
>
> Security is not a valid reason, as upon closer examination of where the
> known and updated security flaws exist one begins to realise nobody
> found the bug in xyz foobar application server, but rather the kernel or
> PHP yet again. If that application is not running, it can't possibly do
> any harm. If it can, I suggest you review your security policies and
> implementations.
>
Yes no harm will happen to a system if a service is not running. But
like a previous poster said it is sometimes quicker to start with a
base system with nothing rather then systematically turn off all the
services you don't want running.
I guess you won't agree with the above but I know many people who work
in such a way.
> High profile targets attract more attention. Simple fact of life in the
> IT world.
>
Not sure what you are suggesting here. I still think people should
work to secure their systems as best as they can. Even if you don't
care what happens to your system you should try to avoid having people
use your system for their own purposes such as sending spam and dos
attacks etc.
I looked at my home systems /var/log/auth.log file and the last time
someone tried to brute force the system for a ssh login was less then
6 hours ago. So just because my home system is not a high profile
target does not mean that people don't want to use it to do nasty
things to others.
>> Are you serious. Debian caters for a lot more then a corporate
>> environment that wants to lock everything down to a standard set of
>> applications that they approve for usage.
>
> Completely serious. I don't take my profession and career choice
> lightly, and I live in a corporate environment. I never said that Debian
> wasn't suitable for a hobbiest. To suggest otherwise is rather
> disingenious.
>
> I challenge you to prove that your home hobby systems are administered
> to the same standard as my global fleet of servers.
Not sure why you assume your the only one who looks after larger
networks or works in the industry. I delete my work signature as what
I say on humbug lists is me and not the company I work for.
You seem to think if people don't agree with your way that they are
wrong. Well there is more then one method of doing things and believe
it or not multiple approaches can be correct depending on the situation.
At the moment I work for a company that has a nice infer structure
with ciso firewalls, load balancers, ssl acceleraters as well as emc
network storages devices with more space then I would think you could
ever fill.
But in the past I have worked for companies where I had to go
scrounging around for new hardware. When sales people would get new
systems cause they where complaining I snapped up their old systems to
upgrade servers because the company would not buy decent servers.
Just because hardware is cheap doesn't mean that everyone in humbug is
going to have access to it. Being able to strip down systems to their
minimum and get the most out of them is a handy skill to have even if
in larger companies you will never have to do it.
Many of my home systems are used for different things and I don't want
to go buy newer systems when I can make it work on an older system and
spend my money on something other then new hardware all the time.
Perfect example for a home user is why would someone buy a new
computer for vista when they can keep their current computer and
install beryl if they want wiz bang effects so much.
>
>> So what if I have pine, mutt, thunderbird and evolution on the same
>> system. Different users want different email programs is that such a
>> bad thing if different people work differently.
>
> You've just stated the example case that you're trying to argue against
> in a proposed baseline server image. However, home hobby systems are
> tangental to the tangent and I won't continue down this path.
>
Yes I guess I did mix and match points for server systems and
workstations.
But I don't see why you put home hobby systems in there as a
description of people wanting to use different software on their
system. Is a windows or mac user who tweaks their work computer and
installs extra software to make them more productive a hobby user also.
The company I work for allows us to look after our own workstations
and use any operating system and tools we want on our workstations and
we have people using all sorts of different things with mainly debian
and fedora with kde and gnome as the norm for most and lets not even
think about text editors, web browsers and email because everyone is
different there.
Sure for the servers and other hardware their is set policy on what we
use to make it standard across the board.
I guess I have ranted and raved in here at places and your likely to
put your ideal corporate structure and buy better hardware for the job
attitude but I think both is right to some degree if the company is
bigger then get better hardware and migrate old services over and
remove old hardware from the rack but believe it or not there are home
users, non-profits and even small companies that don't want to spend a
lot of money on the IT infer structure and if they can grab an old
desktop and turn it into a print server with no other services besides
ssh, samba and cups and have it work fine then that is what they will do.
Just today there was a message about the computer bank an organisation
which I believe takes old hardware puts linux on it and turns it into
a workable system for people who can't afford a computer. I am
guessing they use a customized system to get better performance out of
the older hardware.
Anyway I know that we are not going to agree we have and similar
discussions on list before but free software can be used on big
budgets and no budget where you scrounge around for hardware. Why else
would humbugers go sprinting to the front of the room to sift through
ancient hardware that I would think no one would want.
Kind Regards,
Anthony Irwin
More information about the General
mailing list