[Beowulf] Repenting for sins against Dell (on good Friday, no less)

Joe Landman landman at scalableinformatics.com
Fri Apr 10 09:56:45 PDT 2009 

Mark Hahn wrote:
>>> I'd like to add that Dell's DKMS (Dynamics Kernel Management System) is
>>> great:
>>>
>>> http://linux.dell.com/projects.shtml#dkms
> 
> really?  I've never much seen the point, since when I want a kernel
> update, it's almost never for drivers, but more fundamental parts of the 
> kernel, often not even modules.  I suppose that a vendor's 
> responsibility might focus on drivers, though.

dkms is useful for a few folks.  We keep running into issues with it 
rebuilding wrong versions of modules, and then we have to back out the 
changes and fix it.  More often than not, we simply turn it off, and it 
saves us time/effort/headache.

> 
>> build a way for customers to buy proprietary linux apps (e.g. games) via
>> authenticated/keyed access to yum repos, he could singlehandedly create
>> a serious userland linux market.
> 
> HP has its own distro, but is still trying to use a traditional approach 
> to making patches patches available.  (ie, ftp patch files
> that unpack to rpm(s), install script and docs).  it seems pretty 
> obvious that yum repos are the way to go (is there any _technical_
> reason to prefer deb's?  to me, the gist of a distro is the web of 

Yeah ... from a construction point of view, you can have many many 
different flavors of RPM.  Customer might have an RPM from a vendor that 
purports to install on RHEL, only to find out that it is *only* later 
version of RHEL, 4.x and earlier be damned ... which means you have lots 
of spec file debugging to do ...

Been there, done that.  I'd argue for a tarball with an included minimal 
spec file for people who want to build their own RPMs (intel does it 
this way).  But don't distribute code as an RPM.


> version dependencies that it presents when installed.  why distros
> at all?  because dependecies are normally a digraph, sometimes cyclic,
> so it's really hard to share non-leaf packages between distros...

Yup.  And this is a problem if the distro flavor/version has very 
different dependencies.  Just try to build some FC* RPMs on RHEL.  Quite 
an intriguing (and masochistic) experience.

> 
>> Cut a deal with vmware on the side, add full out-of-the-box lin/win
> 
> is there any reason to prever vmware over one of the free VMs?

Its everywhere, and server is free.

> 
>> via yum and he could take the office desktop by storm.  Secure windows
>> -- run from inside linux!

We do this already, have been for years.

> 
> I'm not so sure about that - why would VMed windows be more secure?

Very simple.  Better firewalling, disk snapshotting, etc.  You could 
even run windows w/o virus/firewall on itself, as recovery would be as 
simple as copying the last good disk image and wiping out the changes since.

> my understanding is that the thing that makes windows vulnerable is the 
> hooks that make windows integration work.  and it's the integration
> that people expect, no?

We can severely restrict windows running on a VM on linux, so that it 
cannot ever see the threatening servers (by restricting what IPs can 
connect to the VM).  We can do stateful packet filtering through linux.

All of these things are very very hard to get right in windows.  More 
often than not they don't, and we get exploits burning through the 
windows population, pissing off admins and IT management, and causing 
the rest of us to shake our heads in sympathy.

This is why, the premier windows HPC shop at Cornell still runs 
anti-virus on each of its cluster nodes (c.f. 
http://www.cac.cornell.edu/Documentation/Software/Tables/SoftwareWindows.aspx 
and search for Anti-virus, now compare that to their linux system 
http://www.cac.cornell.edu/Documentation/Software/Tables/SoftwareLinux.aspx 
and look for Anti-virus).

If they were running windows atop Linux in a VM session, with the 
appropriate firewalling, the windows machines would  be less likely to 
be corrupted/corruptable, as no backchannels would be allowed, and the 
connections could be rigidly controlled.

This, curiously enough, would lower the per-VM cost, by eliminating 
unnecessary packages.  There are other advantages to this, but the net 
is that it would be better for all concerned to keep Windows  behind a 
linux firewall.


-- 
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: landman at scalableinformatics.com
web  : http://www.scalableinformatics.com
        http://jackrabbit.scalableinformatics.com
phone: +1 734 786 8423 x121
fax  : +1 866 888 3112
cell : +1 734 612 4615

More information about the Beowulf mailing list