[Beowulf] Repenting for sins against Dell (on good Friday, no less)
Joe Landman
landman at scalableinformatics.com
Fri Apr 10 09:56:45 PDT 2009
Mark Hahn wrote:
>>> I'd like to add that Dell's DKMS (Dynamics Kernel Management System) is
>>> great:
>>>
>>> http://linux.dell.com/projects.shtml#dkms
>
> really? I've never much seen the point, since when I want a kernel
> update, it's almost never for drivers, but more fundamental parts of the
> kernel, often not even modules. I suppose that a vendor's
> responsibility might focus on drivers, though.
dkms is useful for a few folks. We keep running into issues with it
rebuilding wrong versions of modules, and then we have to back out the
changes and fix it. More often than not, we simply turn it off, and it
saves us time/effort/headache.
>
>> build a way for customers to buy proprietary linux apps (e.g. games) via
>> authenticated/keyed access to yum repos, he could singlehandedly create
>> a serious userland linux market.
>
> HP has its own distro, but is still trying to use a traditional approach
> to making patches patches available. (ie, ftp patch files
> that unpack to rpm(s), install script and docs). it seems pretty
> obvious that yum repos are the way to go (is there any _technical_
> reason to prefer deb's? to me, the gist of a distro is the web of
Yeah ... from a construction point of view, you can have many many
different flavors of RPM. Customer might have an RPM from a vendor that
purports to install on RHEL, only to find out that it is *only* later
version of RHEL, 4.x and earlier be damned ... which means you have lots
of spec file debugging to do ...
Been there, done that. I'd argue for a tarball with an included minimal
spec file for people who want to build their own RPMs (intel does it
this way). But don't distribute code as an RPM.
> version dependencies that it presents when installed. why distros
> at all? because dependecies are normally a digraph, sometimes cyclic,
> so it's really hard to share non-leaf packages between distros...
Yup. And this is a problem if the distro flavor/version has very
different dependencies. Just try to build some FC* RPMs on RHEL. Quite
an intriguing (and masochistic) experience.
>
>> Cut a deal with vmware on the side, add full out-of-the-box lin/win
>
> is there any reason to prever vmware over one of the free VMs?
Its everywhere, and server is free.
>
>> via yum and he could take the office desktop by storm. Secure windows
>> -- run from inside linux!
We do this already, have been for years.
>
> I'm not so sure about that - why would VMed windows be more secure?
Very simple. Better firewalling, disk snapshotting, etc. You could
even run windows w/o virus/firewall on itself, as recovery would be as
simple as copying the last good disk image and wiping out the changes since.
> my understanding is that the thing that makes windows vulnerable is the
> hooks that make windows integration work. and it's the integration
> that people expect, no?
We can severely restrict windows running on a VM on linux, so that it
cannot ever see the threatening servers (by restricting what IPs can
connect to the VM). We can do stateful packet filtering through linux.
All of these things are very very hard to get right in windows. More
often than not they don't, and we get exploits burning through the
windows population, pissing off admins and IT management, and causing
the rest of us to shake our heads in sympathy.
This is why, the premier windows HPC shop at Cornell still runs
anti-virus on each of its cluster nodes (c.f.
http://www.cac.cornell.edu/Documentation/Software/Tables/SoftwareWindows.aspx
and search for Anti-virus, now compare that to their linux system
http://www.cac.cornell.edu/Documentation/Software/Tables/SoftwareLinux.aspx
and look for Anti-virus).
If they were running windows atop Linux in a VM session, with the
appropriate firewalling, the windows machines would be less likely to
be corrupted/corruptable, as no backchannels would be allowed, and the
connections could be rigidly controlled.
This, curiously enough, would lower the per-VM cost, by eliminating
unnecessary packages. There are other advantages to this, but the net
is that it would be better for all concerned to keep Windows behind a
linux firewall.
--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: landman at scalableinformatics.com
web : http://www.scalableinformatics.com
http://jackrabbit.scalableinformatics.com
phone: +1 734 786 8423 x121
fax : +1 866 888 3112
cell : +1 734 612 4615
More information about the Beowulf
mailing list