[Beowulf] Repenting for sins against Dell (on good Friday, no less)

Robert G. Brown rgb at phy.duke.edu
Fri Apr 10 12:23:03 PDT 2009 

On Fri, 10 Apr 2009, Mark Hahn wrote:

> HP has its own distro, but is still trying to use a traditional approach to 
> making patches patches available.  (ie, ftp patch files
> that unpack to rpm(s), install script and docs).  it seems pretty obvious 
> that yum repos are the way to go (is there any _technical_
> reason to prefer deb's?  to me, the gist of a distro is the web of version

Not that I know of.  Good social and practical ones though.

> dependencies that it presents when installed.  why distros
> at all?  because dependecies are normally a digraph, sometimes cyclic,
> so it's really hard to share non-leaf packages between distros...
>
>> Cut a deal with vmware on the side, add full out-of-the-box lin/win
>
> is there any reason to prever vmware over one of the free VMs?

The last time I tried them (a year or so ago) they were much less stable
than vmware.  That may have improved at this point.  The other advantage
to vmware is its really excellent user interface.  I love vmware
workstation, and I love the (almost identical) server interface as
well).  It makes configuring/install vms completely painless, and the
server package has some really cool stuff like the ability to be
remote/script controlled so you can shut down a VM, rsync a perfect copy
for a backup or clone to run on another server, and reboot the VM all
without being there.

The only reason I can think of to prefer the free ones to vmware is the
price, and the general karmic goodness of using open vs closed source.
But most of my use of vmware is professional or semiprofessional and I'm
too busy to have time to mess with or participate in the resolution of
bugs in the OS versions.  If/when they're stable and userspace usable, I
might try them again for my personal use but for a client with expensive
downtime I really do like vmware at this point BOTH for its support and
stability AND for the fact that it works very very well.  Year+ uptime
is not unreasonable if that's something you want, up except when
performing maintenance or the kind of backup described above.

>> via yum and he could take the office desktop by storm.  Secure windows
>> -- run from inside linux!
>
> I'm not so sure about that - why would VMed windows be more secure?
> my understanding is that the thing that makes windows vulnerable is the hooks 
> that make windows integration work.  and it's the integration
> that people expect, no?

Several ways.  If you run Windows inside a NAT (trivial interface
option), it has no ports exposed to the outside world and linux acts as
a firewall, making windows no more expensive to a certain class of
attacks than the linux host.  Also, you can snapshot Windows (say, right
after an install) and if it looks like it's been hacked you can just
revert to the snap.  In fact, you can snapshot Windows right after a
clean install, boot it and run it for the day's work, and NOT SAVE BACK
any alterations of its image but reboot clean from the snap EVERY day.
Go ahead and crack it -- next boot it goes away and one has to get in
all over again, under circumstances where one cannot even bounce a
single packet off of the actual Windows client.

Periodically you have to boot it clean and run Windows Update etc and
let java update and so on and resnap.  It helps to use samba or the like
to serve userspace, although that does slightly increase average
vulnerability.  It's a sysadmin decision as to whether users can
actually alter even their own userspace area permanently.

Obviously if you run fascist and reboot from snap daily, cracking
windows is nearly impossible and quite fruitless even if you succeed.
But I feel fairly comfortable with Win under Lin even on a bridged
network where one "can" see the windows client.  It isn't up very long
or very often, I use only linux for anything linux can do, and this too
greatly minimizes exposure since Linux these days can do damn near
anything.  I use my laptop install primarily for access to a Cisco VPN
(because Cisco sucks and still doesn't support linux worth a damn) and
to be able to run/debug a Windows-only EMR client.

    rgb

> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org sponsored by Penguin Computing
> To change your subscription (digest mode or unsubscribe) visit 
> http://www.beowulf.org/mailman/listinfo/beowulf
>

Robert G. Brown                            Phone(cell): 1-919-280-8443
Duke University Physics Dept, Box 90305
Durham, N.C. 27708-0305
Web: http://www.phy.duke.edu/~rgb
Book of Lilith Website: http://www.phy.duke.edu/~rgb/Lilith/Lilith.php
Lulu Bookstore: http://stores.lulu.com/store.php?fAcctID=877977

More information about the Beowulf mailing list