Re: [Fwd: Re: AKLUG server]

Greetings:

I was told that there was a discussion going on that concerned me, so I'm
subscribing once more (temporarily) just to set the record straight.

FYI: I have nothing to do with AKLUG, the servers, or Mike's decision to
use Nevaeh Linux. I know it's not his favorite distro, but I believe he
chose to use it because he felt it would be more educational for those
involved. Nevaeh, by design, teaches true Linux internals rather than
distract you with a bunch of fluff that's useless anywhere else.

Anyway, to respond to Damien's post:

> I should start out by saying I don't know a lot about the Corliss
> distro. However, I have compiled apache, mysql and php from source. It's
> not an easy task. When we tried to install these applications on the
> Corliss distro there were problems.

This doesn't surprise me. Many packages on the extras repository aren't
actively maintained, only the ones I actively use are actively maintained.
The extras repository is meant to serve as an example only, so you can set
up your own and not be dependent on anyone else to maintain your
installation.

> 1. Applications were in places I've never seen them in

Agreed. Many package maintainers are idiots, I try to compensate where I
can for that. There is a thirty-year old UNIX philosophy for filesystem
layouts that everyone is way too quick to disregard. For instance,
who told the GNOME idiots that it was okay to put their crap in /usr?
There's a /usr/X11R6 for a reason.

Another difference is that dev tools are under /usr/ccs. Why? In a
hardened configuration there is no place for dev tools on the system. In a
standard Nevaeh install you can either ommit dev tools, or you can just
delete them all later. The rest of the system should work just fine without
it.

Plus, in a less hardened scenario where you leave the tools in place, it
makes it much simpler to secure them by having them segregated and secured by
group privileges to prevent someone from compiling a userland exploit on the
box itself (assuming they got in via an unprivileged service).

In either scenario, Nevaeh is simply making security a bit easier, rather
than harder.

> 2. Some software was old ( can't remember what )

Agreed. I don't believe in staying on the "bleeding edge" if I can avoid
it. We upgrade for security, or if there's a feature that you have to have.
And guess what: with Nevaeh it's trivial to set up your own repository so
*you* get to make that call, you're not at the mercy of my whims.

> 3. Mike couldn't figure out the problem

Mike's a good guy and admin, but he uses Nevaeh (to some extent) under
duress. I have no doubt that he's much more comfortable on Fedora/Red Hat,
and would prefer to use that. Understandable, though we disagree
philosophically there.

I believe, and experience bears out, if you're comfortable on Nevaeh you can
beat any distro into submission. The reverse is not always true.

> If Mike can't figure out the problem what hope do the rest of us have.

This is a sad, sad, response. None of us qualify as the uber-geeks of the
list, we all have strengths and weaknesses. What compounds this is that 90%
of the issues you're likely to have need only google skills to solve. I
don't believe that Nevaeh makes its harder in general to do anything, but
you do sometimes need to be more explicit to get things done. And it's that
way for a reason.

> As a system administrator there are a few things I need to take into
> consideration when building a server.
>
> 1. Who will help me when things go wrong? (tech support)

<G> I built my distro and knowledge (no formal training) via documentation,
the Internet, and experimentation. Does any competent Linux admin really
need more than that? And given that most of the problems you're likely to
have are package-specific, do you need to go further than that package's
mailing list, web site, etc.?

> 2. How easy is it to maintain?

I'll put Nevaeh against any distro, there. I deliberately made it trivial
for anyone to maintain their own repository. Now you aren't at the mercy of
some dubious provider to provide binary package updates. Just add a working
patch to the repository or an updated source tarball and install. And
that's one of the main themes of Nevaeh -- self-sufficiency. You can take
Nevaeh and run with it, and never give a second thought to me again.

> 3. Will the OS be there for me in 5 years or so? (updates etc...)

My code contribution is a drop in the bit bucket, and all of it easily
ignored. The distro is 99% all mainstream packages used by all the distros,
so, yes, it will be there (and maintained) for the forseeable future.

Is there commercial support? No. But I have yet to find *any* commercial
software support worth paying for, and that includes IBM. My maintenance
contracts with them are strictly for access to software updates, not support.

> I'll use Ubuntu Dapper as an example.
>
> 1. It has 5 years of updates on the server
> 2. I get support from the Ubuntu forums, mailing list, IRC and AKLUG
> 3. To get updates I just type "sudo apt-get upgrade"
>
> I'm sure the Corliss distro is stable and secure. However, after evaluating
> the situation I think the Corliss distribution is the wrong tool for the job.

I would challenge that assumption. Point out specifics about what's *wrong*
about Nevaeh for any server-related task and we can evaluate that from
there. But I have yet to hear anything specific that makes Nevaeh a bad
Internet server. Never mind the fact that it's been deployed far and wide
as such already.

As for support five years from now: you can update from your own
repositories and not care if I disappear. For that matter, creating the
entire base distro, right down to the installation ISO, can be done entirely
from a snapshot of the repository. There's even makefiles to do all the
work for you. I build a new distro ISO with a handful of make commands.

> One thing to keep in mined here is that not all distributions are
> created equal. While the Corliss distro works in your situation I don't
> think it works for AKLUG. That brings up another issue. Just because you
> know something about Linux does not mean you can maintain any Linux
> distribution. Try going from Suse or Debian to Slack. If you have never
> tried Slackware it'll be FUN! ;-)

That's factually wrong. First of all, I'd assert that any competent
Slackware or Nevaeh admin can admin any other distribution or, for that
matter, UNIX. Of course, anyone managing a box like a Windows admin (can
only do what he/she can point & click) will be useless when a higher level
tool is not available.

The reality is that all distros (and UNIX in general) use the exact same tools
behind the scenes to do the real work. I've personally been able to
configure HP/UX, IRIX, AIX, Solaris, SunOS, FreeBSD, and Linux because the
commands are largely the same (in general, only the format of the arguments
will change, if that) with no training and only access to the man
pages. And all because I knew what linuxconf/yast/whatever is really using
behind the scenes, rather than just the config tool itself.

> If anyone else has anything to say about this feel free to comment.

Are we men or mice? Hackers or users? True hackers like to know what goes
on underneath the hood. And that knowledge, once gained, will take you
*much* farther than learning a config tool. Let there be no doubt: Nevaeh
is a hacker's distro, not a user's distro. It's small, secure, and stable,
without all the non-portable fluff that most the others come with. Oh, and
it also has the one true universal config tool: vi.

> Oh, how do I get a copy of the "Corliss distro"? I'd like to stick it on
> my test network and take it out for a spin. :-)

Anyone who wants a copy of Nevaeh can get it, but be forewarned: I have no
interest in getting users for my distro. Nevaeh Linux exists to make my
life easier and to conform to my world view, nothing else. And even I will
tell you that it's not perfect, it's been evolving for over seven years. I
still don't consider it having reached a 1.0 release, even though I am
confident enough in it to run it in production environments. I'm not done
stealing good ideas from other Unices, for that matter.

The perfect system and OS does not exist. Linux sucks, all distros suck,
Nevaeh sucks. My goal with Nevaeh is just to make it suck a little bit less.

That said, I'll be happier if no one but myself uses my distro. I'll have
more hacking time if I don't have to answer a bunch of questions as to why I
did this/that, or how to use the tool set, even though it's the same tool
set used on every other distribution...

         --Arthur Corliss
           Bolverk's Lair -- http://arthur.corlissfamily.org/
           Digital Mages -- http://www.digitalmages.com/
           "Live Free or Die, the Only Way to Live" -- NH State Motto
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sat Dec 30 22:04:01 2006