IRC log for #fredlug on 20070930

00:32.01plarsenstickster: Have I told you how selinux is always going on my nerves? :)
00:32.12sticksterUmm, no, never
00:32.14stickster:-D
00:32.18sticksterbwahahahahaha
00:32.33plarsenlol
00:32.41sticksterThe SELinux docs really do make it easier to figure out
00:32.45plarsenjust figure out why my named update-allow didn't work
00:32.48plarsenSeLinux!!!
00:32.50plarsenGRRRRR!
00:33.48sticksterIf you're running the setroubleshootd system service and the sealert client, you'll get an alert for SELinux denials, so it's easy to see when it happens and why
00:34.10plarsenIt's CentOS ;)
00:34.17plarsendoesn't have all the selinux bells and whistles on it
00:35.27sticksterAh, well you could just go the route of putting a watch on /var/log/audit/audit.log grepping for "AVC"
00:36.42plarsenUhmmm - I know
00:36.47plarsenMy problem is the error messages
00:37.10plarsenI get "permission denied" nothing about Selinux ... so when I diagnose I dont' get to the point of checking the selinux logs because they aren't mentioned
00:37.24plarsenI wish the error would say "selinux denied" or something
00:37.28plarsenInstead of just "denied"
00:38.21sticksterplarsen: http://danwalsh.livejournal.com/4780.html
00:38.47sticksterFor a lot of daemon's there's a man page....
00:38.47plarsenI'm just a bit puzzled -- the memory foot print of my old server is really getting pushed. It just runs dhcp, named and mail. A pretty inactive web server I used internally
00:38.55sticksteri.e. 'man httpd_selinux' or 'man named_selinux'
00:39.02sticksterI don't know if that helps in this situation
00:39.08plarsenIt has almost 400MB physical and it still ends up swapping :(
00:39.18sticksterHmm
00:39.25sticksterWow, that's heavy
00:39.36plarsen:) cute link
00:39.49plarsenyeah - it's an old box. Well, old and old - 3 years
00:40.12plarsenBeen my backbone server for ages. I just find it slow now when I try to do anything and yesterday when I burned the DVDs it hung on me .. the desktop
00:40.14plarsenI don't get it.
00:40.22sticksterI was running an 8-year-old server (Pentium II/266 MHz) that did Web, named, dhcpd, mail, and a couple other things, didn't swap much
00:40.33sticksterWell, except for that one bad web app I tried, but that was a lark and I threw it away :-D
00:40.47plarsen:) It's predecessor was from 98 :)  It was replaced 2 years ago
00:40.53plarsenWent on retirement
00:41.17plarsenwell, I noticed the last centos Updates installed somekind of kernel debugging stuff
00:41.48plarsen"crashkernel=128M@16M"
00:41.58plarsenMe thinks that's what's going on.
00:42.20sticksterI need to update my server downstairs to CentOS 5.
00:42.35sticksterIt's currently on FC5 and I want to put something longer term on it
00:42.38sticksterSo I can set and forget ;-)
00:42.47plarsenThat's what I was trying to do
00:43.03plarsenActually dogbert is running CentOS5 now
00:43.12plarsenIt crashed (fc4) last fall
00:43.17plarsenor something like that
00:43.26plarsenI think I was writing on here with my frustrations when everything went baserk
00:43.37plarsenSo I put centOS 5 on it to "set and forget"
00:44.18plarsenkernel and selinux updates coming down again
00:44.22plarsenAnother kernel update!!
00:44.24plarsen3rd one!
00:45.41sticksterYeah the issues that caused the Fedora kernel updates are probably in there too. CVE's are generally handled quickly
00:45.51sticksterUnless you'd prefer the holes... ;-)
00:46.33plarsenwell; that's a philosophical discussion.
00:46.37plarsenWhy patch areas you don't use?
00:46.50plarsenThe kernel updates are usually in areas I don't use anyway ;)
00:47.23plarsenif I secure my box right and stop services I don't need, there's no need to patch constantly for every dog darn bug in the kernel that won't effect me anyway
00:48.25sticksterIt all pretty much depends on where in the kernel stack the patches land
00:48.35plarsenright :)
00:48.43plarsenPoint is that every kernel bug doesnt' effect everyone using that kernel
00:49.38sticksterRight, but in a situation where you're running an environment with virtualization, it would be important because you can't predict (or necessarily track) your clients' system usage
00:49.48sticksterAnd you don't want *them* to have downtime, regardless of what your hosts are doing
00:50.16plarsenit's because the kernel is monolitic ... we need to manage it piece-by-piece like we do software packages, libraries etc.
00:50.40sticksterAs long as you want to play the performance price, that's fine
00:50.52sticksterSounds like you should be working with RMS on HURD :-D
00:50.58plarsen?? you just build the module that got patched, and presto!
00:51.05sticksterAs a sysadmin, if virt doesn't apply to you, and you've reviewed the kernel vulnerabilities/patches and they don't apply to you, you can just ignore the updates
00:51.30plarsenI'm not saying to do it blindly ;)
00:51.45plarsenI'm saying the current system treats every issue in the kernel with the save sevirity
00:51.52plarsenok, I give up - can't spell anymore!
00:52.23sticksterI don't know about that... the new repodata now includes update metadata so you can tell security updates from bug fixes/errata
00:52.51sticksterAnd the changelog shows you what the diffs are from the last package, so you can weigh your options
00:54.07plarsenI remember in my Redhat 6.x i liked building static kernels; I  only got the stuff that was needed for the job, no more. All that "fluff" in windows was gone
00:54.13plarsenwhich meant a small footprint
00:54.18sticksterYup, you can still do that now
00:54.37plarsenWe're unfortunately gone the same way on the standard distros. While you can control it, you really don't have that option in mega distros like Fedora
00:54.46plarsenYou need the specialized distros or do it y ourself
00:55.07sticksterDon't have what option?
00:55.18plarsenand still use yum etc??
00:55.19plarsenNope?
00:55.41plarsenIt's linux right - but if you want to take advantage of the distro itself, I don't see manual kernel building as an option?
00:55.46sticksterWhy not?
00:56.08plarsenbecause of the lack of dependecy control?
00:56.11sticksterYou can exclude the kernel from yum updates if you don't want to run 'yum --exclude=kernel' every time
00:56.27sticksterThere's very few packages that depend on kernel versioning, so you're pretty safe there.
00:56.35plarsenLet's say I take away all the USB stuff; yum will still add the frigging executables for USB if it thinks a piece of software might need it.
00:56.53plarsenI know ... and I should do that on my laptop actually
00:57.03plarsenvmware and vpnclients are depending on the kernel as is
00:57.19sticksterWhat the packages require and what you run on the system are two different things though.
00:58.04sticksterI would assume if you're building a custom kernel that you're not going to be using that system for general desktop use
00:58.23plarsenthe idea is a minimized system. so if I take the time to select modules and functionality in the kernel, I would definitely want to do the same on the app layer
00:58.33plarsenI agree :)
00:58.57plarsenKernel building is not for "mr. ordinary" ... he shouldn't care. It's cheaper to add a bit more memory than being memory conservative.
00:59.17plarsenBut that's one of my attractions to Linux - the control
00:59.35sticksterI still don't see why you're complaining you can't do that with modern distros.
00:59.40sticksterYou absolutely can.
00:59.49plarsenI just felt it went out of the window with first RH8 and now Fedora, SUSE etc.  Way too much is being pushed in there to "compete with windows".
01:00.02sticksterBullshit.
01:00.05plarsenyeah?
01:00.28sticksterYeah. You can still get a very minimal system by installing the Base package group only, making a minimal kernel, and installing only the packages you need.
01:00.45plarsenBASE? I did a "base" today - 1100 packages!
01:00.50sticksterNope, that's not base.
01:01.02sticksterOops, I'm sorry, I used the wrong term.
01:01.07sticksterIt's @Core
01:01.13sticksterYou can't get that out of the GUI.
01:01.15plarsenohh, that's different ...
01:01.28plarsenI'm not saying you can't make your own kernel.
01:01.42plarsenBut I am Saying that the way yum/rpm works, they don't care what I have in my kernel
01:01.59sticksterWhy would they?
01:02.01plarsenSo if I don't have support for something, they'll still install the dependencies for that, like USB, on the app side.
01:02.19plarsenMy point is, that makes it pretty hard to manage then if what I wanted was a minialistic system
01:02.25sticksterOnly if you install the package groups and stuff that require those things.
01:02.39sticksterI think you have a misunderstanding about what's actually required in the app stack.
01:02.44sticksterIt's very little.
01:03.05sticksterMost of what you wouldn't want with a minimal kernel would be things you would have left out anyway, by not installing the full-blown GUI desktop stuff
01:03.32sticksterLike I said, try installing a system using Kickstart, and only the @Core package group.
01:03.38sticksterYou will be very surprised at how small it is.
01:03.43plarsenDefinitely not ... the idea is exactly NOT to have a huge gui etc. etc. etc. but specific functions like firewalls, web servers etc.
01:04.04sticksterBut you keep saying you're going to get all these software updates you don't want with that, and that's not so.
01:04.10plarsenLast time I "kickstarted" as 3 years ago. I'll give it a try again
01:04.36sticksterYou get updates based on your current package complement, so if you cut it down by running a truly minimal install, you're going to get minimal updates as well.
01:04.38plarsenI am ... let's say I want to install pam sync and I excluded USB
01:04.41plarsenin the kernel
01:04.58plarsenIt's still going to include lsusb etc. utils because the utility can use usb
01:05.08plarseneven though I might only want to use serial communciation
01:05.31sticksterWhat is "pam sync"? I can't find that in the package lists
01:05.32plarsenThat's my point. It's "include everything" that the package manager does.
01:06.20plarsenJust an example - the "true" name is "GNOME PilotSync"
01:06.32plarsenIt has abilities for usb, network, serial etc. to talk to the palm
01:06.33sticksterWhy the heck would you install that on a minimal system?
01:06.47plarsenand it'll install all of the abilities even if my system doesn't have the ability to do USB for instance.
01:06.53plarsenIt's the principle ;)
01:07.05plarsenthe idea is the app depencency is done independent of the kernel setup
01:07.16sticksterplarsen: Then you would want to build a custom package that disables the usb stack in that application, and fix the SRPM accordingly
01:07.27plarsenbingo!!
01:07.59plarsenAnd there goes the point of the distro ;) I know I can do it - and I can defintely take Fedora or SUSE or similar, and tweak it to my likings. But once done, I loose the distro "advantage" ...
01:08.14sticksterYes, but you're trying to meet two diametrically opposed objectives at the same time -- a "minimal" system and a desktop GUI environment.
01:08.14sticksterThe two do not mix.
01:08.14plarsenSo I might as well just do my own distro and do all the hard work
01:09.08sticksterSo you want a distro that AVOIDS meeting any helpful goals for any one group so that everyone can suffer through having to custom build everything all the time?
01:09.10plarsenlook besides that the app I use is a gui - the dependency system is the same for text and gui apps.
01:09.16sticksterWow, *that* is a distro no one would use.
01:09.19plarsenWhile guis usually have more depencies of course.
01:09.29sticksterEither that, or it's Gentoo.
01:09.43plarsenit's two different goals.
01:09.50sticksterRight, which one do you want?
01:09.56plarsenIf your goal is to make an easy system to use, you can't take a minialistic approach = microsoft solution
01:10.15sticksterBut it's not that you can't take a minimalistic approach.
01:10.26plarsenAll I said was that when I started, linux was trying to be minialistic ... that's no longer the case.
01:10.41sticksterLinux is now able to meet a lot of different needs based on the goals of a distro.
01:11.01sticksterAfter 11 years of using it, I would never trade what we have now for what we had back then.
01:11.10sticksterWe actually have a system that's worth using for non-niche cases now.
01:11.24sticksterAnd we've done it without sacrificing security and stability.
01:11.46plarsen:) I agree that Fedora and other distros are making it possible for "normal" users to get exposure and we can generalize the use of the system
01:11.51sticksterBut you *can* do minimal with modern distros.  You can't do minimal and full-blown at the same time.
01:12.26sticksterAnd I think anyone who thinks meeting both goals at the same time is worthwhile or somehow pushes the boundaries of FOSS is mistaken
01:12.26plarsenBut's done on the foundation of getting away from the roots; if I want to make a simple router I more or less have to make my own distro now. The small specialized distros for that are sorta way behind the wheel now.
01:12.48sticksterNope, DSL or Smoothwall are going plenty strong
01:13.17plarsenI'm talking as a system architect - not a user ;) I don't want Fedora to change for users. What I do miss is distros made with "specialities" in mind. Like a simple webserver, dns, mail or whatever.
01:13.23sticksterAnd again, you can get that in something like Fedora too, because again, you're leaving out all that app crap you don't want on a router.
01:13.33plarsenI haven't seen anything new out of DSL for quite a while?
01:13.41plarsenI don't know smoothwall
01:14.08sticksterplarsen: Wha??? DSL release candidate just came out two weeks ago!!!
01:14.14plarsenhuh??
01:14.30sticksterhttp://damnsmalllinux.org/cgi-bin/forums/ikonboard.cgi?act=ST;f=36;t=19097
01:14.32plarsenMaybe my links needs to be updated. I haven't seen anything for months
01:14.58plarsenHmmm -wonder why my rss isn't picking anything up
01:15.07sticksterSmoothwall is another minimal Deb-based distro, probably one of the best small business router distros availbale.
01:15.53sticksterInstalls and configures in about five minutes.
01:16.28plarsenAhh, but the mirrors say 2006 for latest release :(
01:16.36plarsenwasn't all tha twrong.
01:17.04sticksterYeah, but stable releases aren't a sign of how much work is being done
01:17.15sticksterOtherwise Debian would be a big dead body
01:17.18plarsenJune 2006 is still more than a year ago
01:17.25plarsenThat's sorta dead to me ;)
01:18.15sticksterWell, one misses out on a lot of what's cool in FOSS if one only looks for stable releases
01:19.17sticksterI'm working up a tiny-sys kickstart right now to see exactly how big it ends up
01:19.21plarsenwell, I've made a consious choice of not being a beta-runner. When it comes to what I do, I want stable/tested releases. I use "foss" or the betas to see directions etc. but not to use for real.
01:19.30sticksterNo, I don't run betas either.
01:19.41sticksterBut I don't judge the progress of projects on just their stable releases either
01:19.41plarsenprerelease/rc are beta
01:19.47plarsenOhhh I don't either
01:19.50plarsenI just don't use them for prod :)
01:20.11sticksterright, but you said you hadn't "seen anything new" out of DSL, but they've been putting out RCs for a while now
01:20.23sticksterI'm just saying they're in the game and going strong
01:20.45plarsennew to me would be releases I can take and use
01:20.55plarsennot beta/trial that's not production ready
01:21.03plarsenthat's what rcs are
01:21.24sticksterWell, now you're talking about lots of incremental point releases, and not half an hour ago you were lamenting how many updates you were getting! :-D
01:21.48sticksterThat means you get to spend your work life testing for production rollouts
01:21.49plarsenI said the "small" install in Fedora gave me 1100 packages :) That aint small ;)
01:22.08sticksterBut that wasn't small, it was what you *thought* was small, which is not necessarily the same thing
01:22.34plarsenhehe - true
01:23.54sticksterOK... working up that ks file
01:24.02plarsenkk
01:26.40sticksterMan, you have to love dd and friends
01:27.22plarsenohhh yeah
01:27.39plarsennot sure if winblows ever got anything similar to dd
01:29.34sticksterActually they have one now
01:29.42sticksterI think some fellow named.... errr....
01:29.44sticksterGeorge Garner maybe?
01:29.47sticksterHe wrote it.
01:29.58sticksterSo you can do physical images of drives, etc. for forensic and other purposes
01:30.03plarsenyeah?? so Vista finally did something smart?
01:30.04plarsenright!
01:30.22plarsenwell, the resource kits have had stuff like that, not exactly dd but stuff that could could manipulate streams
01:30.50plarseni just wish it was part of standard install
01:32.10sticksterIt works on NT/2000/XP, maybe Vista too
01:32.26plarsenyou're talking about a 3rd party tool??
01:32.54plarsenAhhh - yeah, that's what cygwin and ksh was for.
01:33.06plarsenI think it was ksh - it made all standard linux commands available on windows
01:33.13plarsenNeeded for Oracle installs :)
01:33.14plarsenhehe
01:35.58sticksterI'm trying to remember what the Cygwin thing I saw the other night was
01:36.08sticksterSome sort of GUI glue that was pretty neat
01:36.22sticksterAlthough I thought to myself, at that point I'd probably just rather be using Linux! :-D
01:47.22stickster343 packages for @Core.
01:47.28sticksterAnd apparently, that's *not* as low as you can go
01:48.35sticksterIf you write the kickstart to only include the few packages bash, kernel, syslinux, passwd, policycoreutils, chkconfig, authoconfig, and rootfiles, that's the minimum.
01:48.41sticksterI'll try that next to see what happens.
01:49.15sticksterYeah, this one includes X libs.
01:49.30sticksterNot the GUI, just libs
01:54.53sticksterAbout 769 MB in real space on the disk, probably ~650-700 in actual data
02:02.23sticksterYeah, I see a bunch of things that could be removed.
02:05.02stickstercups, avahi, specspo...
02:06.00sticksterNetworkManager :-D
02:10.57plarsenback
02:11.39plarsenloots of stuff not needed ;)
02:11.56plarsenI think you're getting my drift a bit. But yeah, 343 is much less than 1100
02:12.17plarsenIknow I can control it; but it means loosing "fedora" per say?
02:19.38sticksterI haven't reached the minimal set yet
02:19.43sticksterStill working on it
02:20.55sticksterAha, 141 packages with @Core only and %packages --nobase
02:21.50sticksterYeah, but what is "Fedora" per se?  I would say that it's the integration of awesome desktop functionality and applications with a best-of-breed kernel.
02:22.24sticksterYou already want to take that apart -- which is fine -- so what does it mean to argue about whether it's Fedora any more?
02:22.49sticksterI would say once you lose the desktop experience, it doesn't really matter much which Linux you use.
02:22.57sticksterWell, not quite.
02:23.09sticksterBut maybe if you lose both the desktop and the integrated server experience...
02:24.54sticksterWell, 141 packages and it still feels like Fedora here.
02:25.39sticksterdu -sm /  ==>  451 MB
02:25.50sticksterSo that's probably about 400 MB or so of actual data.
02:27.15sticksterStill has Python, perl, and much of the expected core command line functionality.
02:40.27*** join/#fredlug IrishW0lf (n=william@70-41-188-87.cust.wildblue.net)
02:42.00sticksterHi IrishW0lf!
02:42.07IrishW0lfhi
02:42.23IrishW0lfgreat meeting this morning, i learned alot
02:42.30plarsenstickster: I don't agree that GUI = Fedora. To me the idea of a distribution is how it integrates tools and management.
02:43.02sticksterWell, you can see the quality and depth of the work by the fact that at only 141 packages and ~400 MB, it still feels like Fedora, CLI only of course, but still there.
02:43.16plarsen:) of course
02:43.24sticksterAs you'll see I corrected myself to include the integration experience, which you still have at this level
02:43.26plarsenBut as things go, for servers who needs GUI?
02:43.33sticksteri.e. chkconfig/service, and so forth.
02:43.47sticksterI noticed yum was not included, but that only adds 5 packages.
02:44.00plarsenright
02:44.02sticksterSo it's pretty slim for a full-featured distro.
02:44.20sticksterI'm frankly amazed that people could build an entire working live distro into 699 MB.
02:44.46plarsenI was amazed when the whole kernel would rest on a single 1.44 floppy :)
02:56.23sticksterYup, I used to make a floppy boot system for work back in those days
03:30.19sticksterheh
05:07.37*** join/#fredlug quigleymd (n=quigleym@c-71-62-130-185.hsd1.va.comcast.net)
14:23.46*** join/#fredlug plarsen (n=plarsen@c-24-125-211-129.hsd1.va.comcast.net)
15:13.43sticksterOops, been awake since 7:30; maybe I shouldn't look like I'm still asleep :-D
20:38.11sticksterAha, looks like we have liftoff this time :-)

Generated by irclog2html.pl Modified by Tim Riker to work with infobot.