| View previous topic :: View next topic |
| Author |
Message |
pappy_mcfae
Watchman
Joined: 27 Dec 2007
Posts: 5518
Location: Dallas
|
 Posted: Fri Jan 29, 2010 8:03 pm Post subject: |
 |
|
That was a bit before my time, but I remember you mentioning that incident. Still, it does point the need for some more sane, workable defaults.
When I started the seeds, it was just to get people's systems working properly, without the confusion of knowing what to use, and what to avoid. Now that the concept is maturing, as is my knowledge of the kernel, I can come close to defining a true set of defaults that will work for most systems.
A quick for instance; make defconfig sets the kernel for multicast IP support. Who needs this besides people who are setting up internet "radio" sites? Not many, so why turn this on at all, much less as an apparent default?
I can't answer that one. However, I can modify the settings to reflect the real world need for such things. Since it's not important that most people have IP multicast support, especially in the context of just getting the machine running, that setting is going to default to off in the next seed settings iteration.
Blessed be!
Pappy
_________________
SITE LIST:
Main: http://www.kernel-seeds.org
Mirror: http://kernel-seeds.bloodnoc.org/
Mirror 2: http://kernel-seeds.audiodef.com/
Mirror 3: http://www.elilabs.com/~pappy/ |
|
| Back to top |
|
 |
d2_racing
Moderator
Joined: 25 Apr 2005
Posts: 12849
Location: Ste-Foy,Canada
|
| Posted: Fri Jan 29, 2010 8:11 pm Post subject: |
|
|
By the way Pappy, do you enable the netfilter stuff so that new users can use iptables on their box ?
And what about ipv6 ?
_________________
Sysadmin of Funtoo-Québec.org
Wiki
Signature
IRC on Freenode : #funtoo-quebec |
|
| Back to top |
|
|
pappy_mcfae
Watchman
Joined: 27 Dec 2007
Posts: 5518
Location: Dallas
|
| Posted: Fri Jan 29, 2010 8:29 pm Post subject: |
|
|
No. Iptables is beyond the scope of just getting off the ground. While I am sure some will consider iptables a needed thing, to get a machine up and running, it's not.
The same can also be said for IPv6, but for different reasons.
While there has been lots of buzz about running out of IP addresses, as of yet, this hasn't been an issue for me. Also, there are many packages that will fail compilation, or fail to work altogether, if compiled with ipv6 as a USE flag. This may become an issue when they set up the fully UTF-8 websites (without the standard .com, .org, .edu stuff), but even if it does, it's not going to affect me, nor many in the English speaking world. Therefore, not only is IPv6 unneeded for standard system operation, in some cases, it can cause issues. So, I turn it off. That saves on kernel size, and it cuts out an extra level of math.
What I know of the kernel has grown significantly since I started this project. I'm sure things will change as time moves ahead. That only means that the kernel seed will continue to become more compact and responsive, and even more stable.
Blessed be!
Pappy
_________________
SITE LIST:
Main: http://www.kernel-seeds.org
Mirror: http://kernel-seeds.bloodnoc.org/
Mirror 2: http://kernel-seeds.audiodef.com/
Mirror 3: http://www.elilabs.com/~pappy/ |
|
| Back to top |
|
|
Moriah
Veteran
Joined: 27 Mar 2004
Posts: 1622
Location: Warsaw KY US
|
| Posted: Fri Jan 29, 2010 9:34 pm Post subject: |
|
|
I think that iptables *IS* necessary to get a trustworthy kernel up and running, as only people already protected by an external firewall can legitamatly claim to not need a firewall while they are connected to the internet to fetch all the stuff needed to install a system. Only if you are installing strictly from the distribution live cd and not connected to the internet at all can you say you are safe without any firewall. But then how would you get your Pappy's Seeds? 
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
| Back to top |
|
|
pappy_mcfae
Watchman
Joined: 27 Dec 2007
Posts: 5518
Location: Dallas
|
| Posted: Fri Jan 29, 2010 9:52 pm Post subject: |
|
|
My philosophy on security is as follows: you decide how secure you want to be. Even stripped of most of it's security code, Linux remains infinitely more secure than Windoze. Since I am not paranoid about security, it's a non-issue.
Of course, the same doesn't hold for the web server, but that is a special case. That has all kinds of extra stuff set up security wise. Then again, there are going to be people cavorting about inside the machine, so a little extra security is a good thing in that particular context.
BB!
P
_________________
SITE LIST:
Main: http://www.kernel-seeds.org
Mirror: http://kernel-seeds.bloodnoc.org/
Mirror 2: http://kernel-seeds.audiodef.com/
Mirror 3: http://www.elilabs.com/~pappy/ |
|
| Back to top |
|
|
gerard82
Veteran
Joined: 04 Jan 2004
Posts: 1855
Location: Netherlands
|
| Posted: Sat Jan 30, 2010 7:15 am Post subject: |
|
|
I totally agree with pappy.
I've used linux exclusively for a long time.
Never bothered with firewalls or iptables.
Run rkhunter from time to time nada.
Then I don't run a server,that's another story of course.
Gerard.
_________________
To install Gentoo I use sysrescuecd.Based on Gentoo,has Firefox to browse Gentoo docs and mc to browse (and edit) files.
The same disk can be used for 32 and 64 bit installs.
You can follow the Handbook verbatim.
http://www.sysresccd.org/Download |
|
| Back to top |
|
|
d2_racing
Moderator
Joined: 25 Apr 2005
Posts: 12849
Location: Ste-Foy,Canada
|
| Posted: Sat Jan 30, 2010 5:45 pm Post subject: |
|
|
In fact, when you don't host any server, the firewall stuff is less needed, because we use at least a little router/firewall like a wrt54g from linksys for example.
_________________
Sysadmin of Funtoo-Québec.org
Wiki
Signature
IRC on Freenode : #funtoo-quebec |
|
| Back to top |
|
|
pappy_mcfae
Watchman
Joined: 27 Dec 2007
Posts: 5518
Location: Dallas
|
|
| Back to top |
|
|
Moriah
Veteran
Joined: 27 Mar 2004
Posts: 1622
Location: Warsaw KY US
|
| Posted: Mon Feb 08, 2010 4:54 am Post subject: |
|
|
I need a seed recomendation for a linux workstation.
This box is headless. It uses vnc for its X display. It is on a KVM for its boot console. It is x86 based, with an Intel(R) Celeron(R) CPU 2.80GHz under the hood. It has a 250 GB IDE drive, and 2 GB of RAM. I am building gentoo-sources linux-2.6.31-gentoo-r6 manually to run it. It will be running LVM2 for both the root filesystem and for swap. I will be using a custom hand made initramfs to boot it. It has a 50 MB /boot partition running ext2; the root filesystem is XFS.
So what's my best choice of seed to get this puppy barking?
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
| Back to top |
|
|
pappy_mcfae
Watchman
Joined: 27 Dec 2007
Posts: 5518
Location: Dallas
|
|
| Back to top |
|
|
Moriah
Veteran
Joined: 27 Mar 2004
Posts: 1622
Location: Warsaw KY US
|
| Posted: Mon Feb 08, 2010 9:02 pm Post subject: |
|
|
So instead of just doing an emerge gentoo-sources, what do I do to get the preferred version?
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
| Back to top |
|
|
pappy_mcfae
Watchman
Joined: 27 Dec 2007
Posts: 5518
Location: Dallas
|
|
| Back to top |
|
|
Moriah
Veteran
Joined: 27 Mar 2004
Posts: 1622
Location: Warsaw KY US
|
| Posted: Mon Feb 08, 2010 9:46 pm Post subject: |
|
|
Since I am already running gentoo-sources 2.6.31-gentoo-r6 in x86_64 mode on my laptop, it might be nice to stay with that version. Give me both the emerge command to fetch the kernel sources, and also the url of the seed I should use. Thanks! 
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
| Back to top |
|
|
pappy_mcfae
Watchman
Joined: 27 Dec 2007
Posts: 5518
Location: Dallas
|
| Posted: Tue Feb 09, 2010 6:16 am Post subject: |
|
|
| Moriah wrote: | | Since I am already running gentoo-sources 2.6.31-gentoo-r6 in x86_64 mode on my laptop, it might be nice to stay with that version. Give me both the emerge command to fetch the kernel sources, and also the url of the seed I should use. Thanks! |
emerge -av =gentoo-sources-2.6.31-r6. Then just pick either the x86 or x86_64 .config for 2.6.31-gentoo-r6. Easy as pi.
BB!
P
_________________
SITE LIST:
Main: http://www.kernel-seeds.org
Mirror: http://kernel-seeds.bloodnoc.org/
Mirror 2: http://kernel-seeds.audiodef.com/
Mirror 3: http://www.elilabs.com/~pappy/ |
|
| Back to top |
|
|
Moriah
Veteran
Joined: 27 Mar 2004
Posts: 1622
Location: Warsaw KY US
|
| Posted: Tue Feb 09, 2010 6:22 am Post subject: |
|
|
Thanks Pappy! I will be using the x86 for this machine, as it is just a Celeron.
I will get right on this tomorow, as I first need to make an image backup of the laptop we have all been working on for the past month. Its really starting to shape up pretty nicely. I want to make sure I can reproduce it if I botch something up in the future -- like trying to get it to hibernate. 
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
| Back to top |
|
|
pappy_mcfae
Watchman
Joined: 27 Dec 2007
Posts: 5518
Location: Dallas
|
| Posted: Tue Feb 09, 2010 8:55 am Post subject: |
|
|
I know what you mean. I've been putting off moving this machine to baselayout-2/openrc. I definitely want a full backup before I do that. When the mood strikes, and I'm not in the middle of working on the kernel seeds site, I'm going to do that. For now, I'll just keep rolling the change over in my head.
I'm doing that, because I want to make sure that the automatic boot time networking script I created can be successfully translated to work with baselayout-2/openrc. As long as I can cajole the network interfaces to change names under baselayout-2/openrc like I can with baselayout-1, things will be cool and groovy. I'm going to try on a different machine before I make the full change. I don't want to go without my automatic networking.
BB!
P
_________________
SITE LIST:
Main: http://www.kernel-seeds.org
Mirror: http://kernel-seeds.bloodnoc.org/
Mirror 2: http://kernel-seeds.audiodef.com/
Mirror 3: http://www.elilabs.com/~pappy/ |
|
| Back to top |
|
|
Moriah
Veteran
Joined: 27 Mar 2004
Posts: 1622
Location: Warsaw KY US
|
| Posted: Tue Feb 09, 2010 3:22 pm Post subject: |
|
|
Yes, playing around with one's gateway can be treading on thin ice for sure. 
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
| Back to top |
|
|
pappy_mcfae
Watchman
Joined: 27 Dec 2007
Posts: 5518
Location: Dallas
|
|
| Back to top |
|
|
Moriah
Veteran
Joined: 27 Mar 2004
Posts: 1622
Location: Warsaw KY US
|
| Posted: Wed Feb 10, 2010 5:28 pm Post subject: |
|
|
Thanks Pappy! Just in time for me to start experimenting with hibernation on my laptop!
BTW I am currently running gentoo-sources 2.6.31-gentoo-r6; is there some easy way to take my current working config and somehow merge it with the seed for that same version of tuxonice? It sure would make the change-over easier.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
| Back to top |
|
|
pappy_mcfae
Watchman
Joined: 27 Dec 2007
Posts: 5518
Location: Dallas
|
|
| Back to top |
|
|
d2_racing
Moderator
Joined: 25 Apr 2005
Posts: 12849
Location: Ste-Foy,Canada
|
| Posted: Thu Feb 11, 2010 3:49 am Post subject: |
|
|
I'm not sure if make oldconfig will handle .config from gentoo-sources versus tuxonice .config.
_________________
Sysadmin of Funtoo-Québec.org
Wiki
Signature
IRC on Freenode : #funtoo-quebec |
|
| Back to top |
|
|
Moriah
Veteran
Joined: 27 Mar 2004
Posts: 1622
Location: Warsaw KY US
|
| Posted: Thu Feb 11, 2010 3:53 am Post subject: |
|
|
That's what I was wondering too. I knew make oldconfig woulod handle updates from one version to the next, but I was a bit leery of trying across families. Pappy says its OK, so that's what I will try -- *AFTER* I make a backup image! 
Sounds like a good project for tomorow; right now I am rebuilding my linux lan workstation; it had an 80 gb ide drive go to that happy home in the sky the other day, so I put a 250 gb in it. Now I'm loading it up from the backup server.
_________________
The MyWord KJV Bible tool is at http://www.elilabs.com/~myword
Foghorn Leghorn is a Warner Bros. cartoon character. |
|
| Back to top |
|
|
pappy_mcfae
Watchman
Joined: 27 Dec 2007
Posts: 5518
Location: Dallas
|
| Posted: Thu Feb 11, 2010 6:15 am Post subject: |
|
|
Sure it will. Tuxonice is as close to vanilla as one can come, believe it or not. While there is a bit more to the gentoo-sources patch set, the areas of crossover between the two should be nil, or as close as you can get to nil.
The worst thing that could happen is that you end up with 4 to 6 section mismatches instead of the normal 1 to 3. As long as you double check to make sure the options you desire are still selected (via make menuconfig or your favorite kernel configuration program) you should have no issues at all.
Blessed be!
Pappy
_________________
SITE LIST:
Main: http://www.kernel-seeds.org
Mirror: http://kernel-seeds.bloodnoc.org/
Mirror 2: http://kernel-seeds.audiodef.com/
Mirror 3: http://www.elilabs.com/~pappy/ |
|
| Back to top |
|
|
pappy_mcfae
Watchman
Joined: 27 Dec 2007
Posts: 5518
Location: Dallas
|
|
| Back to top |
|
|
d2_racing
Moderator
Joined: 25 Apr 2005
Posts: 12849
Location: Ste-Foy,Canada
|
| Posted: Thu Feb 11, 2010 12:51 pm Post subject: |
|
|
So Moriah, give it a try and post the result.
_________________
Sysadmin of Funtoo-Québec.org
Wiki
Signature
IRC on Freenode : #funtoo-quebec |
|
| Back to top |
|
|
|
Unsupported Software
