This is a continuation of the thread about redhat vs centos and the
thought of moving from centos
due to redhats new business model. Forgive the length, but I had to share.
I went ahead and downloaded the 5 year supported version of ubuntu server.
You think centos/redhat is a bit tough or not polished?
One day with ubuntu server and you will look at centos install and setup
as a god!
Where do I begin?
1- you download the iso, burn a cd. But guess what? It is only a small
boot setup (about 600mb).
The install actually sets up your eth port and then SLOWLY downloads a
base set of packages.
Then when you are done with your drive set up, you get to pick a package.
Then it downloads and installs, asking you a few questions as it does.
Then it upgrades itself.
About 40 minutes due to the downloads for me...
2- uses a really lame 1980 DOS version of a text installer. It does not
and will not use a basic vid driver install
which means your setting up of lvms and such during the install is
really fun.
3- I don't know about having a server being forced to connect to the
internet before you can even begin to secure
it up. But the only way to really install it is to do that. Wait til you
see the insecure firewall setup if gave me too..
4- I picked the virtual host package, as the machine will hold guest
OS's (presumably ubuntu).
5- booted up fine.
6- uses upstart and init, mixed up a bit. Upstart, BY DESIGN AND
ACCORDING TO DOCUMENTATION is new and
still being built so they do not want to put any documentation out on it
yet. This makes chkconfig and things like
that useless. Hence, if you want to know what is running, set to run,
etc, you need to dig in multiple folders and
read the scripts. There is no other way. What a horror.
7- The install, of the virtual host, added libvirt. It did not however
install things like virt-install or any other virt software.
Infact, no guest installation tools were added, though things like virsh
were installed. Sigh.
8- The firewall and network do not have the scripts folder. You have to
build your own firewall file and add scripts
to make it over ride the stock one via the eth you want to use it
for....wtf?
9- here is the firewall, for a virtual host, that should not have
anything but port 22 open as far as the initial install
should (at least in my opinion).....Ubuntu starts with this....
(remember, ubuntu forces you to be online to install and this is how it
protects your server)
I was not blocked on a single port going from my desktop to my server
via my router. ALL PORTS were accessible.
This is out of the box. Shell 22 was open from all my computers. Not
listed in the firewall as open.
You can see it is quite different than the centos stock and I think
ubuntu is a 'run away' install.
There is no bridge set up in the network interface files either. There
is no bridge set up.
The firewall is looking at virbr0 but there is no such configuration I
could find in the
etc folder, anywhere.
Very odd.
# Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011
*nat
:PREROUTING ACCEPT [84:12492]
:POSTROUTING ACCEPT [9:626]
:OUTPUT ACCEPT [9:626]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Mon Nov 7 23:35:47 2011
# Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011
*filter
:INPUT ACCEPT [3701:295955]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [793:1276008]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state
RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Mon Nov 7 23:35:47 2011
In closing, it is down to suse or back to centos and just pray redhat
turns around. Maybe scientific linux.
Ubuntu is not ready for prime time and a HUGE step backwards. It is not
cutting edge and very insecure.
So maybe centos, even if a year or two behind, is way better than ubuntu
will ever be.
I took a shot at paid support.
You have to send them a contact mail. I did.
After 3 days sent them another.
2 days later, no response from that one either.
down to suse or back to centos.
One good thing about ubuntu was the bug redhat has for the ati onboard
video is not an issue making
no errors on boot and no long hang time that centos was causing me.
Thank you, very much, for the details (not that I was planning on going to
ubuntu...)
Two things:
<snip>
What's wrong with text mode? I certainly prefer it. Oh, and those menus
came along 2-3 years later.... <g>
<snip>
Yes. Just like the grub ubuntu uses, that is a bloody script, and a .d
directory *full* of files, rather than the clean, simple menu with
RHEL/CentOS.
<snip>
I don't want to have to read scripts to find out how to configure
something, or make it do something. A README, at the very least, should
have that (not "here's the license, go figure out everything else).
wing of the F/OSS movement, presumably in an effort to go head-to-head
with M$ and Apple, are going the same way they are: here's how you do it,
don't try to do it any other way, and we'll make it *REALLY* hard to do it
any other way.
mark
Vreme: 11/10/2011 02:44 PM, Bob Hoffman pi=9Ae:
Since 6.1 is close now, I do not expect delays longer then 6 months, and
since CR repo exists most of the stuff will come to us much quicker.
ElRepo's Mainline kernel (2.6.39-4.rc6.1.el6.elrepo) was completed
yesterday, and should pose no problems with CentOS distro. That can, if
no other option exists help you with kernel/video problems.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
--------------------------------
Vreme: 11/10/2011 02:44 PM, Bob Hoffman pis(e:
/>/ turns around. Maybe scientific linux.
/>/ Ubuntu is not ready for prime time and a HUGE step backwards. It is not
/>/ cutting edge and very insecure.
/>/
/>/ So maybe centos, even if a year or two behind, is way better than ubuntu
/>/ will ever be.
/
Since 6.1 is close now, I do not expect delays longer then 6 months, and
since CR repo exists most of the stuff will come to us much quicker.
ElRepo's Mainline kernel (2.6.39-4.rc6.1.el6.elrepo) was completed
yesterday, and should pose no problems with CentOS distro. That can, if
no other option exists help you with kernel/video problems.
--------------------------------
My only real concern was where red hat was going with this clone war (just a yoda line :) )
I decided to try out some non red hat versions.
I really was excited about ubu and getting somewhat newer packages of things and trying them out.
Turns out my experience is very disappointing with ubu.
It makes centos look light years ahead of them in all ways.
One just wishes redhat had a realistic upgrade of some packages (like php) during the life.
Where is this CR repo listed at? I did not see it on centos.org.
I may just go with it.
Vreme: 11/10/2011 03:36 PM, Bob Hoffman pi=9Ae:
Remi's repository has those, but is 3rd party repo.
http://rpms.famillecollet.com/
http://wiki.centos.org/AdditionalResources/Repositories/CR
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
I want to add my thanks as well--we have a few, non-firewalled, Ubuntu
servers that we're working with--the people who do the stuff these
servers do are more experienced with it, and we left it to them.
Yeah, all kidding aside, I think the whole crippling of the RH text
installer was a step in the wrong direction. A text installer is
smaller, faster, and doesn't suddenly, as has happened to me with
various video card monitor combos, stop working or have the buttons off
the screen and no way to reach them save to tab, enter, and hope you're
on the right one.
Well, Fedora is going to systemd, which seems more designed for
desktop/laptop users, where speed of a boot seems to be the most
important goal, so I suspect RH will get there too.
Enjoy it while you can. (Sorry, not being funny here, everyone is going
to grub2 with its 200 plus files in the /boot/grub2 directory.)
Sorry, but this sounds like RH to me. I came to CentOS from the BSDs,
where if there was a service running, you could type man <name> and get
an idea of what it was doing. My first day on this job, I'd type man
<some extra service that RH thought I should have> and no clue what it
did only to find, eventually, that there was nothing but a document
telling me it's free software in /usr/share/doc. (Granted, this is my
memory speaking, and like an old flame one hasn't seen in many years,
the difference between BSD and RH docs probably aren't as drastic as I
remember, but shucks, complaining is FUN!).
Yes, and I greatly fear that RH will follow Fedora along much of that
path.
--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
Buffy: Look, I know this new guy's a dork,
but... Well, I have nothing to follow that. He's
pretty much just a dork.
you can turn off networking or unplug the cable if you you only want a base install and don't want it to install the latest updates out of the box.
----
ubuntu server is basic (no x) - it's a small footprint install. Most people who do servers prefer this.
As for setting up LVM's and such... it's pretty much the same as any RH... just looks different
----
again, you don't have to connect to the internet to install
----
RHEL v6 (and CentOS 6) use upstart too... life has all sorts of curveballs
----
all sorts of packages for firewall management.
apt-cache search firewall | wc -l
152
why be content with the minimal firewall tool when you actually can have a choice?
----
nothing like chaining lack of understanding to dramatize
----
sure - there's a difference but you're chaining again.
----
It's different - not better, not worse (save for the fact that with Ubuntu I have been able to get timely updates this year). Also, I much prefer their packaging of Apache & BIND9 to Red Hat's.
I personally love their minimal installation CD, from the text based install to the minimal package install, etc. and think that their minimal approach is vastly superior to Red Hat (and all downstream packagers) installer that is slow and bloated. I can typically get a vm spun up with Ubuntu in about 5 mins and it takes much longer to install a CentOS vm.
If your expectation was that you could take your limited knowledge base and apply it equally across all Linux distributions and expect it to behave as a Red Hat derived system, then all other distributions will disappoint you.
Seriously
Craig
I don't entirely disagree, but it didn't make sense to maintain two code
bases. Even with EL5 there were differences in what you could do in text vs
graphical (can't remember the details but there was something missing RAID/LVM
related). If you're doing a one off install either you've normally got
functional network to another computer and so can use VNC, or you've got a
usable graphics setup. It's not *that* often you've not got either. For
non-one offs then you're installing with kickstart so it doesn't really
matter.
upstart/systemd both should both offer more than we're used to. Having a
service marked as 'should be on' such that it gets kicked back into life if it
crashes isn't necessarily a bad thing.
jh
I'd argue that's not entirely true. I've been doing some testing with
Spacewalk and CentOS 6 VMs on VMWare so did quite a lot of installs. 5
minutes was pretty much bang on how long it was taking to do a
boot/partition/install/register to spacewalk with a fairly minimal server
setup across a gigabit network.
jh
Vreme: 11/10/2011 04:30 PM, Scott Robbins pi=9Ae:
systemd will be much much more once it is done.
From http://0pointer.de/blog/projects/systemd.html :
A central part of a system that starts up and maintains services should
be process babysitting: it should watch services. Restart them if they
shut down. If they crash it should collect information about them, and
keep it around for the administrator, and cross-link that information
with what is available from crash dump systems such as abrt, and in
logging systems like syslog or the audit system.
--------------------------------------------------------------------
Status
All the features listed above are already implemented. Right now systemd
can already be used as a drop-in replacement for Upstart and sysvinit
(at least as long as there aren't too many native upstart services yet.
Thankfully most distributions don't carry too many native Upstart
services yet.)
However, testing has been minimal, our version number is currently at an
impressive 0. Expect breakage if you run this in its current state. That
said, overall it should be quite stable and some of us already boot
their normal development systems with systemd (in contrast to VMs only).
YMMV, especially if you try this on distributions we developers don't use.
I just want to say that this is the stupidest conversation I have ever had heard - Screw this I am going back to FreeBSD.
Benjamin Warriner
Technology Specialist
Region 7 Education Service Center
1909 North Longview Street
Kilgore, Texas 75662
Phone: (903) 988-6949
Fax: (903) 988-6965
"Region 7 Education Service Center is committed to student success by providing quality programs and services that meet or exceed our customers' expectations."
CONFIDENTIALITY NOTICE: This email & attached documents may contain confidential information. All information is intended only for the use of the named recipient. If you are not the named recipient, you are not authorized to read, disclose, copy, distribute or take any action in reliance on the information and any action other than immediate delivery to the named recipient is strictly prohibited. If you have received this email in error, do not read the information and please immediately notify sender by telephone to arrange for a return of the original documents. If you are the named recipient you are not authorized to reveal any of this information to any other unauthorized person. If you did not receive all pages listed or if pages are not legible, please immediately notify sender by phone.
[ESC7]< http://www.esc7.net/> >
Please Think Before You Print.
Thank you, yuou made my Friday
Compare systemd to Solaris Service Management Facility. Solaris SMF is a vry nice and useful part of Solaris.
A lot of similarities between systemd and SMF. Solaris is mainly a server S.
http://en.wikipedia.org/wiki/Service_Management_Facility
While this is not the CentOS-advocacy list, I do want to mention that if the tradeoff is between a secure (from a firewall and mandatory access control (MAC) standpoint) system and a system with more timely updates, I think I'd rather have the system that is more secure out of the box on the firewall side, SElinux (the upstream-preferred MAC solution) notwithstanding.
Too much choice can be worse than sane defaults; and I say this after doing many installs of the following distributions of Linux, and some non-Linux *nix:
SLS (go look it up)
Red Hat Linux (pre-Enterprise) and derivatives, including Fedora, CentOS, SL, etc.
SuSE
Caldera OpenServer
TurboLinux
Gentoo Stage 1 (on Alpha, no less)
Debian (multiple toys^H^H^H^Hversions (codename pun), multiple architectures)
Ubuntu/Kubuntu of multiple versions, desktop and server, multiple architectures
And some minor specialized distributions, including the free and the commercial versions of Smoothwall.
OpenBSD, multiple architectures
IRIX (6.5.x, Indigo2, O2, and Octane)
Apollo DomainOS 10
Solaris 9 and 10
Tandy Xenix, both V7 based and System III, from 8 inch floppies on a Tandy 6000
AT&T/Convergent Unix System V Release 2 on 3B1
4.3BSD on a DEC PDP 11/23 (70MB MFM disk.....)
Of the PC things, SLS was probably the most fun to do, but that's primarily because that was so long ago and even Windows 95 was available on floppies.... and it was just so cool to run a *nix on the 386SX box.... the coolness factor has definitely worn off.
So I'm in somewhat of a position to comment on what I want and don't want from an install, be it text or GUI. Regardless of ease of install, I very much want/desire/need something that once the initial no-internet-connection install is complete the box comes up with things pretty well locked down by default. CentOS/SL/upstream EL does this, by default, and that is good, updates or no updates. Updates are no more of a panacea than firewalls are.
If you doubt the speed at which a non-locked-down system can be exploited, take a 1990s vintage copy of, say, RHL 6.2, go ahead and pre-download the last set of updates for that distribution, do the install on a public IP with no firewall appliance in front of you, and see if you can get the updates installed before you're pwned.
This is the world we live in, especially with advanced persistent threats gaining internal network access; firewalling, even on the inside, is no longer optional for a server install. The firewall of course is but one layer in the security of the system; MAC helps immensely, as do proactive NAC/IDS/IPS setups. As the theme song of the USA television series 'Monk' says, it's a jungle out there....
I would generally agree with this (brevity is not your strongest trait)
Craig
But on-topic, hopefully, I would say that there are more similarities between CentOS and Debian Stable than between Ubuntu LTS and CentOS, primarily due to the way security and version upgrades are handled in terms of process, but that's my opinion because my use cases are better served by the CentOS way of doing things, at least for now.
And I would add Scientific Linux to the comparison mix partially due to the difference from CentOS in the way SL handles security-only updates even for older point releases. To see a very clear example of SL's way of doing it, please look at the timestamps of the packages in:
ftp://ftp.scientificlinux.org/linux/scientific/50/x86_64/upd[..]
which is the security updates directory for SL 5.0. Yes, .0, not .7.
There is no perfect Linux distribution, and there never can be, since there are so many differences in the ways users want to use their systems.
----------------------------
If you doubt the speed at which a non-locked-down system can be exploited, take a 1990s vintage copy of
, say, RHL 6.2, go ahead and pre-download the last set of updates for that distribution, do the install
on a public IP with no firewall appliance in front of you, and see if you can get the updates
installed before you're pwned.
------------------------------
Completely agree.
I noticed upon a new datacenter install with new ips a large number of
very strange traffic hits my firewall
logs are full of it.
I feel, and I could be wrong, that scripts run that just check ips that
usually never answer.
Then one day the ip answers. The script knows it is probably a new
install and they send it all
at once.
Ubu and centos, different animals. However, the ubu server is touted as
an enterprise ready system
with commercial support. I found the initial install lacking in that
regards and the commercial support
sales never answered my mails.
I think ubu is all about the desktop and really getting into the cloud.
But for a standalone webserver
the initial setup is not ready for prime time.
I think a company with some good techs can build a nice system that can
then be passed along to their servers.
However, for the small operator I would take a pass on ubu at this time.
The newer stuff is cool, but it lacks the polish of a ready to go
system. Centos has the polish, but lacks the new stuff.
sigh.
And right there is the core (or maybe it's 'sore') point to all of this; it really depends on what you need and how much work you have to do to make it fit your needs. And then keeping up with your needs, as they inevitably change.
CentOS is what it is: as close as possible to upstream EL without being upstream EL. Nothing more, nothing less, and bug-for-bug compatible. If that's not what you need, then CentOS won't meet your need.
Yes, but that 'possible' part is the problem. How much reason do you
have to think that it will continue to be possible to be anywhere
close to upstream?
--
Les Mikesell
lesmikesell*******
| This is a continuation of the thread about redhat vs centos and the
| thought of moving from centos
| due to redhats new business model. Forgive the length, but I had to
| share.
|
| I went ahead and downloaded the 5 year supported version of ubuntu
| server.
| You think centos/redhat is a bit tough or not polished?
| One day with ubuntu server and you will look at centos install and
| setup
| as a god!
Let me start out by saying that I totally agree with you here. Ubiquity is a really crappy installer! I've fought with it for many years. However, like RHEL/CentOS you can use kickstart to install the machine. It's called kickseed in Ubuntu/Debian and maps a subset of the Kickstart features to the debian-installer equivalent.
| Where do I begin?
|
| 1- you download the iso, burn a cd. But guess what? It is only a small
| boot setup (about 600mb).
| The install actually sets up your eth port and then SLOWLY downloads a
| base set of packages.
This, like the RHEL/CentOS installer can be changed if you are using kickstart. If you are are installing from CD it will install packages *that have not been updated* from the CD. However, the installer does check security.ubuntu.com and downloads updates during installation for those packages. This would be the equivalent to including the updates and CR repos during a kickstart.
| Then when you are done with your drive set up, you get to pick a
| package.
| Then it downloads and installs, asking you a few questions as it does.
| Then it upgrades itself.
| About 40 minutes due to the downloads for me...
See above statement. If you are kickstarting, it's no big deal.
| 2- uses a really lame 1980 DOS version of a text installer. It does
| not
| and will not use a basic vid driver install
| which means your setting up of lvms and such during the install is
| really fun.
Then you downloaded the alternative, netboot or server installer. The desktop installer is fully graphical, however, is lacking many features such as LVM and RAID support selections. This is *entirely* different than Anaconda which actually works the same whether using the text, VNC or standard graphical install.
| 3- I don't know about having a server being forced to connect to the
| internet before you can even begin to secure
| it up. But the only way to really install it is to do that. Wait til
| you
| see the insecure firewall setup if gave me too..
And during installation of RHEL/CentOS how to do secure the box before installing? How about applying updates before putting it in production? Let's be fair here.
| 4- I picked the virtual host package, as the machine will hold guest
| OS's (presumably ubuntu).
Would be covered by a kickstart and a virtual host package is the equivalent to the package group in RH speak
| 5- booted up fine.
|
| 6- uses upstart and init, mixed up a bit. Upstart, BY DESIGN AND
| ACCORDING TO DOCUMENTATION is new and
| still being built so they do not want to put any documentation out on
| it
| yet. This makes chkconfig and things like
| that useless. Hence, if you want to know what is running, set to run,
| etc, you need to dig in multiple folders and
| read the scripts. There is no other way. What a horror.
You are arguing that something is misunderstood by you and thereby horrific. As a person who manages several UNIX & UNIX-like operating systems, I would agree that it is "horrific" to have to understand the differences about how to enable / disable services on each platform.
| 7- The install, of the virtual host, added libvirt. It did not however
| install things like virt-install or any other virt software.
| Infact, no guest installation tools were added, though things like
| virsh
| were installed. Sigh.
That is correct, those packages are provided as "extra" tools. They are not needed for virtualization to work.
|
| 8- The firewall and network do not have the scripts folder. You have
| to
| build your own firewall file and add scripts
| to make it over ride the stock one via the eth you want to use it
| for....wtf?
Is it that you don't understand where they are or that it's just not possible? There's a difference. Yeah, on RH there is an /etc/sysconfig/network-scripts. On Debian/Ubuntu there is a /etc/network/interfaces file that controls all. What's wrong with that. Personally, I can think of lots of things, but it's my opinion. I'm trying to show that you are making assumptions about how this "should" be compared to how things are before learning the "why" things are the way they are.
| 9- here is the firewall, for a virtual host, that should not have
| anything but port 22 open as far as the initial install
| should (at least in my opinion).....Ubuntu starts with this....
| (remember, ubuntu forces you to be online to install and this is how
| it
| protects your server)
|
| I was not blocked on a single port going from my desktop to my server
| via my router. ALL PORTS were accessible.
| This is out of the box. Shell 22 was open from all my computers. Not
| listed in the firewall as open.
| You can see it is quite different than the centos stock and I think
| ubuntu is a 'run away' install.
It is? SSH is open in all stock installs.
| There is no bridge set up in the network interface files either. There
| is no bridge set up.
Yes, but you installed the virtualization package group which set this up for you. The fact that it isn't there is irrelevant. If you added it you would be protected.
| The firewall is looking at virbr0 but there is no such configuration I
| could find in the
| etc folder, anywhere.
| Very odd.
|
| # Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011
| *nat
| :PREROUTING ACCEPT [84:12492]
| :POSTROUTING ACCEPT [9:626]
| :OUTPUT ACCEPT [9:626]
| -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j
| MASQUERADE --to-ports 1024-65535
| -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j
| MASQUERADE --to-ports 1024-65535
| -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
| COMMIT
| # Completed on Mon Nov 7 23:35:47 2011
| # Generated by iptables-save v1.4.4 on Mon Nov 7 23:35:47 2011
| *filter
| :INPUT ACCEPT [3701:295955]
| :FORWARD ACCEPT [0:0]
| :OUTPUT ACCEPT [793:1276008]
| -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
| -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
| -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
| -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
| -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state
| RELATED,ESTABLISHED -j ACCEPT
| -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
| -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
| -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
| -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
| COMMIT
| # Completed on Mon Nov 7 23:35:47 2011
|
|
| In closing, it is down to suse or back to centos and just pray redhat
| turns around. Maybe scientific linux.
| Ubuntu is not ready for prime time and a HUGE step backwards. It is
| not
| cutting edge and very insecure.
|
| So maybe centos, even if a year or two behind, is way better than
| ubuntu
| will ever be.
|
|
| I took a shot at paid support.
| You have to send them a contact mail. I did.
| After 3 days sent them another.
| 2 days later, no response from that one either.
|
| down to suse or back to centos.
|
| One good thing about ubuntu was the bug redhat has for the ati onboard
| video is not an issue making
| no errors on boot and no long hang time that centos was causing me.
I can't believe that I have defended Ubuntu so much in this E-Mail. I don't even like Ubuntu! I used it for years, but only as a personal desktop and from that perspective it was a *really* nice platform to work with. It made installing proprietary drivers and codecs a snap (thereby signing off all my freedoms ;) ), but if you need to deviate from the "Ubuntu way" or do *anything* that is remotely complex Ubuntu falls over dead and this is why I moved away from it.
There was some talk about porting Anaconda to Ubuntu to replace Ubiquity. I'd welcome that and maybe even start to use it in our department, but there are still *way* too many "broken" things that stop me from rolling it out. One of those things just happens to be the insatiable need to just rip out core parts of the system willy-nilly to get the lasted "cool kid" code.
--
James A. Peltier
IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone : 778-782-6573
Fax : 778-782-3045
E-Mail : jpeltier*******
Website : http://www.sfu.ca/itservices
http://blogs.sfu.ca/people/jpeltier
I will do the best I can with the talent I have
<snip>
| Yes. Just like the grub ubuntu uses, that is a bloody script, and a .d
| directory *full* of files, rather than the clean, simple menu with
| RHEL/CentOS.
| <snip>
|
| I don't want to have to read scripts to find out how to configure
| something, or make it do something. A README, at the very least,
| should
| have that (not "here's the license, go figure out everything else).
Fedora 16 moved to GRUB 2 as well. It will be in RHEL/CentOS in the next release. Get used to it. ;)
</snip>
--
James A. Peltier
IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone : 778-782-6573
Fax : 778-782-3045
E-Mail : jpeltier*******
Website : http://www.sfu.ca/itservices
http://blogs.sfu.ca/people/jpeltier
I will do the best I can with the talent I have
It does not. The text-based anaconda installer is crippled and has been
so for many years. You are fully unable to exercise full control of the
install process as you can with the gui version. The problems are well
known and have been for years.
John
--
The men the American public admire most extravagantly are the most daring
liars; the men they detest most violently are those who try to tell them
the truth.
-- H. L. Mencken (1880-1956), journalist, satirist, and freethinker, The
Smart set, Volume 68 (with George Jean Nathan) p 49 (1922)
Grub2 really seems extraordinarily verbose.
One can't help wondering if the simplicity of the old grub
offended the developers.
Simplicity does not seem to be highly valued nowadays.
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College, Dublin 2, Ireland
close?
May 19, 2011 (RH 6.1)
I thought the term 'close' only applied to horseshoes and hand grenades.
Given the track record for CentOS for v 6, it's pretty clear that
installing it means that you are likely to have deployed servers that
will lag for months without security updates and it's awful easy to set
up iptables ;-) I'm not saying this to disparage the developers
because I'm sure that they're doing the best that they can but I can't
tell my friends/clients/employer/etc. that I can recommend using CentOS
knowing the struggles they are having getting out releases & updates.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
When all of you mean to stop wasting our time bickering among yourself?
If there was ANY chance ANY of you would change it's mind then I would
be willing to endure senseless flame war. Since that is not likely to
happen in next 100 years, I ask you nicely to finish this thread with
"we agree to disagree" policy.
Thank you.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
What? Those crap choices like ufw or fwbuilder? Oh, btw, if there really
was 152 blooming choices, they would on the most part be total crap.
I like how you seem to think that stuff like upsd, stone, perdition,
libiax-dev for a small sample are somehow firewall related.
Managing a firewall on Ubuntu is retarded and I have to write my own
scripts to hook into interfaces so that I can a sane set of iptables
rules loaded/unloaded without the mess from ufw/fwbuilder/whateverothercrap.
Why can't people just use daemontools?
It's been available before these I believe :-D
don't know a thing about ufw or fwbuilder but if you want simplistic
firewall rules (ie, RH/Fedora /etc/init.d/iptables) Ubuntu has
iptables-persistent which gets the job done just fine. Of course someone
with your skills would have no problem migrating
RH's /etc/init.d/iptables to Ubuntu (estimated time, 10 minutes).
If you want something heavy duty you could simply 'apt-get install
shorewall'' but I suspect that you just want to be pedantic. The point
that Lamar made - that was that there wasn't any firewall installed by
default at all, which I agreed with.
Now if it's package quantity vs. quality type of discussion that you
want to have... yes, there are some packages that Ubuntu has that don't
interest me in the least but the quantity can be mind boggling. For
example (and in my sphere of interest), Ubuntu has pre-built packages
for netatalk, davical & bacula which I use everywhere and I am building
them from source for RHEL or CentOS deployments. To be fair however, I
did have to build cyrus-imapd from source on Ubuntu whereas Simon's
packages for RHEL/CentOS are terrific.
Then there's the utility of aptitude/apt-get vs. yum where I can deploy
and dynamically manage 'holding' packages on Ubuntu which is simply not
available with an rpm/yum package provider. Yum/rpm is good, apt/dpkg is
better.
Linux is pretty much still Linux and one thing has become obvious since
I started playing around with Ubuntu the last 7 or 8 months... that my
skills have improved by learning how the other half lives. I still love
Red Hat stuff, still use Fedora for my desktop. Some things Ubuntu does
better, some things I much prefer Red Hat methodology. In the end, it's
still Linux.
I just can't embrace installing an OS whose security updates have
consistently lagged 3-6 months behind.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
You've made this point, repeatedly, for the past few months. It's
getting old; we are all well aware of your feelings about this. So
perhaps we can just let it go now? Please?
This thread is an example of what is wrong with this list. There is
little to no value to be had with threads of this nature. This isn't an
advocacy list; nor is it a list to beat about the merits of one of
server distro versus another.
John
--
Mankind is a single body and each nation a part of that body. We must
never say "What does it matter to me if some part of the world is ailing?"
If there is such an illness, we must concern ourselves with it as though we
were having that illness.
Mustafa Kemal Ataturk (1881-1938), founder and first President of the
Republic of Turkey
I have seen shorewall generated rules. Far way too much branching off
and following rule paths is a pain. For small setups, yes, it will do.
But if you need to handle high traffic and therefore optimize the rules,
forget it.
1) Not all packages in the provided repos are Canonical supported. Most
of them are actually third-party aka 'community' maintained or
unmaintained even and 2) You can get a similar if lesser experience with
regards to quantity if you also add third-party repos on RHEL/Centos.
Just because you don't get third-party packages available without a bit
of tinkering is not that much of a plus for Ubuntu.
I can play that game too. apt/dpkg is good but yum/rpm is better because
it gives me 1) checksums and 2) multi-arch support.
joke. I only happen to have one Ubuntu Hardy server because I did not
have a Centos disk at hand when I had to do an emergency installation of
a box to take over the predecessor's read RH9 squid/nat box. I have no
qualms learning the ropes of another distro but the Ubuntu distro takes
the cake for faking a community and having tools that are way behind
those available with RHEL/Centos. Does d-i support/have lvm on raid
recipes yet?
"If timely updates are not a key factor for you, then WBEL is a great
distro. If timely updates are the most important thing you consider
about the distro you want, then WBEL might not be a fit for you"
http://beau.org/pipermail/whitebox-users/2004-December/00476[..]
I'm not advocating for any distribution - I am sure I could probably
work with any of them.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
yeah - community... see SADFL
http://www.ubuntu.com/project/about-ubuntu/governance
;-)
I don't know what you mean by 'd-1'
Seems you can do pretty much anything with their version of kickstart
(apparently they have incorporated anaconda now but I haven't ever used
it) and they also have preseed and I am using puppet and foreman so I
have other methodologies.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Then please leave -- your sustained venom and bile are not
needed, wanted, nor useful here, let alone remotely on topic
-- Russ herrold
what venom? what bile?
For the record, I wasn't the one who brought up Ubuntu
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
d-i = debian-installer which is what Ubuntu uses for its text installer.
Oh, things have improved have they? Last I tried, you could not get d-i
to do lvm on raid whether on the console or through preseed. Are you
telling me that you can now get that done with ks files when you could
not with preseed or manually?
Please take this elsewhere -- it has nothing to do with centos
-- Russ herrold
nor did I mention non-centos distributions --- take your cruft
elsewhere ... this thread is over
-- Russ herrold
Just to throw out the background on the thread...
It was started questioning whether redhat is going to actively try and
make it harder over time to
clone it, thus making any derivatives of it untenable.
I tried ubuntu and that is what this sub thread is about.
I tried ubuntu from the standpoint of a non-developer, non-it-worker,
hobbyist web site owner
putting together a stand alone webserver.
Ubuntu vs centos in this regard goes fully to centos. Having to get a
degree in grub, iptable scripts,
etc just to do a out of the box install of a virtual host is rather much
in that regard.
Centos had a much easier and somewhat more intuitive installer and
installed a firewall
that limited input to a bridged device and port 22.
Ubuntu opened the virtual host to the entire lan, all ports, and added
forwarding to non existent
virtual bridge that had not been built yet.
Ubu had forced me during the install to download packages and get on the
net. Centos did not.
From what I now understand of debian derived ubuntu is they are quite
an excellent desktop system
and are working on an interesting cloud infrastructure.
I understand now that ubuntu command line stuff (non desktop) is for
someone with much more knowledge
of linux and all its programs than a person using centos would need to know.
In that regard, not coming from a bank of servers and knowledgeable
university background, ubuntu
is a massive learning curve far beyond the pre-set-up nature of centos.
I did want the ability to get newer programs in regards to web stuff
like php. I may try to install some ubu
as web servers, but not as the virtual host. It seems to require too
much time and knowledge to properly secure it.
With centos I can lock the virtual host down and access solely through
the ipmi interface
ensuring that as the only fail point. Right out of the box. Easily. I
like the security and ease of it.
As a virtual host, I found ubu install tedious, slow, and demanding way
too much knowledge and skill
to just simply start adding guests and go. Ubu virtual host is
definitely requires much more configuration
skills than centos. Something I do not feeling like having to learn when
centos comes with it set to go.
If you are from a university background or have worked with many types
of linux for a long time, then
maybe it is simple for you to take a few minutes out and configure the
scripts for network, iptables, secure
the box, check all the pre-installed stuff. But for me it would take
much longer and I would never know what I missed.
This is just no longer true Craig ... you obviously have not been
looking at or using the CR for CentOS-6.
We have also now totally automated many parts of the QA system to test
packages.
http://wiki.centos.org/QaWiki/AutomatedTests/WritingTests/t_[..]
Also, I would like an audit of your servers that you manage to see how
often you install those security updates that ARE available. How fast
are you pushing all the updates that you are getting SO QUICKLY with
these other OS's?
I can only tell you that we are cranking out packages at a very quick
pace now, and that they are also now being tested much better and much
faster than before.
We are also asking for "the community" to help us be designing tests
that can be used in t_functional ... have YOU designed any tests to
ensure that a problem that you have had in the past does not sneak in
anymore and put it in t_functional ... or are you just here to
continually complain and run down our OS?
+10
--
Stephen Clark
*NetWolves*
Sr. Software Engineer III
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark*******
grub2 has more utility (ie can boot of the newer fs types like ext4) and
thus was inevitable.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
grub in EL6 can boot of ext4, and that's grub-0.97-68.el6.x86_64.
jh
so tell me why i do not need GRUB2 for this more than a year?
2.6.40.8-4.fc15.x86_64 #1 SMP Tue Nov 1 18:17:12 UTC 2011
/dev/md1 ext4 29G 8,0G 21G 28% /
/dev/md0 ext4 485M 52M 429M 11% /boot
/dev/md2 ext4 3,6T 602G 3,0T 17% /mnt/data
Presumably because ext4 is backwards compatible to ext3 grub didn't even
notice the change...
Ubuntu's pages list a number of improvements. I guess I'm not overly bothered
about themes and the like, but maybe it does *something* I want. I remember
the resistence to GRUB when we were all using LILO.
GRUB 2's major improvements over the original GRUB include:
Scripting support including conditional statements and functions
Dynamic module loading
Rescue mode
Custom Menus
Themes
Graphical boot menu support and improved splash capability
Boot LiveCD ISO images directly from hard drive
New configuration file structure
Non-x86 platform support (such as PowerPC)
Universal support for UUIDs (not just Ubuntu)
jh
correct, not from lack of desire though.
I was dying to try out FreeIPA but the target is continually moving.
Even at the point where I can install 6.1 FreeIPA is whole on 6.2
----
I'm not sure why you decided to go here when Russ made it so clear that
this was off-topic so I will defer an answer
----
If that's how you see it - then so be it. I would suppose it would be
unnecessary to re-quote your own thoughts on timeliness of security
updates on another list but certainly relevant. I don't see myself
'running down' CentOS at all but noting that installing CentOS 6.0 on a
public facing server requires a leap of faith that I don't currently
have. Perhaps it is useful that not everyone is patiently waiting for
releases, updates and parroting 'good job' when it is 6+ months behind
upstream.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
IT IS NOT BACKWARD-COMPATIBLE
try to mount native ext4 (extent) with ext3-driver and you will see it
native ext4 is default for /boot since a long time
https://bugzilla.redhat.com/show_bug.cgi?id=486284
tune2fs 1.41.14 (22-Dec-2010)
Filesystem volume name: boot
Last mounted on: /boot
Filesystem UUID: 1de836e4-e97c-43ee-b65c-400b0c29d3aa
Filesystem magic number: 0xEF53
Filesystem revision #: 1 (dynamic)
Filesystem features: has_journal ext_attr resize_inode dir_index filetype needs_recovery extent flex_bg
sparse_super huge_file uninit_bg dir_nlink extra_isize
Filesystem flags: signed_directory_hash
Default mount options: user_xattr acl
Filesystem state: clean
Errors behavior: Continue
Filesystem OS type: Linux
Inode count: 128016
Block count: 511988
Reserved block count: 4096
Free blocks: 443096
Free inodes: 127933
First block: 1
Block size: 1024
Fragment size: 1024
Reserved GDT blocks: 256
Blocks per group: 8192
Fragments per group: 8192
Inodes per group: 2032
Inode blocks per group: 254
Flex block group size: 16
Filesystem created: Wed Jun 8 13:10:48 2011
Last mount time: Fri Nov 11 13:34:40 2011
Last write time: Fri Nov 11 13:34:40 2011
Mount count: 20
Maximum mount count: -1
Last checked: Tue Oct 25 18:28:00 2011
Check interval: 2592000 (1 month)
Next check after: Thu Nov 24 17:28:00 2011
Reserved blocks uid: 0 (user root)
Reserved blocks gid: 0 (group root)
First inode: 11
Inode size: 128
Journal inode: 8
Default directory hash: half_md4
Directory Hash Seed: 7c5447a5-c4ae-483f-ac58-786ad0ecd86c
Journal backup: inode blocks
This is simply false for Ubuntu Server. After first install, there is
simply no single port opened, even 22, you need to install openssh for
that. So there is no need for a firewall with the basic install.
It is this philosophy that is not unsderstood by RHEL.CentOS users. You
don't need a firewall when there are no ports opened.
The first release was even delayed because it remained one open port !
Meanwhile, you can access the Internet (it does not open ports on the
external), and update your machine.
I am using Ubuntu Server for VMs, and I like this behavior. It is very
light, and a fast installation. Then I install and open only the
required services and ports, and control the ports that can reached from
Internet with a site firewall.
Alain
* Diatribe on Ubuntu removed *
Seriously. This is _not_ the list for this. Readers should not have to
wade through the morass of this thread or even spend the second or so
required to thread kill it. It's off-topic. This is not an advocacy
list to debate merits of one distro over another. If you like Ubuntu,
fine - we don't need to know about it. If you don't like CentOS, fine,
this list, however, isn't the venue to rattle on about it.
If you are unhappy with CentOS then you need to think that perhaps you
should be using something else. And if you _are_ using something else
why bother taking up my time and that of the thousands of other list
members complaining about CentOS or expressing your various displeasures
here?
So I ask you, and all the others, to _please_ consider that the _vast_
majority of active readers of this list don't care one way or another
about opinions of CentOS vs Ubuntu or hearing, yet again, about your
displeasure with whatever is irritating you today about CentOS.
Thank you.
John
--
Sued for what? I can see it now:
If you win, you get a hug from Stallman.
If you lose you get 2 hugs.
-- geekoid (135745) <dadinportland*******>, Slashdot, in reference to
claims that Emacs violated the GPL.
As will I.
Timeliness of updates are important ... but so is the timeliness of
criticism. We have taken steps to make this process much faster ...
your comments are about the process as it existed 6+ months ago, not the
one that exists now.
My criticism was about the upstream release practices of upstream as the
existed THEN, not as they exist NOW. But, John Morris' reply then is
... so the people who wanted faster updates moved. We did not continue
to SPAM his list for years asking him to change. When it was clear
there would be no change, we moved on ... (HINT)
It is NOT 6+ months behind upstream ... that is the point of CR. If you
are using CR, you are not 6+ months behind.
There were RPMs released into CR 2 weeks ago. There are 2192 "6.1 RPMs"
released in the x86_64 CR repo right now. They were released in 8
different batches over the last month.
So, thanks for your input ... now, please sync that input with reality.
We have DONE many things to make the process better for 6.x, but you
are not acknowledging any of them.
We created a QA feedback mechanism.
http://qaweb.dev.centos.org/qa/dashboard
We created a CR repo.
http://wiki.centos.org/AdditionalResources/Repositories/CR
We created a public testing mechanism to help us get packages out faster
and asked for community input:
http://wiki.centos.org/QaWiki/AutomatedTests/WritingTests/t_[..]
This thread and others like it are not about people not 'liking'
CentOS all of a sudden and everyone know that. It is about what the
people who expected a reasonably current CentOS to be available may be
forced to use instead.
We are pretty much all in the same boat here. If someone can
authoritatively say that CentOS will never be more than a few weeks
(even months, whatever...) behind upstream, then such discussion will
end of its own accord. Otherwise everyone needs a plan B.
Sorry, but I don't believe that there is any such vast majority that
isn't concerned about the situation.
--
Les Mikesell
lesmikesell*******
What is older than that now if you look at 6.x CR? The only thing
lagging right now is the building of new install media. But if you
install 6.0 and use CR, you are in good shape. There are even updates
in there that are newer than 6.1 (it also contains the updates TO 6.1).
I can never say how long it will take to build something that we have
not built yet ... if we have to redesign a system from scratch, it will
take time. You are correct, if CentOS does not work for you then move
on. Move on to a new OS and move on to a new list.
This list is for the community to use to get and provide support for
CentOS ... not for constant bellyaching and non stop whining. This list
has become non usable because of the trash that it has become.
Starting today, I will be banning people from posting on this list.
My bad. I thought you could mount it ro with the old driver, but I'm
definitely wrong.
jh
Are you deploying 6.x yourself yet in public facing sites - at least
ones not prepared to by RHEL licenses? Unless I missed something,
your last advice posted here was to stick to 5.x. What's the
official support position on that today?
--
Les Mikesell
lesmikesell*******
There is no official position. I personally use 5.x for almost
everything because there are still more than 2.5 years of support for
5.x, 5.x is very stable, and 6.x is still very new. However, just from
a "security perspective" either 5.x or 6.x is fine now if you are using
CR. There are 2182 "6.1" or newer RPMS in the x86_64 CR repo right now.
I certainly use 6.x on my workstation machines ... admittedly they are
not normally directly Internet facing.
I do recommend that people give weight to security and consider buying
RHEL licenses for critical machines, but there are millions of satisfied
CentOS users.
I know several Universities that have deployed 6.x or are going to do so
in the next couple of months.
I know that Dell is using CentOS for deploying application appliances,
Facebook is using CentOS, cPanel uses CentOS in a huge percentage of
their deployments, 8 of the top 500 super computers in the world are
CentOS, and that CentOS is still the most used version of Linux on the
internet:
http://w3techs.com/technologies/details/os-linux/all/all
I would also like to point out that the cPanel, Plesk and OpenVZ
deployments of CentOS (about 1/2 of the total deployed CentOS web
servers on the Internet) do not even show up as "CentOS" ... they show
up as "unknown Unix" on that survey.
---------------------------
/>/ forwarding to non existent
/>/ virtual bridge that had not been built yet.
/
This is simply false for Ubuntu Server. After first install, there is
simply no single port opened, even 22, you need to install openssh for
that. So there is no need for a firewall with the basic install.
It is this philosophy that is not unsderstood by RHEL.CentOS users. You
don't need a firewall when there are no ports opened.
The first release was even delayed because it remained one open port !
Meanwhile, you can access the Internet (it does not open ports on the
external), and update your machine.
I am using Ubuntu Server for VMs, and I like this behavior. It is very
light, and a fast installation. Then I install and open only the
required services and ports, and control the ports that can reached from
Internet with a site firewall.
Alain
-------------------------
Well, I did the stock install as a virtual guest and was able to use port 2 to shell right into it
even though that port was not specifically listed as opened in the firewal I posted.
I was able to see all other ports open too.
I just assumed it was setting up a lan/masquerade for my whole network as art
of the dhcp. It was enough for me to uninstall it as a virtual host as it as beyond my skill
to understand a proper response to an open firewall.
Vreme: 11/11/2011 03:16 PM, Johnny Hughes pi=9Ae:
You should post this also as a separate thread since a lot of people
avoids reading that thread.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
Hi,
Sorry about the top-posting, I'm replying from my blackberry.
I've been following this thread for a while and really don't see why peopl respond so rabidly to criticism. If something bothers/bores me about a thead I just Ignore the thread/user. If no one is interested the thread diesout on its own. However, let if someone has something to say let them. Thepeople who reply/comment *want* to talk about it. No one forces anyone to read* the thread. Just ignore it. It's that simple. Going as far as threatning to ban a user for commenting negatively or positively or. even "off-tpic" (this is relative, e.g., I found the discussion on the strengths & weknesses of ubuntu/centos/redhat el interesting & in some cases informativeas the various issues were debated). I would think that there's nothing wrng with allowing people the freedom to discuss centos-related stuff on thecentos list. As I mentioned earlier it's as simple as ignoring a thread ifdon't like it. There's no need to flame, ban or go on a rant just because omeone says something you don't like about your favourite OS has been attaked.
For the record I *like* centos & am in the process of replacing some of myfedora & ubuntu server installations *with* centos.
Phil
-------
The code that is hardest to debug is the code that you know cannot possibl be wrong
Hi,
Sorry about the top-posting, I'm replying from my blackberry.
I've been following this thread for a while and really don't see why peopl respond so rabidly to criticism. If something bothers/bores me about a thead I just Ignore the thread/user. If no one is interested the thread diesout on its own. However, let if someone has something to say let them. Thepeople who reply/comment *want* to talk about it. No one forces anyone to read* the thread. Just ignore it. It's that simple. Going as far as threatning to ban a user for commenting negatively or positively or. even "off-tpic" (this is relative, e.g., I found the discussion on the strengths & weknesses of ubuntu/centos/redhat el interesting & in some cases informativeas the various issues were debated). I would think that there's nothing wrng with allowing people the freedom to discuss centos-related stuff on thecentos list. As I mentioned earlier it's as simple as ignoring a thread ifdon't like it. There's no need to flame, ban or go on a rant just because omeone says something you don't like about your favourite OS has been attaked.
For the record I *like* centos & am in the process of replacing some of myfedora & ubuntu server installations *with* centos.
Phil
-------
The code that is hardest to debug is the code that you know cannot possibl be wrong
I'm assuming your refering to ubuntu 10.04 LTS. Like every distribution
it's got it's quirks. I routinely use both CentOS/Redhat and Ubuntu for
different purposes. Both distributions have things that I like and
things that I don't like so much. If you've been running Ubuntu or
other debian based distribution, you could install CentOS/Redhat and
spend quite a bit of time becoming familiar with Redhat. My responses
in this message are NOT meant to be an attack on redhat CentOS, but
simply to share some of my experiences with Ubuntu.
The package management tools in Ubuntu/Debian are small and fast. I've
come to like them, though I fought with them at first. I like their
handling of dependencies. The package repositories for Ubuntu/Debian
are huge. I've rarely had to go outside of the Ubuntu repositories
looking for software that I needed to run. I've spent much more time
compiling software and messing with outside repositories for CentOS. My
understanding is that Linux in general is moving towards a common
package management and package format that will be shared by most linux
distributions.
I believe the standard desktop uses Ubuntu's own installer. The Ubuntu
server and the 'alternative' distribution use the debian installer. I
fought with it at first, but it is much more flexible than the redhat
installer. You can build arbitrary LVM/raid configurations with it and
you can also go into the shell from the installer and customize things
that you can't with the redhat installer.
I've not experienced any distribution to provide a great default
firewall setup. What I do notice about Ubuntu server is there are very
few services running in the default install, so if you probe a newly
installed machine, it's not very vulnerable. I usually run new installs
behind my Internet firewall anyway. I like doing a basic install and
then adding the services that I want to enable, rather then a server
install that comes up with dozens of services that you may not need and
you have to turn them all off to secure the machine.
I do like CentOS/Redhat 6 better as a virtualization server. Thing to
realize here is that Redhat is leading the development effort for KVM,
libvirt etc, so Ubuntu's code lags behind redhat. For the current
stable Ubuntu 10.04 LTS release Ubuntu lags behind redhat 6 and since
10.04 LTS is a stable release it doesn't just get arbitrary updates
unless they are security fixes.
One thing I like about Ubuntu/debian is the /etc/network/interfaces file
over /etc/sysconfig/network-scripts /etc/sysconfig/network.
Redhat 6 uses a similar hybrid mess between the old startup format and
upstart. Like many things in Linux, finding good documentation is not
always easy, but it can be found. It takes a bit of time to master
upstart, but it does let you create dependancies in the startup process
which is nicer than having to add sleep commands and doing other things
to muck with daemons that have dependancy on other services. Upstart is
going to be replaced in future Redhat releases.
http://bazaar.launchpad.net/~upstart-documenters/upstart-coo[..]
< http://bazaar.launchpad.net/%7Eupstart-documenters/upstart-c[..] >
I do find apparmor a whole lot easier to master than selinux.
apt-get install virtinst
Just another flavor of linux. There are various packages that can be
installed to do this for you. ufw is one of them. I prefer to use my
own scripts though.
That I'm sorry to hear. I've never tried their paid support. They are
pretty quick at providing security updates though.
Nataraj
Vreme: 11/12/2011 07:46 AM, Errol Mangwiro pi¨e:
omething you don't like about your favourite OS has been attacked.
Hi Errol.
It is not about freedom of speech. We passed that threshold months ago.
Note that complaining and warning have only started after 10 days of
non-stop discussion and almost *90* messages! I found discussion
interesting, but *up to a point*.
It stopped being interesting only after *repeated* statements. And this
argument goes back several months back in various threads. Also, those
"Ubuntu is better" statements are mostly written by same 5-8 people,
over and over again, always saying the same thing. *That* is what is
tiresome.
There are countless mailing list and forums available and open for "beat
a dead horse" games. All some of us asked is that they do not play those
loud games in front of *our* bedroom windows.
I hope this clears it up a little.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
Last time I tried, you could not do lvm on raid and it was acknowledged
as such on the ubuntu-installer/ubuntu-devel-discuss list. Arbitrary
lvm/raid and lvm on raid has been possible on anaconda for quite a while.
but in reality, they were all solutions that drive you insane.
Redhat/Centos = service iptables save. End of story.
Sometimes stuff don't get updates at all. Even when working patches have
been provided. Maybe only some Canonical maintained packages get backports.
I must say that that is one thing among others nice in Debian. Just like
runparts is from Debian.
Using your own scripts is the only sane way to do things...ufw,
fwbuilder, even shorewall are just either inadequate, inflexible or way
too complicated to trace/optimize things.
Not to necessarily feed this thread ... but the last 2 posts have been
sane and relevant (as much as this topic can be).
I used to use Debian as my distribution of choice before RHEL came out
and I was on the staff at:
http://www.linuxhelp.net/
There is nothing inherently WRONG with Debian and/or Ubuntu. They are
just different. If I had to choose between the two to use as a stable
server, I would pick Debian ... but both can be good distros.
However, if you are Fedora, RHEL, CentOS only with respect to what you
have managed in the past, then there is a learning curve to get
proficient at doing Debian/Ubuntu.
I agree with this too.
This is one thing I have noticed as well. They do not NECESSARILY
backport all security (or otherwise) updates.
I like the Red Hat way now ... but that is because it is what I know
now, not because it is necessarily better or worse.
Agreed.
======================================================================
The bottom line is this. Debian is a solid Linux distribution and it
can be used to do anything you want to do. Ubuntu is also a solid Linux
distribution. They are both quite good. If either of them work better
for "YOU" (meaning a generic you and not specifically anyone in this
thread) then by all means use them.
Fedora is also a solid (and cutting edge) distribution ... test it and
use it if it meets "YOUR" requirements.
Scientific Linux is a very good distribution. If "YOU" like it, use it.
If I was not using CentOS, I would be using Scientific Linux.
Heck ... some people even like SUSE.
We provide CentOS for people who want to use it ... for people who don't
want too ... GREAT ... use what you want to use.
keep the discussion sane and somewhat on topic to the purpose of the
list ... which, in case someone may not know .. is this:
"This is a General discussion list for all issues CentOS. Security
updates are currently announced on this list once daily."
the discussion of which distribution is better is a fool's game - much
like KDE vs. GNOME or vi vs. emacs. There's only what you know, how you
can adapt what you know and how well you can make it work for you and
how much time you are willing to give to learning something new.
Craig
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Vreme: 11/12/2011 03:08 PM, Christopher Chan pi=9Ae:
I use shorewall for several years now. It is very flexible and
manageable system. Especially if you use Webmin to manage it as I do. It
is then fairly ease to setup even complicated stuff like multiple
outgoing interfaces based on the rules. There are also templates most used.
Shorewall is also able to configure "tc" or bandwidth control.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
Grub (version 1) from CentOS 6 has apparently been patched to be able to
handle ext4. There's no doubt that Grub 1 by itself can't boot an ext4
file system.
There's a little more information in my How-To in progress at:
http://wiki.centos.org/YvesBellefeuille/Grub_Installation
--
Yves Bellefeuille <yan*******>
"La Esperanta Civito ne rifuzas anticipe la kunlaboron de erarintoj, se
ili konscias pri sia eraro." -- Heroldo Komunikas, n-ro 473.
Patched or not, Grub 1 has been successfully booting my F14 machine from an
ext4 partition for a full year now, since I first installed F14.
Ability to boot from ext4 is certainly *not* the reason for moving to Grub 2,
one way or the other.
HTH, :-)
Marko
If I may expound a tad, and I will endeavor to keep this brief, it goes one step farther than this. It becomes a balance of "how much time and effort will it take to adapt what you know to your task?" against "how steep is the learning curve for something you aren't proficient in, but is already known to do your desired task?" And sometimes, if not most of the time, it's a three-way balance with "what is the cost, monetary or otherwise, to get someone else to do it?"
As an example, I have four relatively nice SGI Altix IA64 systems here. I would prefer to run CentOS on them, since I can't afford RHEL for them, nor is RHEL 6 available for them. I have the knowledge to rebuild EL6 on the boxes, but I honestly don't have the time to work through all the details, even though the geek packager in me desperately wants to try. The latest Debian Stable works quite well on the boxen, but my knowledge of Debian is somewhat limited. So, I have a three-way balance between:
1.) Pay the cost of RHEL, with the knowledge that RHEL 5 is the last for IA64;
2.) Maintain my own private or semiprivate rebuild for IA64 of EL 6;
3.) Install Debian and get the boxen doing something (and potentially generating revenue), and climb yet another learning curve.
I chose 3 at the moment. It was not an easy choice.
Tried Bastille Linux? It's not a distro, but a set of hardening scripts,
and is highly thought of, including by me.
mark
It that's what they have on my Ubuntu netbook remix on my netbook, it is
ludicrously complex, and there's no reason that one more parm wouldn't
work in normal grub.
mark, "yeah, Grand Unified Boot Loader...."
Can someone fill me in on this new business model? Is there a thread
here on the list about it already?
--
“Don't eat anything you've ever seen advertised on TV”
- Michael Pollan, author of "In Defense of Food"
Vreme: 11/14/2011 09:34 PM, Alan McKay pi=9Ae:
There are at least 10-20 posts writing about it.
Use this link to Mailing list Archive:
http://lists.centos.org/pipermail/centos/
And search for it. I hope nobody will start at it again, but AFTER you
read the Archives and have *specific* questions feel free to ask.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
OK, I"ll do some googling. I have the last several years of this list
in my gmail so away I go ...
--
“Don't eat anything you've ever seen advertised on TV”
- Michael Pollan, author of "In Defense of Food"
Vreme: 11/14/2011 11:18 PM, Alan McKay pi=9Ae:
Topic is in several threads and part of threads in this mailing list in
last 1(-2) months. With details about impact on CentOS. But it is too
spread out for providing links and you would miss possible info.
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
Don't expect much useful information, though... As I recall it was
someone mentioning a problem with no details and assorted rants about
off topic postings.
--
Les Mikesell
lesmikesell*******
it's close to 200 replies. I'm new to centos so i had plenty of
emails to read;-)
http://lists.centos.org/pipermail/centos/2011-November/subje[..]
Which thread is it, I poked around but have not found it.
What is the subject?
--
“Don't eat anything you've ever seen advertised on TV”
- Michael Pollan, author of "In Defense of Food"
scroll all the way down until you come to the first "redhat vs
centos" email:
http://lists.centos.org/pipermail/centos/2011-November/subje[..]
I think this was the first:
http://lists.centos.org/pipermail/centos/2011-November/11923[..]
Vreme: 11/15/2011 02:39 AM, Edward Martinez pi=9Ae:
That thread is only ~100 mails strong. But there are (I think) more
important posts in 'What happened to 6.1" thread (also ~100 mails strong).
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
Related Topics
Post a Comment
