[Gllug] Recommended distro

Nix nix at esperi.org.uk
Mon Dec 13 00:11:01 UTC 2004


On Sun, 12 Dec 2004, Jan Kokoska uttered the following:
> On Sun, 2004-12-12 at 16:04 +0000, Nelson Menezes wrote:
> 
>> I agree, but... <stands up> I'm a geek.
> 
> Then bite the bullet and face compiler errors, library linking issues
> and *lots* of simply bad code (and don't ask on mailing list unless you
> offer a patch, too). Tell me how productive your are, afterwards.
> 
> Harder is not necessarily better, Gentoo doesn't compile to look tough,
> it wants to be more customizable.

Yes. As such, it's a *damned* good way to start learning how your box
works from the inside out.

I started out by building everything from scratch, and only moved off
that when I felt I'd learned enough.


(In a sense, I still haven't moved off it, but nearly everything is now
scripted so that admin tasks consume only a minute or two a day. I've
never bothered to switch to a conventional distro: they're all too
different from the system I've got used to, and besides, I'd dislike
the loss of that wonderful feeling of complete control.)

(Control freak? Me? You say that as if there's something *wrong* with
it...)

> Good, fetch the source for Debian packages as described before, add your
> custom ./configure flags (that's what Gentoo does) and re-compile. If
> you need to compile, you need control, lots of it, much more than some
> automatic 'emerge' gives you anyway (you might like to *edit* the
> source, for instance, then you are on your own..)

That's why I don't use Gentoo. I have quite considerable volumes of
patches for an awful lot of the packages on my system (a quick check
shows that about 40% have more than 10K of accumulated patches), and
Gentoo makes it almost impossibly difficult to maintain local patches
to its stuff. It should damned well merge the things forward, but it
doesn't, and the largely disintegrate design of ebuilds makes it
extremely hard to fix that.

> *: Want to re-build your whole system with stack protection? With

Firewall's doing that (SSP/ProPolice, with the guard functions jiggered
to halt the firewall's execution when a buffer overflow's detected).

> SELinux support? Tune the policies?

I'm not *that* insane.

>                                     Run vservers and Xen virtualization?

The firewall runs user-mode-linux, and I'm thinking of switching to
ReVirt at some point, although given what I want to do with it I'll
need to do a lot of work on ReVirt first. (I think I can trim down
the volume of data ReVirt produces via dynamic compilation tricks
a la valgrind.)

When I have *that*, I'll have a fully reversible-execution firewall,
and anyone attacking me will be helpfully showing me exactly what
they did so I can fix it. :)

>                             Completely mad and have papers for it (PhD)?

No. But I know people who are. :)

(are you calling my mother mad? tsk, tsk, don't let her hear you.
You'll probably not survive the aftermath.)

> No? Try to have a life outside of computers, at least sometimes?

Now there I think you may have me.

> /me listens to the inevitable humming of flamewar closing in

I think I mostly agree with you, except where I disagree.

-- 
`The sword we forged has turned upon us
 Only now, at the end of all things do we see
 The lamp-bearer dies; only the lamp burns on.'
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list