[RULE] Linuxjournal article, continued

Liam Proven lproven at gmail.com
Thu May 19 17:51:32 EEST 2005


On 5/19/05, M. Fioretti <mfioretti at mclink.it> wrote:

> > Likewise, sorry about the delay.  I'm curious about the "virtually
> > all" part though.  Could I break something by downloading an update
> > to get a security fix?
> 
> *if* I understand the question, the answer is "not more than if I were
> running standard FC3 on an officially supported machine". That's the
> beauty of it: on a RULE machine you'd have no power to compile kernels
> by yourself anyway, so you would depend from binary updates coming
> from outside. Outside here means "you do it yourself on some more
> powerful HW, spending a lot of time" or "you use the same stuff of a
> lot of other people, stuff that is supported and fixed often, so
> you're better off"

OK. As I understand it, what he's getting at is this - and please
correct me if my understanding is wrong.

 - The only bits of Fedora which are CPU-specific are the kernels,
which in some cases can be optimised for specific CPU architectures
and will not run on 486 or Pentium-1 level kit. RULE provides
custom-compiled with generic i486 optimisations.
(Is that right?)
- This being so, all the actual software packages are compiled with
generic i486 optimisations and will run happily on anything?
 - So if you install Fedora updates on the machine, they will *all*
just run, without exception?

What Don is concerned about is this scenario. You install a RULE
system with a mix of components, including some compiled by RULE for
486. Then you update it using Fedora tools and you get something
included in that update which is compiled for i686 and won't run on a
486. Result, broken system.

Is this possible?

[This bit was me...]
> > >> I suspect the main use of RULE is for building client machines
> > >> rather than servers, though, so it's not so critical as for a
> > >> directly Internet-connected host.

> If it really is a mission critical server, on which a fault would cost
> you a lot of money, it must be *new*: no old parts that may broke
> tonight, without hope to get equal ones in a hurry. So it doesn't need
> to run RULE.

Noted.

[Now Don...] 
> > "client systems don't need security updates" is why I get so much
> > spam -- and maybe why all those perfectly good old machines getting
> > converted to Linux got thrown out in the first place.  If it has a
> > browser it's slurping down untrusted stuff.

So he's saying it's of paramount importance that even low-end legacy
kit runs contemporary components, as even an old machine is just as
vulnerable to security exploits as a gleaming new dual-core Athlon64.

> Right. In this other case, with RULE you are just as safe as the guy
> next door running FC3 on its brand new, 1GB of RAM, PC. As long as you
> both update frequently. If you always need to surf heavy, all-Flash
> websites, you need more CPU and RAM. Period. It doesn't matter if you
> compile or write the browser yourself for the maximum efficiency, if
> the background itself is more than your physical RAM. RULE or anything
> similar are not (cannot be) intended for these uses, they are for SOHO
> scenarios: read, write, calculate, email, normal surfing.

Good news!

> So the update problem happens only when there are no more any email clients
> or browsers in your distro compiled to run on 486 or P1. Judging from
> the attitude of Fedora developers towards the oh-so-cool-686-optimized
> distros, 486 and P1s are going to break before this does become a problem.

Pardon me?
Are you saying that all the Fedora components are still happy on
486-level kit, or at least P1?

> In one sentence: I don't think that long-term updates are so a concern
> for real world RULE usage as Don worries.

> I have started to work on the mini-kde piece, so if I will hear
> similar concerns from him I'll let you know. 

Great!

> Liam, what is the exact
> subject of your piece anyway?

Well, it's not started yet! I don't generally write anything unless I
have a commission in hand.

> > I don't want to be too obnoxious, but I'm not hearing "install a fix
> > and it will keep working" -- and putting Linux on an old machine is
> > a lot of people's first exposure to the OS.
> 
> I'm not sure what this last sentence means. Some more context, please?

Damn. GMail tossed out my reply to this bit. 

What I think Don's saying is that he won't promote a distro by giving
it coverage in the mag if it cannot be kept 100% up-to-date with
security patches etc. Once they're online, old machines are just as
vulnerable to exploits as the latest screaming dual-core Athlon64
monster.

-- 
Liam Proven
Home: http://welcome.to/liamsweb * Blog: http://lproven.livejournal.com
Tel: +44(0)20-8685-0498 * Mobile: +44(0)7939-087884
AOL, Yahoo UK: liamproven * ICQ: 73187508 * MSN: lproven at hotmail.com



More information about the Rule-list mailing list