Re: [CentOS] Certificates
On Aug 31, 2018, at 4:42 PM, Robert Moskowitz wrote: > > [Let’s Encrypt] is designed for getting web servers quickly into TLS Yes. > ...and then to a more stable provider. [citation wanted] > If your content is short information, your contacts will never notice that > you go to a new cert quarterly. They’ll never notice regardless. I’m looking at a Google.com certificate right now that was generated on August 14th of this year and will not be valid past October 23. That’s the same replacement schedule as Let’s Encrypt. The old model of long-lived certificates has no special value. It’s purely a business decision on the part of the providers and customers. Automation removes much of this model’s value. > I can see web services where a new cert every 90 days will cause a pain point. Describe one. I’ve been running some of my domains on Let’s Encrypt for years now, and have never had a single user complain to me that my certs are changing too often. > And for other services like IMAP, SMTP, LDAP (maybe not LDAP) constant > changing certs even with a long lived root may get old for your customers. As long as both the old and new certs are valid at the time of replacement, the client should care nothing about it unless they’ve gone to the trouble to download the cert and check it against the cached copy every time. I remember hearing about at least one browser plugin that did this, but since the idea of rapid cert replacement has been gaining ground, I expect that plugin has lost much of the small amount of popularity it once held. > Unfortunately, there has never been an effective business model for small > customers. There is now: it’s called Let’s Encrypt. :) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
1 sep 2018 kl. 00:42 skrev Robert Moskowitz : > On 08/31/2018 05:54 PM, John R. Dennison wrote: >> On Fri, Aug 31, 2018 at 05:30:53PM -0400, Robert Moskowitz wrote: >>> Letsencrypt is a very important development, but it has (IMHO) a shaking >>> foundation. I would not build a production system around it. But then I >>> have lived in aspects of PKI since '95... >> I presume you meant "shaky foundation"? > > Yes. I am not in California (or similar earthquake place!) Good old stable > Michigan (we do get mild ones once in a while. :) > >> If so, would you care to elaborate > > It is designed for getting web servers quickly into TLS and then to a more > stable provider. "Make the web safe for all". If your content is short > information, your contacts will never notice that you go to a new cert > quarterly. Long-term users might also never see this, but I can see web > services where a new cert every 90 days will cause a pain point. > > And for other services like IMAP, SMTP, LDAP (maybe not LDAP) constant > changing certs even with a long lived root may get old for your customers. > > Plan on this to 'get into the pool', but not to live with it for more than a > year. > > Unfortunately, there has never been an effective business model for small > customers. > > We are kind of close with DMARC, but I think it misses the mark. Putting your > domain root cert into your DNSSEC signed domain should be all that is needed > to establish a rooted trust. > > I have to speak with some IETF colleagues on this (particularly in DNSSEC and > DMARC) I'm not sure I still see the point you're trying to make. What actual practical and concrete problems are you suggesting may arise in the situations you touch on above? As far as I know, if you have a properly set up LE certificate for a service, and renew it regularly, clients will not have a problem with this. They trust the root CA, and when you renew/replace the certificate, they will happily trust the new one, over and over again. Considering all relevant root trust stores now contain LE's CA, it's here to stay from what I can tell, not to mention it's working well so far. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
On 08/31/2018 05:54 PM, John R. Dennison wrote: On Fri, Aug 31, 2018 at 05:30:53PM -0400, Robert Moskowitz wrote: Letsencrypt is a very important development, but it has (IMHO) a shaking foundation. I would not build a production system around it. But then I have lived in aspects of PKI since '95... I presume you meant "shaky foundation"? Yes. I am not in California (or similar earthquake place!) Good old stable Michigan (we do get mild ones once in a while. :) If so, would you care to elaborate It is designed for getting web servers quickly into TLS and then to a more stable provider. "Make the web safe for all". If your content is short information, your contacts will never notice that you go to a new cert quarterly. Long-term users might also never see this, but I can see web services where a new cert every 90 days will cause a pain point. And for other services like IMAP, SMTP, LDAP (maybe not LDAP) constant changing certs even with a long lived root may get old for your customers. Plan on this to 'get into the pool', but not to live with it for more than a year. Unfortunately, there has never been an effective business model for small customers. We are kind of close with DMARC, but I think it misses the mark. Putting your domain root cert into your DNSSEC signed domain should be all that is needed to establish a rooted trust. I have to speak with some IETF colleagues on this (particularly in DNSSEC and DMARC) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
On Fri, Aug 31, 2018 at 05:30:53PM -0400, Robert Moskowitz wrote: > > Letsencrypt is a very important development, but it has (IMHO) a shaking > foundation. I would not build a production system around it. But then I > have lived in aspects of PKI since '95... I presume you meant "shaky foundation"? If so, would you care to elaborate? John -- Many people, especially ignorant people, want to punish you for speaking the truth, for being correct, for being you. Never apologize for being correct, or for being years ahead of your time. If you're right and you know it, speak your mind even if you are a minority of one. The truth is still the truth. -- Mohandas Gandhi pgp8FrjUuS6Z8.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
On 08/31/2018 01:47 PM, Chuck Campbell wrote: I am getting myself confused, and need someone who fully understands this process to help me out a bot. I would like to obtain an ssl certificate, so I can run my own imap server on a machine in my office. My domain is hosted by networksolutions, but I don't run my imap server there. I am assuming I'll need to pay a CA to generate what I need, but I'm confused about what I need. I am running dovecot at teh moment, but my clients (iphone, windows laptops) say my ssl connection is not trusted. The phone just won't connect. I tried emailing the dovecot.pem file to my phone and installing it, but it just says it is not trusted. This leads me to obtaining a real CA issued certificate. I'm not sure what to do with it, once I get one, and then if I need to subsequently regenerate my dovecot.pem file?? Many large companies run their own CA and install their own root certificate. Often installing a root cert is easier than installing a self-signed independent cert. There is much written about building your own CA and a number of tools for that like openCA. I can't speak for all your devices or apps, but there should be ways In personal promotion, I have been doing my own CA work for ECDSA certs and now for EDDSA certs (and I wonder what commercial CAs are providing them). See my Internet draft: draft-moskowitz-ecdsa-pki And my github for pending updates to this and the new eddsa-pki draft (to be published after openSSL 1.1.1 is released). https://github.com/rgmhtt/draft-moskowitz-ecdsa-pki https://github.com/rgmhtt/draft-moskowitz-eddsa-pki Or go to openCA or look at other CA toolkits available on Centos and Fedora. Letsencrypt is a very important development, but it has (IMHO) a shaking foundation. I would not build a production system around it. But then I have lived in aspects of PKI since '95... ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] vdo statustics on Dedup?
Folks I've started to use "vdo" instead of zfs in Centos 7. I hope this is a wise decision. However, I'm a bit mystified in decoding the "vdostats" output. I'd like to figure out how well deduplication is working. One measure would be to find two numbers: L = How many bocks are in use as reported to tools like df P = How many actual blocks are in use. Then a value such as L/P, which can never be less than 1, would be interesting. If I have typically four copies of everything, I'd expect to see L/P close to 4.00. What two numbers, in the "vdostats" do this if any? David ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
My recommendation, take it for what its worth: 32-bit distros to me are a short lived proposition IMO. Example: I'm running Centos 6, 32-bit version. I recently ran into an issue where a package (clamav) started using a 64-bit library for decompression of files. End result, end of scanning for email viruses as this lib won't run on 32-bit AND, the lib hasn't been updated for 32-bits in 6 years. Forced to move to Centos 7 to get 64-bit libs. Centos 6 is still a viable supported OS until end of 2019 or 2020. So, ditch the box and get something that runs 64-bit..Your time will be better spent!!! Jay > Le 31/08/2018 à 16:29, Gary Stainburn a écrit : >> Can anyone recommend a Dist that would work on it? > > I'd say whatever bone-headed distro you're comfortable with. > > Personally, I'd use 32-bit Slackware 14.2 without even giving it a > second thought. > > Cheers, > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'église - 30730 Montpezat > Site : https://www.microlinux.fr > Blog : https://blog.microlinux.fr > Mail : i...@microlinux.fr > Tél. : 04 66 63 10 32 > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
Letsencrypt.org has one other thing you should know about, not a biggie, the certificate is only good for 90 days at a time. Then you need to renew. But they though about that too, you can automate the renewal, so that each time the certificate expires and new one is generated and installed. It is supported by all of the major browsers, by supported, they are a part of the group that funds letsencrypt.org john On 8/31/2018 3:38 PM, Ulf Volmer wrote: On 31.08.2018 21:31, Michael Schumacher wrote: certbot works only with ports 80 or 443? Can lego work with with IMAP ports like 143 or 993? The documentation is not very clear. basically - independent of the client - letsencrypt will only support http/https or dns based challenges. so - if you want to get certificates for an imap only server, you will have to setup an webserver for the challenge. or deal with your dns server. best regards Ulf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
At Fri, 31 Aug 2018 21:38:13 +0200 CentOS mailing list wrote: > > On 31.08.2018 21:31, Michael Schumacher wrote: > > > certbot works only with ports 80 or 443? Can lego work with with IMAP > > ports like 143 or 993? The documentation is not very clear. > > basically - independent of the client - letsencrypt will only support > http/https or dns based challenges. > > so - if you want to get certificates for an imap only server, you will > have to setup an webserver for the challenge. or deal with your dns server. Yes, this works. I use mail.deepsoft.com for both imap and SquirrelMail and use the same cert for both SquirrelMail/Apache and dovecot. > > best regards > Ulf > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > > -- Robert Heller -- 978-544-6933 Deepwoods Software-- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services hel...@deepsoft.com -- Webhosting Services ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
31 aug 2018 kl. 21:38 skrev Ulf Volmer : > On 31.08.2018 21:31, Michael Schumacher wrote: > >> certbot works only with ports 80 or 443? Can lego work with with IMAP >> ports like 143 or 993? The documentation is not very clear. > > basically - independent of the client - letsencrypt will only support > http/https or dns based challenges. > > so - if you want to get certificates for an imap only server, you will > have to setup an webserver for the challenge. or deal with your dns server. Setting up a web server is not needed - all you need is lego (which by the way is one statically linked binary since it's written in Go). If you use the HTTP challenge, lego will temporarily, only for the time needed to fulfill the challenge, listen for HTTP on the relevant port. In summary, lego contains a web server for the HTTP challenge. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
Le 31/08/2018 à 16:29, Gary Stainburn a écrit : > Can anyone recommend a Dist that would work on it? I'd say whatever bone-headed distro you're comfortable with. Personally, I'd use 32-bit Slackware 14.2 without even giving it a second thought. Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
31 aug 2018 kl. 21:31 skrev Michael Schumacher : > Leo, > >>> I would like to obtain an ssl certificate, so I can run my own imap server >>> on a machine in my office. >>> I am assuming I'll need to pay a CA to generate what I need, but >>> I'm confused about what I need. I am running dovecot at teh moment, >>> but my clients (iphone, windows laptops) say my ssl connection is >>> not trusted. The phone just won't connect. > >> Nope, you don't have to pay for a certificate at one of the >> traditional CAs, you can use Let's Encrypt to have free but fully >> valid certificates for your server. > >> See https://letsencrypt.org/ for more information. I can recommend >> https://github.com/xenolf/lego for use on your server, but there are >> many different LE clients out there. > > certbot works only with ports 80 or 443? Can lego work with with IMAP > ports like 143 or 993? The documentation is not very clear. I haven't used certbot, only lego, but that's not a problem. If you use leo you will have it manage the request for new and renewal of existing certificates. It does this using challenges over HTTP or DNS. I am guessing this is where your understanding that it only works with port 80 and 443 comes from - it uses either of those ports to communicate with Let's Encrypt's systems when using the HTTP challenge. However, this is separate from your IMAP server. Which ports your IMAP server use has nothing to do with lego or the LE certificate stuff. As long as something, e.g. lego, successfully manages to get valid certs onto your server, your IMAP server should be able to use those certificates (that is, a private key file and a public key file). Your IMAP server can use those files and may then respond to requests for IMAP over SSL/TLS on e.g. port 993. Port 143 is for unencrypted IMAP, so in that case certificates are not relevant at all. Consider trying leo out with the staging parameter enabled (see the documentation for it right there on the GitHub page), that way you can experiment with it and see what it produces and how it works. Then you can configure your IMAP server to use those certificate files. Regards, Leo ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
On 31.08.2018 21:31, Michael Schumacher wrote: > certbot works only with ports 80 or 443? Can lego work with with IMAP > ports like 143 or 993? The documentation is not very clear. basically - independent of the client - letsencrypt will only support http/https or dns based challenges. so - if you want to get certificates for an imap only server, you will have to setup an webserver for the challenge. or deal with your dns server. best regards Ulf ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
Leo, >> I would like to obtain an ssl certificate, so I can run my own imap server >> on a machine in my office. >> I am assuming I'll need to pay a CA to generate what I need, but >> I'm confused about what I need. I am running dovecot at teh moment, >> but my clients (iphone, windows laptops) say my ssl connection is >> not trusted. The phone just won't connect. > Nope, you don't have to pay for a certificate at one of the > traditional CAs, you can use Let's Encrypt to have free but fully > valid certificates for your server. > See https://letsencrypt.org/ for more information. I can recommend > https://github.com/xenolf/lego for use on your server, but there are > many different LE clients out there. certbot works only with ports 80 or 443? Can lego work with with IMAP ports like 143 or 993? The documentation is not very clear. best regards --- Michael Schumacher ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
Warren Young wrote: > On Aug 31, 2018, at 8:29 AM, Gary Stainburn wrote: > >> >> I've got a very small footprint rack server with a 4TB drive in that I >> wish to be a Bacula storeage device. However, it's got an old board / >> processor in it. > > You’re giving two very mixed signals here. > > “Old Pentium,” as someone else said, can mean anything back to 1993, but > “4 TB drive” suggests something far newer than that. Good point. If it recognizes a 4TB drive, then it has to have a controller card from around '10 or newer. I don't know that an "old Pentium" can address that. Don't they also call 686's Pentiums? mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
J Martin Rushton via CentOS wrote: > On 31/08/18 16:47, Yves Bellefeuille wrote: >> Gary Stainburn wrote: >> > > >> "Old Pentium" isn't very precise; the first Pentiums were in 1993! > > They were the ones nicknamed "i586.01" see > https://en.wikipedia.org/wiki/Pentium_FDIV_bug > Which a lot of us referred to as the rePentium chip. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Certificates
31 aug 2018 kl. 19:47 skrev Chuck Campbell : > I am getting myself confused, and need someone who fully understands this > process to help me out a bot. > > I would like to obtain an ssl certificate, so I can run my own imap server on > a machine in my office. > > My domain is hosted by networksolutions, but I don't run my imap server there. > > I am assuming I'll need to pay a CA to generate what I need, but I'm confused > about what I need. I am running dovecot at teh moment, but my clients > (iphone, windows laptops) say my ssl connection is not trusted. The phone > just won't connect. > > I tried emailing the dovecot.pem file to my phone and installing it, but it > just says it is not trusted. > > This leads me to obtaining a real CA issued certificate. I'm not sure what to > do with it, once I get one, and then if I need to subsequently regenerate my > dovecot.pem file?? Nope, you don't have to pay for a certificate at one of the traditional CAs, you can use Let's Encrypt to have free but fully valid certificates for your server. See https://letsencrypt.org/ for more information. I can recommend https://github.com/xenolf/lego for use on your server, but there are many different LE clients out there. If your phone does not already trust Let's Encrypt's CAs, you should be able to install their certificates to get it working. I suggest you start by getting a cert onto your server and take it from there though. Regards, Leo ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Certificates
I am getting myself confused, and need someone who fully understands this process to help me out a bot. I would like to obtain an ssl certificate, so I can run my own imap server on a machine in my office. My domain is hosted by networksolutions, but I don't run my imap server there. I am assuming I'll need to pay a CA to generate what I need, but I'm confused about what I need. I am running dovecot at teh moment, but my clients (iphone, windows laptops) say my ssl connection is not trusted. The phone just won't connect. I tried emailing the dovecot.pem file to my phone and installing it, but it just says it is not trusted. This leads me to obtaining a real CA issued certificate. I'm not sure what to do with it, once I get one, and then if I need to subsequently regenerate my dovecot.pem file?? Thanks, -chuck -- ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On 8/31/18 12:09 PM, Leon Fauster via CentOS wrote: Am 31.08.2018 um 16:29 schrieb Gary Stainburn : I've got a very small footprint rack server with a 4TB drive in that I wish to be a Bacula storeage device. However, it's got an old board / processor in it. We use mysql as database backend for bacula, and it becomes heavy loaded, over time especially wenn restoring respectively generating filelists. So, not sure if such old CPU provides enough compute power ... This is important for the machine hosting director. If database is hosted on different machine even that shouldn't be awfully loaded in my opinion. As far as the box hosting storage daemon is concerned, that dosn't need much of resources (like CPU or RAM - unless one uses NFS which I wouldn't), the only things to pay attention for that box would be network connection capacity and/or filesystem speed, whichever becomes a bottleneck. I hope, this helps. Valeri -- LF ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On Aug 31, 2018, at 8:29 AM, Gary Stainburn wrote: > > I've got a very small footprint rack server with a 4TB drive in that I wish > to > be a Bacula storeage device. However, it's got an old board / processor in > it. You’re giving two very mixed signals here. “Old Pentium,” as someone else said, can mean anything back to 1993, but “4 TB drive” suggests something far newer than that. I ask because that affects the expected energy draw of the server. If it’s old, it could be 200 W or so. If you’re using “old” rather loosely, then it could be down in the double digits. Here’s why it matters: https://www.rapidtables.com/calc/electric/energy-cost-calculator.html At 12 pence per kWh — typical for power in some places in your country, based on your TLD — it’s going to cost you about 1 pound per watt consumed if it runs all day every day. If it draws 35 W, that’s £35/yr. If it draws 200 W, that’s £200/yr. If the cost is high enough, then it’s probably cheaper to buy a new energy-efficient server, which then lets you buy something that will run any Linux distro you want. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
> Am 31.08.2018 um 16:29 schrieb Gary Stainburn : > > I've got a very small footprint rack server with a 4TB drive in that I wish > to > be a Bacula storeage device. However, it's got an old board / processor in > it. We use mysql as database backend for bacula, and it becomes heavy loaded, over time especially wenn restoring respectively generating filelists. So, not sure if such old CPU provides enough compute power ... -- LF ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On 31/08/18 16:47, Yves Bellefeuille wrote: > Gary Stainburn wrote: > "Old Pentium" isn't very precise; the first Pentiums were in 1993! They were the ones nicknamed "i586.01" see https://en.wikipedia.org/wiki/Pentium_FDIV_bug -- J Martin Rushton MBCS signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
I’ve been using it for years. I know the difference. You run FreeBSD and you install ports. The two come hand-in-hand. There’s no confusion. The maintainers, the admins, are far and few between on FreeBSD. The very reason I’m here is due to to just that. That, cannot be said of the Linux world.Your last paragraph is on point, and some people earn their “keep” regardless of how many errors they make. Historically, that’s the same for IBM and Microsoft, and everybody that employed those technologies because “IBM is too big to fail”. Well documented in business cases for decades now, something that a lot of tech people simply don’t understand. > On Aug 31, 2018, at 12:01 PM, Valeri Galtsev > wrote: > > FreeBSD ports should not be confused with FreeBSD system. Each of ports is > maintained by different maintainer(s), some of them get obsolete, sometimes > quickly, and not every software that is ported deserves in sane sysadmin's > opinion to be offered to the users. > > And the same can be said about RPM collections (which are many, and one huge > one would be Fedora's one) or deb packages collection of Debian (and its > clones). > > All in all, if one gets confused sometimes, one can get confused using any > open source system. > > On the other hand, before starting to offer some software to users, every > sysadmin analyzes it carefully and tries to predict if it will stay alive for > long time. As it is huge pain to migrate users to some alternative once the > software of your choice becomes dead... And that is how sysadmins earn their > salaries IMHO. > > Just my $0.02. > > Valeri Cheers, Bee ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On 8/31/18 10:47 AM, John Hodrien wrote: On Fri, 31 Aug 2018, mark wrote: CentOS will work, but you might start with minimal (but make sure it includes networking). Please note that I installed CentOS 6, just a few months ago, on an HP Netbook from '09, and it runs perfectly well. mark "see? I didn't say anything about systemd" CentOS 6 requires a PAE supporting CPU. Subject referenced Pentium CPU. I would not use system that has EOL (End Of Life) in a really close future. That would be waste of my time. Just mentioning. Valeri Pentiums do not support PAE, and so would not run CentOS 6 without fun and games and an alternative kernel. I previously had a Dell X1 with a Pentium M CPU, which also didn't advertise PAE support, so couldn't run the stock CentOS 6 kernel, which made installation a little more interesting. If you're really stubborn, there are options for mashing it on anyway, but I'm not sure I'd bother. In my case I think I just ran anaconda within C5 to install C6 onto another LV, put a non-PAE kernel on, then booted into the C6 install. jh ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On 8/31/18 10:12 AM, Bee.Lists wrote: I’m fresh out of FreeBSD world. Depending on the port, it can be easy and predictable, or an absolute confusion-fest. FreeBSD ports should not be confused with FreeBSD system. Each of ports is maintained by different maintainer(s), some of them get obsolete, sometimes quickly, and not every software that is ported deserves in sane sysadmin's opinion to be offered to the users. And the same can be said about RPM collections (which are many, and one huge one would be Fedora's one) or deb packages collection of Debian (and its clones). All in all, if one gets confused sometimes, one can get confused using any open source system. On the other hand, before starting to offer some software to users, every sysadmin analyzes it carefully and tries to predict if it will stay alive for long time. As it is huge pain to migrate users to some alternative once the software of your choice becomes dead... And that is how sysadmins earn their salaries IMHO. Just my $0.02. Valeri On Aug 31, 2018, at 10:52 AM, Gary Stainburn wrote: Thanks for this. I haven't looked at FreeBSD since the 1990's or there abouts, but I'll give it a look. Cheers, Bee ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On Friday 31 August 2018 16:35:54 mark wrote: > Gary Stainburn wrote: > > I've got a very small footprint rack server with a 4TB drive in that I > > wish to be a Bacula storeage device. However, it's got an old board / > > processor in it. > > > > Can anyone recommend a Dist that would work on it? > > CentOS will work, but you might start with minimal (but make sure it > includes networking). > > Please note that I installed CentOS 6, just a few months ago, on an HP > Netbook from '09, and it runs perfectly well. > > mark "see? I didn't say anything about systemd" I did try Centos 6 32-bit because I believe that was what was on it last time. Unfortunately this time it refused to see the install image on the DVD I did also wonder about repositories and how long they'll be available for it. Gary ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On 8/31/18 9:52 AM, Gary Stainburn wrote: On Friday 31 August 2018 15:44:53 Valeri Galtsev wrote: I would use FreeBSD (and I do use FreeBSD for bacula, now bareos backup server and storage hosts), it has really small "footprint", and it is quite widespread. Incidentally, I was using bacula for very long time, but recently I switched to bacula's fork: bareos. You may want to consider the differences before you finalized everything in stone. Valeri Hi Valeri, Thanks for this. I haven't looked at FreeBSD since the 1990's or there abouts, but I'll give it a look. I'm also looking at lubuntu, but was hoping that there was a lcentos. We tend to like what we're used to. It is counter productive, and this list is wrong place to tell some alternative system is better than one or another Linux, hence this is the rant, ignore it, everyone who can: Linux kernel is IMHO overburdened by quite a lot of stuff that doesn't belong there. Hence higher chance of bugs (and almost all bugs in kernel have security implications). Adding to that not too rare glibc security patches, all in all in my observation on average you have to reboot Linux box once every 45 days. That became a statistics after switch from 2.4 to 2.6 kernel as I recollect, and one of my friends started to use word "Lindoze" when he was looking where to migrate his servers to those days... All in all for your hardware if I were to pick the system that is widely used and has small footprint and small demands to hardware specs, I would use FreeBSD. I hope, this helps. Valeri I'd be interested in your views on the differences between bacula and Bareos. I do have one Bareos storeage device but that's just in Bacula compat mode. Gary ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
Gary Stainburn wrote: > I've got a very small footprint rack server with a 4TB drive in that I > wish to be a Bacula storeage device. However, it's got an old board / > processor in it. "Old Pentium" isn't very precise; the first Pentiums were in 1993! The least demanding distributions I know are Bodhi, https://www.bodhilinux.com/ , and, even less demanding, but wonky, SliTaz, http://www.slitaz.org/ . Among major distributions, I think that Debian would probably be the least demanding. -- Yves Bellefeuille ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On Fri, 31 Aug 2018, mark wrote: CentOS will work, but you might start with minimal (but make sure it includes networking). Please note that I installed CentOS 6, just a few months ago, on an HP Netbook from '09, and it runs perfectly well. mark "see? I didn't say anything about systemd" CentOS 6 requires a PAE supporting CPU. Subject referenced Pentium CPU. Pentiums do not support PAE, and so would not run CentOS 6 without fun and games and an alternative kernel. I previously had a Dell X1 with a Pentium M CPU, which also didn't advertise PAE support, so couldn't run the stock CentOS 6 kernel, which made installation a little more interesting. If you're really stubborn, there are options for mashing it on anyway, but I'm not sure I'd bother. In my case I think I just ran anaconda within C5 to install C6 onto another LV, put a non-PAE kernel on, then booted into the C6 install. jh ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
Gary Stainburn wrote: > I've got a very small footprint rack server with a 4TB drive in that I > wish to be a Bacula storeage device. However, it's got an old board / > processor in it. > > Can anyone recommend a Dist that would work on it? CentOS will work, but you might start with minimal (but make sure it includes networking). Please note that I installed CentOS 6, just a few months ago, on an HP Netbook from '09, and it runs perfectly well. mark "see? I didn't say anything about systemd" ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
I’m fresh out of FreeBSD world. Depending on the port, it can be easy and predictable, or an absolute confusion-fest. > On Aug 31, 2018, at 10:52 AM, Gary Stainburn wrote: > > Thanks for this. I haven't looked at FreeBSD since the 1990's or there > abouts, > but I'll give it a look. Cheers, Bee ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On Friday 31 August 2018 15:44:53 Valeri Galtsev wrote: > > I would use FreeBSD (and I do use FreeBSD for bacula, now bareos backup > server and storage hosts), it has really small "footprint", and it is > quite widespread. > > Incidentally, I was using bacula for very long time, but recently I > switched to bacula's fork: bareos. You may want to consider the > differences before you finalized everything in stone. > > Valeri Hi Valeri, Thanks for this. I haven't looked at FreeBSD since the 1990's or there abouts, but I'll give it a look. I'm also looking at lubuntu, but was hoping that there was a lcentos. We tend to like what we're used to. I'd be interested in your views on the differences between bacula and Bareos. I do have one Bareos storeage device but that's just in Bacula compat mode. Gary ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] OT: Linux recommendations for old Pentium PC
On 8/31/18 9:29 AM, Gary Stainburn wrote: I've got a very small footprint rack server with a 4TB drive in that I wish to be a Bacula storeage device. However, it's got an old board / processor in it. Can anyone recommend a Dist that would work on it? I would use FreeBSD (and I do use FreeBSD for bacula, now bareos backup server and storage hosts), it has really small "footprint", and it is quite widespread. Incidentally, I was using bacula for very long time, but recently I switched to bacula's fork: bareos. You may want to consider the differences before you finalized everything in stone. Valeri ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos -- Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] OT: Linux recommendations for old Pentium PC
I've got a very small footprint rack server with a 4TB drive in that I wish to be a Bacula storeage device. However, it's got an old board / processor in it. Can anyone recommend a Dist that would work on it? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-es] SAMBA + Postadmin
Más que nada me baso en Zimbra, nunca lo he usado y no creo que lo use; peor me dicen que es un sistema completa que incluye controlador de dominio y que los usuarios se crean una sola vez. Saludos, David El mar., 28 ago. 2018 a las 22:09, SERGIO ANDRES AGUIRRE BARRAGAN (< saabarra...@gmail.com>) escribió: > > http://web.mit.edu/rhel-doc/4/RH-DOCS/rhel-rg-es-4/s1-samba-account-info-dbs.html > esto quizas te de un apista pero me llamo tambien mucho la atencion tu > pregunta quizas investiguemos mas sobre el tema y compartimos info > > El mar., 28 de ago. de 2018 a la(s) 21:06, SERGIO ANDRES AGUIRRE BARRAGAN ( > saabarra...@gmail.com) escribió: > > > yo, creo que so lo puede usar por webmin, creo no estoy seguro > > > > El lun., 27 de ago. de 2018 a la(s) 09:24, David González Romero ( > > dgrved...@gmail.com) escribió: > > > >> Hola gente!! > >> > >> Existe forma de que SAMBA use la estructura y BD de un postadmin para > los > >> usuarios de SAMBA? > >> > >> Solo pregunto para saber si es posible...No he intentado nada... aun > >> > >> Saludos, > >> David > >> ___ > >> CentOS-es mailing list > >> CentOS-es@centos.org > >> https://lists.centos.org/mailman/listinfo/centos-es > >> > > > > > > -- > > > > > > > > Cuando quieres algo, todo el universo conspira para que realices tu > deseo. > > > > > -- > > > > Cuando quieres algo, todo el universo conspira para que realices tu deseo. > ___ > CentOS-es mailing list > CentOS-es@centos.org > https://lists.centos.org/mailman/listinfo/centos-es > ___ CentOS-es mailing list CentOS-es@centos.org https://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-virt] TPM
On onsdag 29 augusti 2018 kl. 15:46:54 EEST Dag Nygren wrote: > On onsdag 29 augusti 2018 kl. 15:37:47 EEST Alvin Starr wrote: > > You could try using Xen. > > A quick search implies that Xen from 4.3 onward will virtualize TPM. > > I am not sure if the libvirt drivers for xen will support the feature > > but some work around may be possible. > > Thanks! Seems to be exactly what is needed. Had a look at this and am still full of questions.. 1. the XEN TPM virtualization doesn't seem to support TPM 2.0 up to the guest - Only down to the HW TPM. Not entirely a showstopper, but 2.0 was a wish from the customer... 2. Still investigating the security implications in going from QEMU to XEN ... Appreciate the good advice I have been getting so far! Best Dag ___ CentOS-virt mailing list CentOS-virt@centos.org https://lists.centos.org/mailman/listinfo/centos-virt
Re: [CentOS] bash completion in C7
Hello Gordon, On Thu, 30 Aug 2018 15:00:41 -0700 Gordon Messmer wrote: > On 08/30/2018 01:11 AM, wwp wrote: > > I well know that to match "1.foo-named", I should use `ls*foo*` > > (trailing *) and I'm sure that you know that `ls *foo` matches > > 1.foo. > > > I didn't. Given a better description of what you're trying to do, I see that > the bash's behavior has changed. I'm afraid I see the same behaviour since Bash 2.0 :-/. > I also learned about "Alt+g" and "Ctrl+x g". Those seem to do more or less > what you want. These are documented in the bash man page under > Completing/Miscellaneous, as glob-complete-word and glob-list-expansions. Must confess that I quite never use Alt+ and Ctrl+ key combinations, saving me from finger stretching.. I'm reading the man about all that now, instructive, thanks! Regards, -- wwp pgpW5Ws6ZycHY.pgp Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
