Re: what's your Debian uptime?
Having a long uptime is fine if you run a system not on the Internet. If you are on the Internet, then a long uptime is like being proud of not having read a newspaper for that many days. Uptime used to be significant over a decade ago, when some systems were recommended to reboot periodically. Windows NT 4 had a bug where it would crash after 49.7 days uptime. It was a common practise to reboot it once a month, and people lived with that until MS eventually noticed their uptime counter problem and patched it. Today, there are no OSs with a problem like it. Maybe memory leaks in winbind or something, but the OS itself these days is robust.
Re: what's your Debian uptime?
I have a box running Etch that hasn't been rebooted in 1,589 days: irp:~# uptime 12:09:06 up 1589 days, 18:23, 1 user, load average: 0.00, 0.01, 0.03 irp:~# I swear this is real. :-) On Sun, Apr 21, 2013 at 6:32 PM, Vincent Lefevre vinc...@vinc17.net wrote: On 2013-04-20 19:24:00 -0600, Bob Proulx wrote: Vincent Lefevre wrote: That's theory. In practice, old machines get no longer supported... I submitted a bug report (and a patch), but AFAIK the bug has never been fixed. I upgraded everything except the kernel, without being sure I could boot it again (udev incompatibilities...). That's why the machine was no longer rebooted. And if you get into a situation where the machine reboots whether you desire it or not? Power, cosmic ray hit, dead cooling fan, other? It was a laptop, so that power wasn't a problem. A hardware failure wuld have meant that the machine would be probably dead anyway (after the last boot the laptop was already more than 8 year old). This is actually what happened a few months ago: strange noises from the disk and I/O errors... It happens. Even with UPS mains and redundant power supplies. Hardware doesn't last forever. Will it boot? If so then great. If not then you have a nasty problem to sort out and the machine is down until you do. I would rather know about it on my schedule rather than its schedule. Even if there were a software problem, I wouldn't have wasting my time to try to fix it for a machine that was almost no longer used (mainly just for portability testing), in particular if the machine couldn't boot. -- Vincent Lefèvre vinc...@vinc17.net - Web: http://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: http://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130421223223.gg9...@xvii.vinc17.org -- Dave Parker Systems Administrator Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177
Re: what's your Debian uptime?
On Wed, Apr 17, 2013 at 12:57:28PM +0100, Jonathan Dowland wrote: My laptop is at 112 days. Of course it hasn't actually been on all of those days. My cat managed to trigger an emergency read-only remount of all filesystems via sysrq, so I took this as an opportunity to update the kernel and switch my init(1) again. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130426172240.GB32077@debian
Re: what's your Debian uptime?
I have a box at work that has an uptime of: 12:32:00 up 1971 days, 18:32, 1 user, load average: 1.00, 1.00, 1.00 On Fri, Apr 26, 2013 at 12:10 PM, David Parker dpar...@utica.edu wrote: I have a box running Etch that hasn't been rebooted in 1,589 days: irp:~# uptime 12:09:06 up 1589 days, 18:23, 1 user, load average: 0.00, 0.01, 0.03 irp:~# I swear this is real. :-) On Sun, Apr 21, 2013 at 6:32 PM, Vincent Lefevre vinc...@vinc17.netwrote: On 2013-04-20 19:24:00 -0600, Bob Proulx wrote: Vincent Lefevre wrote: That's theory. In practice, old machines get no longer supported... I submitted a bug report (and a patch), but AFAIK the bug has never been fixed. I upgraded everything except the kernel, without being sure I could boot it again (udev incompatibilities...). That's why the machine was no longer rebooted. And if you get into a situation where the machine reboots whether you desire it or not? Power, cosmic ray hit, dead cooling fan, other? It was a laptop, so that power wasn't a problem. A hardware failure wuld have meant that the machine would be probably dead anyway (after the last boot the laptop was already more than 8 year old). This is actually what happened a few months ago: strange noises from the disk and I/O errors... It happens. Even with UPS mains and redundant power supplies. Hardware doesn't last forever. Will it boot? If so then great. If not then you have a nasty problem to sort out and the machine is down until you do. I would rather know about it on my schedule rather than its schedule. Even if there were a software problem, I wouldn't have wasting my time to try to fix it for a machine that was almost no longer used (mainly just for portability testing), in particular if the machine couldn't boot. -- Vincent Lefèvre vinc...@vinc17.net - Web: http://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: http://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130421223223.gg9...@xvii.vinc17.org -- Dave Parker Systems Administrator Utica College Integrated Information Technology Services (315) 792-3229 Registered Linux User #408177
Re: what's your Debian uptime?
On 2013-04-20 19:24:00 -0600, Bob Proulx wrote: Vincent Lefevre wrote: That's theory. In practice, old machines get no longer supported... I submitted a bug report (and a patch), but AFAIK the bug has never been fixed. I upgraded everything except the kernel, without being sure I could boot it again (udev incompatibilities...). That's why the machine was no longer rebooted. And if you get into a situation where the machine reboots whether you desire it or not? Power, cosmic ray hit, dead cooling fan, other? It was a laptop, so that power wasn't a problem. A hardware failure wuld have meant that the machine would be probably dead anyway (after the last boot the laptop was already more than 8 year old). This is actually what happened a few months ago: strange noises from the disk and I/O errors... It happens. Even with UPS mains and redundant power supplies. Hardware doesn't last forever. Will it boot? If so then great. If not then you have a nasty problem to sort out and the machine is down until you do. I would rather know about it on my schedule rather than its schedule. Even if there were a software problem, I wouldn't have wasting my time to try to fix it for a machine that was almost no longer used (mainly just for portability testing), in particular if the machine couldn't boot. -- Vincent Lefèvre vinc...@vinc17.net - Web: http://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: http://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130421223223.gg9...@xvii.vinc17.org
Re: what's your Debian uptime?
On 4/19/2013 8:59 AM, Jonathan Dowland wrote: I'll accept that you intended to use the phrase in the meaning you suggest, here, in the spirit of good faith, but I'm sure you are fully aware that the phrase is more widely known and used in a different way which is objectionable. It's therefore very reasonable to avoid using it. There are no shortage of inclusive ways of expressing your meaning. When I spend the 2-5? minutes I'm able to dedicate to replying to a technical email, thinking about the the technical part to hopefully make sure it's correct, I'm not going to spend more than 20 seconds brainstorming for the perfect politically correct analogy. I attempted to be neither crude nor PC, simply selecting something in common use *here* and that most people would understand. I think everyone but you got that, even the ladies. At least I'll assume they did as I saw no negative responses. Nonsense. I believe that common sense and mutual respect are all that is necessary, including a willingness to recognise when one is incorrect. You just accused me of having no common sense nor mutual respect, and not being able to admit I'm incorrect, where I am not. And before that you accused me of stating something I did not due to your PC bent causing misinterpretation. You may have opened a can of worms here Jonathan. Since you decided to make an issue out of a non issue, told me to admit fault when the fault lie with you, then maybe I'll simply make an example of you. From now on I *will* use male genital analogies, using phallus, phalli, and phallic, the academically correct words for describing the sociological phenomenon. Then you can sit there and squirm in your chair screaming loudly, as there is nothing you can do about it. The phallic reference is protected under PC doctrine--is actually at the core of it--the whole white male dominated society, gender inequality, etc. I'll use your own poison against you. And when you run to the sociology and anthropology chairs, and PC committee chairperson there at Newcastle, they'll tell you I'm absolutely correct in my use of the terms, and moreover that each time I use them I'm bringing attention to gender inequality in the computing field, which is great, etc. Now, is this really what you want? Before you answer, think carefully about what you stated directly above, what you expect of others: willingness to recognise when one is incorrect If you can do what you expect from others here, we can kiss and make up (oops, is that PC?) and put this nonsense behind us. Otherwise there may be a whole lot of phalli flopping around in my future posts, fully protected by political correctness doctrine, academic standards, law in most countries, more than likely by the vague Debian posting guidelines, etc. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51722ee1.6080...@hardwarefreak.com
Re: what's your Debian uptime?
On 4/19/2013 9:09 AM, Jonathan Dowland wrote: On Thu, Apr 18, 2013 at 10:31:35PM -0500, Stan Hoeppner wrote: Second, your methodology doesn't scale. For large scale operations installing new kernel patches every few weeks simply isn't financially feasible/responsible. Even a junior admin's salary is better spent on things other than managing mass kernel upgrades. If one builds minimalist kernels one dramatically decreases frequency of mandatory kernel security patches. The security related flaws are typically in subsystems that are not part of a minimalist kernel. This is not necessarily true for everyone. Few things are, computing or otherwise. There are a lot of local factors to take into account. In a large, heterogenous environment, there's a significant investment of time required to properly manage rolling your own kernels across different distributions and versions thereof, plus the required time and expertise to assess each and every security release regarding a kernel to make a proper assessment as to whether you are vulnerable or not, on a system by system basis. Absolutely true for heterogeneous environments. But I specifically stated large scale. Large scale environments are pretty much always homogenous--web farms, mail relay and mailbox farms, compute clusters, etc. This is the ~1000 nodes up class of environment. Here you spend significant time going over patches, but you save more time doing less frequent roll outs. Managing the roll-out of distribution kernel updates, even if you might not be relying on the specific feature that is vulnerable, can be a more pragmatic choice. It certainly is at my place of work. And many places. Far more organizations rely on distribution kernels than custom, as most organizations are small and rely on vendors, having minimal or no IT staff of their own. There have been interesting examples of vulnerabilities in kernel modules that people aren't using but can still be exploited, if the system can be coerced into loading the module. Esoteric network protocols are one interesting example. An insufficiently-careful look at a security update may mean such a vulnerability is left lurking, because it's in a feature one doesn't need. Even if you don't build those modules as part of your minimalist kernel, there are some situations where a third party can build a module for your running kernel and the machine be coerced into loading it (I think there was that bug regarding where cores go during segfaults which was one such vector). On that note, one of the best tips I've ever received regarding keeping systems secure is to disable module loading at run time, once the system has all the necessary modules loaded to provide the service it is supposed do. As a side effect this would prevent you from updating kernel modules whilst keeping the host up. Of course, you may mean disabling module support when you say minimalist kernel. Since when are they mutually exclusive? I start with # CONFIG_MODULES is not set # CONFIG_BLK_DEV_INITRD is not set Then I only build in drivers needed by my machines, and they're pretty homogenous. I only have a couple of kernels for the fleet. I also omit drivers for hardware that may exist but will never be used such as USB, parallel, etc. I only build in the filesystems I use, EXT2 (for tiny boot partition) and XFS, and only the deadline elevator. I only include the processor/memory features I need, same for the block layer, etc. I simply strip everything I'm able to confirm is unnecessary for my workloads. This is why my kernels are less than 2MB (using gzip), and tend to need far less patching than distro kernels. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/51723c18.20...@hardwarefreak.com
Re: what's your Debian uptime?
On 2013-04-18 10:56:53 -0600, Bob Proulx wrote: I don't think uptime challenges are useful. It makes people want to do something that they shouldn't want to do. When kernel security upgrades come along just install them and reboot. That's theory. In practice, old machines get no longer supported... I submitted a bug report (and a patch), but AFAIK the bug has never been fixed. I upgraded everything except the kernel, without being sure I could boot it again (udev incompatibilities...). That's why the machine was no longer rebooted. -- Vincent Lefèvre vinc...@vinc17.net - Web: http://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: http://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130420120148.gd9...@xvii.vinc17.org
Re: what's your Debian uptime?
On Wed, Apr 17, 2013 at 06:24:33PM +0200, Jochen Spieker wrote: Lars Noodén: Oracle hasn't been the best steward for the other FOSS projects […] You are hereby given the Understatement of the Year Award! And it's only April!! :-D -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130420123738.GF25331@tal
Re: what's your Debian uptime?
On Thu, Apr 18, 2013 at 08:18:15PM +0100, Kevin Chadwick wrote: On the humor side though I rememeber a story about a guy who moved his apartment. His machine was on a UPS. He determined a way to borrow a second UPS and daisy chain them for more uptime and then drove like a madman halfway to his new place where he had previously scouted and found a public power outlet. He stopped and charged both UPSes up again. Well I wouldn't go that far but I have taken the insert of a matchbox cut a slot in it and stuck it over the power button so that when reaching round the back there is no way of holding it down by accident. Over here in New Zealand, power switch up equals power off. You're more likely to knock something on than off. And believe it or not I don't recollect any accident reports where this has been a cause. -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130420124515.GG25331@tal
Re: what's your Debian uptime?
On Fri, Apr 19, 2013 at 09:45:21AM +0200, Helmut Wollmersdorfer wrote: In 1992 I worked late after usual office hours on my laptop (an IBM 386) connected to the power supply and battery removed (to save lifetime of the battery). Then the cleaning woman stepped in and asked: May I vacuum clean the room? I gave OK. Then the screen of my laptop suddenly darkened. She pulled out the cable of the next power outlet to plug in the vacuum cleaner. But she unplugged the cable of my laptop. Wasn't there a story where every night at exactly the same time, a computer system would go down for about 15mins. It was the same issue that you struck! -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130420125220.GH25331@tal
Re: what's your Debian uptime?
On Sat, Apr 20, 2013 at 01:00:01AM -0500, Stan Hoeppner wrote: From now on I *will* use male genital analogies, using phallus, phalli, and phallic, the academically correct words for describing the sociological phenomenon. Then you can sit there and squirm in your chair screaming loudly, as there is nothing you can do about it. The phallic reference is protected under PC doctrine--is actually at the core of it--the whole white male dominated society, gender inequality, etc. I'll use your own poison against you. And when you run to the sociology and anthropology chairs, and PC committee chairperson there at Newcastle, they'll tell you I'm absolutely correct in my use of the terms, and moreover that each time I use them I'm bringing attention to gender inequality in the computing field, which is great, etc. And to lower the standard even further, the females can use their anatomically correct words to claim they are being PC. It will be one #$@!ing thing after another! :( -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130420130932.GL25331@tal
Re: what's your Debian uptime?
On Wed, Apr 17, 2013 at 09:22:18PM +0100, Kevin Chadwick wrote: OpenBSD has only had something like two holes in over a decade which is nice for uptime. Let's not get carried away here. I was under the impression that openbsd was one of the best things since sliced bread ... then I read this: http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/ -- If you're not careful, the newspapers will have you hating the people who are being oppressed, and loving the people who are doing the oppressing. --- Malcolm X -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130420135107.GM25331@tal
Re: what's your Debian uptime?
OpenBSD has only had something like two holes in over a decade which is nice for uptime. Let's not get carried away here. I was under the impression that openbsd was one of the best things since sliced bread ... then I read this: http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/ This article is wrong in many ways including saying it includes many of the features of grsecurity. They are actually quite different and saying OpenBSD implemented them after is simply untrue. You can lookup the author of grsecurity making this allegation on the OpenBSD lists if you wish. Saying systrace is recommended to protect from a succesful attack is also wrong. You have to such as with MACs know about things like syscalls and it is actually suggested you don't rely on it at all. Though systrace usage has been added to OpenSSH when run on OpenBSD recently. Not as a reliance but as an extra security measure against DOS attacks and chroot and dropping priviledges is used far more on OpenBD by default (possibly without users even knowing) than on Linux such as in the in base Apache, nginx, unbound, nsd, all of which are audited. Depending on MACS to protect from a succesful attack is bad security practice. The fact that admins time is better spent on preventing successful attacks in the first place and increased complexity of protections it brings is the reason OpenBSD advocates against MACs. Opening quote OpenBSD was not designed with security in mind and provides no real way to lock down and limit a system above standard UNIX permissions, which are insufficient. It's kernel was and is designed with security in mind (as far as the generic hardware will allow). Linux is not. Only standard unix permissions is actually incorrect which he later leads onto. I shall let you decide what that means about this article. File immutabilitiy is a useful feature which Linux hasn't got in such a useful form and at the end of the day everything comes down to the kernel and it's memory protection. He doesn't seem to understand that programs can use protected memory and that memory and processes are better protected due to kernel design and randomness throughout. OpenBSD has securelevels and with the kernel being far more secure than Linux they are far more reliable than MACs. Without grsecurity. Linux doesn't even allow users to close off the gaping hole of rawio (linux) or video aperture (OpenBSD). Standard unix permissions are extremely powerful and I challenge you to come up with a situation where they are not especially when secondary groups are used. It is certainly clear however that many do not understand the power of unix permissions, especially Redhat. On top of this new technologies like PAM do not have the best security track record. It is worth noting that even if you have the time for SELinux it has had it's flaws (I actually prefer grsecurities RBAC). It is clear that the author even does not understand this. the user has complete ownership over their files and processes, and the ability to change permissions at their discretion. This leads to many security concerns, and is the reason most attacks can be successful at all That is not true but is likely over the files they create which can be cotrolled under a DAC system just like a MAC which also has to understand what the user is expected to be doing beforehand. the malicious process or user will inherit the access of the browser or process that was attacked. The prevalence of the DAC architecture throughout most operating systems is still the primary cause of many security issues today. With many server processes still running as a privileged user this is a large concern. It's actually simpler better and more secure to drop priviledges and work on design. This can often be done by users and is often added to ports on OpenBSD. All then benefit and not just RBAC users. As an example of what is possible with extended access controls, it a web server process running as root could be set to only have append access(as opposed to general write access available in a DAC system) to specific files in a specific directory, and to only have read access to specific files in a specific directory. If some files need to execute, then that file itself (or the interpreter if a script) can be restricted in a similar way. This alone would prevent web site defacement and arbitrary code execution in a great many cases.
Re: what's your Debian uptime?
Chris Bannister wrote: Over here in New Zealand, power switch up equals power off. I noticed that behavior when visiting your beautiful country! But I figured that since it was on the south side of the planet that the switches pointed toward the south pole for off and toward the north pole for on. Which is exactly the same as it is in the north side of the planet too. So it is really just the same if you have the right frame of reference. :-) Bob signature.asc Description: Digital signature
Re: what's your Debian uptime?
Vincent Lefevre wrote: Bob Proulx wrote: I don't think uptime challenges are useful. It makes people want to do something that they shouldn't want to do. When kernel security upgrades come along just install them and reboot. That's theory. In practice, old machines get no longer supported... I submitted a bug report (and a patch), but AFAIK the bug has never been fixed. I upgraded everything except the kernel, without being sure I could boot it again (udev incompatibilities...). That's why the machine was no longer rebooted. And if you get into a situation where the machine reboots whether you desire it or not? Power, cosmic ray hit, dead cooling fan, other? It happens. Even with UPS mains and redundant power supplies. Hardware doesn't last forever. Will it boot? If so then great. If not then you have a nasty problem to sort out and the machine is down until you do. I would rather know about it on my schedule rather than its schedule. Whenever I come across a machine that has been running continuously for a very long time one of my big worries is that someone has installed something perhaps hackishly and that the boot for it is not correct. This could mean that the machine won't boot. Or it could mean that the daemon won't be started. Or other variations. Therefore one thing that I always try to do before *I* work on a machine like that is to reboot it first. Then if there is a problem I know it is a pre-existing problem and not one that I created by the new work upon it. And I schedule it for a time convenient to me when it isn't going to be a panic. If you have a machine that will not come up from a clean boot then I think that is a scary situation to be in. Bob signature.asc Description: Digital signature
Re: what's your Debian uptime?
On Thu, Apr 18, 2013 at 10:31:35PM -0500, Stan Hoeppner wrote: This isn't a manhood measurement contest. Let's avoid alienating some debian-user readers with such language. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130419065631.GA26784@debian
Re: what's your Debian uptime?
Am 18.04.2013 um 20:33 schrieb Bob Proulx: Kevin Chadwick wrote: Well I wouldn't go that far but I have taken the insert of a matchbox cut a slot in it and stuck it over the power button so that when reaching round the back there is no way of holding it down by accident. Protecting the power switch from accidentally switching off is good operating practice. I wouldn't consider that unusual at all. It reminds me of another humorous story... Remember that comedy is someone else's tragedy. [nice power off story] Here is my story: In 1992 I worked late after usual office hours on my laptop (an IBM 386) connected to the power supply and battery removed (to save lifetime of the battery). Then the cleaning woman stepped in and asked: May I vacuum clean the room? I gave OK. Then the screen of my laptop suddenly darkened. She pulled out the cable of the next power outlet to plug in the vacuum cleaner. But she unplugged the cable of my laptop. Helmut Wollmersdorfer -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/3fddb914-03bf-4fed-9390-b84a79e45...@fixpunkt.de
Re: what's your Debian uptime?
The security related flaws are typically in subsystems that are not part of a minimalist kernel. A reboot is an attackers best friend and potentially an attackers enemy too. However whilst your practice is right. I hope you are reviewing all bugs as the kernel devs simply label them as bugs which should be fixed occasionally with hints and often only external eyes like debian ones label them as security bugs some what later too and as I have said if you really wanted to be thorough you would also need to review the commits to code areas you deploy as Linus himself has stated they can't keep up but you may be able to on a minimalist kernel. Perhaps a minimalist/server kernel project starting base rather than LTS might be an idea if it doesn't exist already. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/907020.49342...@smtp128.mail.ir2.yahoo.com
Re: what's your Debian uptime?
On 4/19/2013 1:56 AM, Jonathan Dowland wrote: On Thu, Apr 18, 2013 at 10:31:35PM -0500, Stan Hoeppner wrote: This isn't a manhood measurement contest. Let's avoid alienating some debian-user readers with such language. Instead let's get you straightened out. You obviously misread my statement, apparently because your mind is in the gutter. It had nothing to do with male sexual organ size, as you have obviously and incorrectly assumed. If your beef was instead strictly with my use of simply a non-gender neutral analogy then you'd have kept your mouth shut, as such analogies are everywhere, every day. Thus your position, and your error, are clear. In the US Midwest one measurement of manhood is the number of points on the largest whitetail buck one has killed, another is the size of the lift kit and tires on one's pickup. In Hawaii (and maybe Southern California) the largest wave one has surfed. In Alaska, distance traveled solo by dog sled. Etc, etc. Every sector of every society has a measurement of manhood. I used a perfectly acceptable analogy *in common use* everywhere. Normally I'd let this slide. But, Jonathan, you've twice recently put on the moderator hat and jumped on something innocuous in my posts, and both times you were off base and flat out wrong. It's a bit irritating to be corrected more than once by someone who doesn't know up from down and is simply wound up way too tight in the political correctness straight jacket. So please, the next time you have the urge to correct someone, put a little more thought into your analysis of the apparent infraction so you don't end up looking like a [f|t]ool. Use objectivity, not subjectivity. You're trying to play PC Policeman using your own personal view of what today's disallowed word/phrase list is/not, and that will not work. To enforce PC policy Debian must publish and continually update an official list of all disallowed words an phrases of/in all languages supported by Debian mailing lists. You are an educated man, so you know that such lists are what *define* political correctness. So if you're going to do this, it must be all or nothing, managed with an iron fist equally against all users, and it must be official Debian policy, not simply Jonathon's policy. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5171151e.8080...@hardwarefreak.com
Re: what's your Debian uptime?
On 4/19/13, Jonathan Dowland j...@debian.org wrote: On Thu, Apr 18, 2013 at 10:31:35PM -0500, Stan Hoeppner wrote: This isn't a manhood measurement contest. Let's avoid alienating some debian-user readers with such language. Oh, c'mon! Grow some ovaries already... :) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAOsGNSS17kvYhrD8fS=9C31Z6571Pnt4Bx6Cg_8=tp2pt1a...@mail.gmail.com
Re: what's your Debian uptime?
On Fri, Apr 19, 2013 at 04:57:50AM -0500, Stan Hoeppner wrote: You obviously misread my statement, apparently because your mind is in the gutter. It had nothing to do with male sexual organ size, as you have obviously and incorrectly assumed. If your beef was instead strictly with my use of simply a non-gender neutral analogy then you'd have kept your mouth shut, as such analogies are everywhere, every day. Thus your position, and your error, are clear. I'll accept that you intended to use the phrase in the meaning you suggest, here, in the spirit of good faith, but I'm sure you are fully aware that the phrase is more widely known and used in a different way which is objectionable. It's therefore very reasonable to avoid using it. There are no shortage of inclusive ways of expressing your meaning. Normally I'd let this slide. But, Jonathan, you've twice recently put on the moderator hat and jumped on something innocuous in my posts, and both times you were off base and flat out wrong. I cannot recall either such times but I don't doubt they occurred, although I won't take your word for it that I was flat out wrong. Nor will I stop calling out what I perceive as bad behaviour on this list, for I want the list to be a useful and inclusive one. To enforce PC policy Debian must publish and continually update an official list of all disallowed words an phrases of/in all languages supported by Debian mailing lists. You are an educated man, so you know that such lists are what *define* political correctness. So if you're going to do this, it must be all or nothing, managed with an iron fist equally against all users, and it must be official Debian policy, not simply Jonathon's policy. Nonsense. I believe that common sense and mutual respect are all that is necessary, including a willingness to recognise when one is incorrect. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130419135907.GA7014@debian
Re: what's your Debian uptime?
On Thu, Apr 18, 2013 at 10:31:35PM -0500, Stan Hoeppner wrote: Second, your methodology doesn't scale. For large scale operations installing new kernel patches every few weeks simply isn't financially feasible/responsible. Even a junior admin's salary is better spent on things other than managing mass kernel upgrades. If one builds minimalist kernels one dramatically decreases frequency of mandatory kernel security patches. The security related flaws are typically in subsystems that are not part of a minimalist kernel. This is not necessarily true for everyone. There are a lot of local factors to take into account. In a large, heterogenous environment, there's a significant investment of time required to properly manage rolling your own kernels across different distributions and versions thereof, plus the required time and expertise to assess each and every security release regarding a kernel to make a proper assessment as to whether you are vulnerable or not, on a system by system basis. Managing the roll-out of distribution kernel updates, even if you might not be relying on the specific feature that is vulnerable, can be a more pragmatic choice. It certainly is at my place of work. There have been interesting examples of vulnerabilities in kernel modules that people aren't using but can still be exploited, if the system can be coerced into loading the module. Esoteric network protocols are one interesting example. An insufficiently-careful look at a security update may mean such a vulnerability is left lurking, because it's in a feature one doesn't need. Even if you don't build those modules as part of your minimalist kernel, there are some situations where a third party can build a module for your running kernel and the machine be coerced into loading it (I think there was that bug regarding where cores go during segfaults which was one such vector). On that note, one of the best tips I've ever received regarding keeping systems secure is to disable module loading at run time, once the system has all the necessary modules loaded to provide the service it is supposed do. As a side effect this would prevent you from updating kernel modules whilst keeping the host up. Of course, you may mean disabling module support when you say minimalist kernel. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130419140918.GB7014@debian
Re: what's your Debian uptime?
Whatever I see in all your comments is this: Most of the people show a big uptime. 100 days, 400 days, 500 days, even more than a 1000 days! So many people do this. It proves, how stable a good system can be and it also shows the great work of the developers. If I compare it to other commercial systems (aka Windows). you can see the high quality, what people can do, if they like and have fun, what they are doing. Money is no garant for quality. It is freedom, it is fun and it is motivation. So let's all work together, to keep these things. Let us say to all developers and their helpers: Thank you very much for all the work and help we got from you!!! Best regards Hans -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201304191910.56696.hans.ullr...@loop.de
Re: what's your Debian uptime?
On Apr 19, 2013 8:11 PM, Hans-J. Ullrich hans.ullr...@loop.de wrote: Whatever I see in all your comments is this: Most of the people show a big uptime. 100 days, 400 days, 500 days, even more than a 1000 days! So many people do this. It proves, how stable a good system can be and it also shows the great work of the developers. If I compare it to other commercial systems (aka Windows). you can see the high quality, what people can do, if they like and have fun, what they are doing. Money is no garant for quality. It is freedom, it is fun and it is motivation. So let's all work together, to keep these things. Let us say to all developers and their helpers: Thank you very much for all the work and help we got from you!!! Best regards Hans -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201304191910.56696.hans.ullr...@loop.de Windows web servers (IIS) *need* to be rebooted nightly. Initially I thought that was only true for IIS 5/6. However it turns out you'll have to go back to the old habits also on the new and improved IIS 7 and 7.5. :-) Is it bad code of the developers who write the sites? Is it the same old habits of the developers writing IIS, or the program managers who deliver IIS? I have no idea. Thing is that on heavily used systems things go bad and they magically start working again after a reboot. Worst than this (maybe?) is that I'm starting to get the impression that clustered hyper-v servers might also need scheduled reboots. :-) And I have a Raspberry PI with Debian with an uptime of more than 100 days. True, I'm only using it as an bind+dhcp server but still.. Long live Debian and the philosophy behind it! -- Sent from my Brick (TM)
Re: what's your Debian uptime?
On 4/19/13, Zenaan Harkness z...@freedbms.net wrote: On 4/19/13, Jonathan Dowland j...@debian.org wrote: On Thu, Apr 18, 2013 at 10:31:35PM -0500, Stan Hoeppner wrote: This isn't a manhood measurement contest. Let's avoid alienating some debian-user readers with such language. Oh, c'mon! Grow some ovaries already... :) Was this comment of mine problematic? Perhaps non-inclusive of _ _ _? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caosgnsq4gsqhs5mn8r_ybcvdac8n1mjyur3onhgkcjkmdjm...@mail.gmail.com
Re: what's your Debian uptime?
On 04/17/2013 01:22 PM, Kevin Chadwick wrote: Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44 So you are over a year behind in installing security updates for the kernel. (I know, if your machine doesn't have untrusted users and is well removed or disconnected from the internet, then that doesn't really matter). This must not be so. Look, In my case I used a self compiled kernel, with very few modules. And as the only security holes have been in kernel modules, I did not compile, I needed not to install a new kernel. Those modules were just not existent. KISS-style. It makes things more secure! If you use a minimal config then I could believe that but bear in mind Linus famous words of a bugs a bug. Having looked for security issues in a timely manner myself and having heard someone being very vocal about a security related too like polkit having had atleast one security bug fixed silently. I would still update. I wondered about ksplice once but I believe security restrictions, perhaps grsecurity prevented it from being used which made sense to me. OpenBSD has only had something like two holes in over a decade which is nice for uptime. If i am not mistaken, The OpenBSD Team recommends a clean installation every 6 month. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/516fab51.9010...@gmail.com
Re: what's your Debian uptime?
On Thu, 18 Apr 2013, agroconsultor0 wrote: On 04/17/2013 01:22 PM, Kevin Chadwick wrote: [snip] OpenBSD has only had something like two holes in over a decade which is nice for uptime. If i am not mistaken, The OpenBSD Team recommends a clean installation every 6 month. For users following -stable instead of -current, the support goes back two releases which means about 12 to 18 months, since the releases have been every 6 months: http://www.openbsd.org/faq/faq5.html#Flavors So that would tend to limit the uptime. Regards, /Lars -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/alpine.bso.2.03.1304181125250.25...@gmail.com
Re: what's your Debian uptime?
On Wed, Apr 17, 2013 at 10:43:27PM +0200, Hans-J. Ullrich wrote: It is interesting. Whenever I someone is telling of big uptime, the arguiment is: [cut] 2. Security issues But a kernel can stay very, verry long time. On machines, where you do not change hard or software (i.e. new filesystems like btrfs), an old kernel will work perfectly. Security issues, which affect modules, but not the kernel itself, may not cause the need of a new kernel. When people lik me and others on this list, are using a very small kernel, with minimalistic modules, and the security issues affect modules, which are not built nor installed, then there is no need, to install a new kernel. Out of curiosity, where is the evidence for this FUD that people are coming up with that the kernel core CANNOT have a security issue? Presumably, the argument is that if I do make allno and install that kernel, then there is NO CONCEIVABLE exploit in that code? So it is wrong to conclude and to say: Hey, your uptime is high, this concludes to an unsecure host due to an old kernel. To say so, is a big mistake! Just to clear things. :) Anyway, let's have fun at hacking. signature.asc Description: Digital signature
Re: what's your Debian uptime?
On 2013-04-17 17:22:32 +1030, John Elliot wrote: $ uptime 16:51:12 up 1136 days, 17:01, 1 user, load average: 0.22, 0.12, 0.08 I got on 2012-11-01: 10:48:16 up 1150 days, 8:00, 1 user, load average: 0.83, 0.69, 0.31 But then there was a disk failure and the machine is no longer working. -- Vincent Lefèvre vinc...@vinc17.net - Web: http://www.vinc17.net/ 100% accessible validated (X)HTML - Blog: http://www.vinc17.net/blog/ Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130418115941.ga9...@xvii.vinc17.org
Re: what's your Debian uptime?
Eduardo M KALINOWSKI wrote: Not really. uptime reports the amount of time elapsed since the system was booted, but I've noticed it is not paused for suspend and hibernation. Yes: $ uprecords # Uptime | System Boot up +--- - 1 113 days, 22:25:35 | Linux 3.2.0-4-amd64 Tue Dec 25 14:09:42 2012 +--- NewRec 113 days, 22:25:34 | since Tue Dec 25 14:09:42 2012 up 113 days, 22:25:35 | since Tue Dec 25 14:09:42 2012 down 0 days, 00:00:00 | since Tue Dec 25 14:09:42 2012 %up 100.000 | since Tue Dec 25 14:09:42 2012 I must have rebooted it on Christmas day. It has definely not been switched on for 113 days. My SSD reports 949 power on hours (=~ 1 month), and I'm fairly sure I fitted it before Christmas. On Wed, Apr 17, 2013 at 09:19:34PM -0500, Hugo Vanwoerkom wrote: Correct. Should that not be corrected? My desktop now says: Corrected to what? Uptime means time elapsed since the kernel was started and suspending or resuming doesn't really change that. It's also a rather old and useless figure so I don't see the point in trying to make it more accurate. For VMs, you could wonder whether context switches on a contended core should be accounted for (and how) Just checked my VPS: 13:40:10 up 401 days, 8:20, 9 users, load average: 0.01, 0.06, 0.08 Although I'm not proud of that, it's high time it was rebooted, most likely. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130418124403.GA26880@debian
Re: what's your Debian uptime?
On Wed, Apr 17, 2013 at 09:22:18PM +0100, Kevin Chadwick wrote: OpenBSD has only had something like two holes in over a decade which is nice for uptime. Two holes in the default install, which is a very different thing to two holes in the entire distribution. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130418124519.GB26880@debian
Re: what's your Debian uptime?
Darac Marjal wrote at 2013-04-18 04:05 -0500: On Wed, Apr 17, 2013 at 10:43:27PM +0200, Hans-J. Ullrich wrote: Security issues, which affect modules, but not the kernel itself, may not cause the need of a new kernel. When people lik me and others on this list, are using a very small kernel, with minimalistic modules, and the security issues affect modules, which are not built nor installed, then there is no need, to install a new kernel. Out of curiosity, where is the evidence for this FUD that people are coming up with that the kernel core CANNOT have a security issue? I think that what Hans wrote above is ambiguous, I assume Hans meant [Those] security issues which affect modules… signature.asc Description: Digital signature
Re: what's your Debian uptime?
Am Mittwoch, 17. April 2013 schrieb Jonathan Dowland: My laptop is at 112 days. Of course it hasn't actually been on all of those days. Had about 200 days on a hibernating workstation at work. And its nice in Juni or July to type who and see 18 Apr as login time for display :0 :) Ciao, -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201304181600.41555.mar...@lichtvoll.de
Re: what's your Debian uptime?
Am Mittwoch, 17. April 2013 schrieb Stan Hoeppner: Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44 mondschein:~ uprecords # Uptime | System Boot up +--- 1 313 days, 00:52:07 | Linux 2.6.32-5-686Wed Nov 3 10:09:32 2010 2 304 days, 02:44:25 | Linux 2.6.26-2-686Fri Nov 6 10:34:34 2009 3 131 days, 16:18:28 | Linux 2.6.32-5-686Sat Aug 18 21:12:12 2012 4 125 days, 22:49:38 | Linux 2.6.32-5-686Mon Sep 12 12:05:28 2011 5 111 days, 19:45:52 | Linux 2.6.26-1-686Mon Mar 2 14:54:11 2009 695 days, 20:31:59 | Linux 2.6.32-5-686Wed Mar 28 12:45:40 2012 780 days, 19:53:49 | Linux 2.6.24-etchnhalf.1 Mon Jul 28 16:29:43 2008 859 days, 03:17:38 | Linux 2.6.32-5-686Sun Jan 29 08:26:32 2012 957 days, 14:33:14 | Linux 2.6.32-5-686Mon Sep 6 20:35:51 2010 - 1051 days, 04:27:26 | Linux 3.2.0-4-686-pae Tue Feb 26 10:32:50 2013 +--- 1up in 6 days, 10:05:49 | atThu Apr 25 02:06:03 2013 no1 in 261 days, 20:24:42 | atSun Jan 5 11:24:56 2014 up 1694 days, 09:48:3 | since Mon Jul 28 16:29:43 2008 down30 days, 13:42:01 | since Mon Jul 28 16:29:43 2008 %up 98.228 | since Mon Jul 28 16:29:43 2008 But anyway, why are you interested in that? %up is nasty, but this is just my private play box and I converted it to a completely different LVM and Ext4 filesystem and had several dist-upgrades in between. But still, I am pretty sure this machine has never been down for 30 days since 2008. If 30/1694*24*60 is correct formular, then this would mean in average 25 minutes downtime per day. I would have noticed it. I removed uptimed from my laptops. The uptimed author does not want to use fsync() in critical places and it lost uptimes every now when I had a crash due to experimental kernels and stuff. Maybe on my server it had a data loss as well. Largest notebook uptime was about 105 days I think. -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201304181612.29962.mar...@lichtvoll.de
Re: what's your Debian uptime?
Am Donnerstag, 18. April 2013 schrieb Vincent Lefevre: On 2013-04-17 17:22:32 +1030, John Elliot wrote: $ uptime 16:51:12 up 1136 days, 17:01, 1 user, load average: 0.22, 0.12, 0.08 I got on 2012-11-01: 10:48:16 up 1150 days, 8:00, 1 user, load average: 0.83, 0.69, 0.31 But then there was a disk failure and the machine is no longer working. Impressive :) A machine at work which we forgot about had more than 1200 days. But had some hardware failure shortly later as well. I think I have the uptime output somewhere. -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201304181614.39968.mar...@lichtvoll.de
Re: what's your Debian uptime?
On Thursday 18 April 2013 14:33:51 green wrote: Darac Marjal wrote at 2013-04-18 04:05 -0500: On Wed, Apr 17, 2013 at 10:43:27PM +0200, Hans-J. Ullrich wrote: Security issues, which affect modules, but not the kernel itself, may not cause the need of a new kernel. When people lik me and others on this list, are using a very small kernel, with minimalistic modules, and the security issues affect modules, which are not built nor installed, then there is no need, to install a new kernel. Out of curiosity, where is the evidence for this FUD that people are coming up with that the kernel core CANNOT have a security issue? I think that what Hans wrote above is ambiguous, I assume Hans meant [Those] security issues which affect modules… It is as you say ambiguous. I took him to mean Security issues do not affect the kernel (ever), so security updates can never be required for a bare kernel. They are only required if they affect the particular modules which are compiled on that kernel. And I had a job not being ambiguous myself. I hope that I have succeeded. I am very ignorant about kernels and was interested to learn that the kernel itself has no security problems; especially as I thought that there had been an exploit a couple of years ago, which necessitated temporarily shutting the site down. Having just Googled, I find the info on that exploit ambiguous too as to the risk to the core of the kernel. So I am still none the wiser. :-( Lisi -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201304181605.43616.lisi.re...@gmail.com
Re: what's your Debian uptime?
Martin Steigerwald wrote: Am Donnerstag, 18. April 2013 schrieb Vincent Lefevre: On 2013-04-17 17:22:32 +1030, John Elliot wrote: $ uptime 16:51:12 up 1136 days, 17:01, 1 user, load average: 0.22, 0.12, 0.08 I got on 2012-11-01: 10:48:16 up 1150 days, 8:00, 1 user, load average: 0.83, 0.69, 0.31 But then there was a disk failure and the machine is no longer working. Impressive :) A machine at work which we forgot about had more than 1200 days. But had some hardware failure shortly later as well. I think I have the uptime output somewhere. I no longer have the verbatim uptime output but on a machine that had been mostly abandoned I find an email from me to the tech group that it had been up for 1221 days when I started looking at it. It needed someone to give it some love and attention. But It was still doing BIND9 DNS resolving successfully and I could log in fine. It was running Sarge. I was shocked by how long it had been abandoned. I rebooted it and upgraded it to Lenny and then to Squeeze. The uptime now is only 30 days since I last rebooted it for the recent new kernel upgrade. In that same old email I mentioned a sibling to it that had been up 524 days. I also rebooted and upgraded it. I routinely see VMs that are running over a year between reboots. But I see that as of a sign of abandonment. I don't think uptime challenges are useful. It makes people want to do something that they shouldn't want to do. When kernel security upgrades come along just install them and reboot. Human made machines of all types have been running for a very long time and it just isn't productive or useful to try to go for a record. On the humor side though I rememeber a story about a guy who moved his apartment. His machine was on a UPS. He determined a way to borrow a second UPS and daisy chain them for more uptime and then drove like a madman halfway to his new place where he had previously scouted and found a public power outlet. He stopped and charged both UPSes up again. Then drove the rest of the way to his new place. The UPS alarm was sounding the entire way. All of this just so as to preserve his uptime. Bob signature.asc Description: Digital signature
Re: what's your Debian uptime?
On Thu, Apr 18, 2013 at 10:56:53AM -0600, Bob Proulx wrote: I don't think uptime challenges are useful. It makes people want to do something that they shouldn't want to do. When kernel security upgrades come along just install them and reboot. Human made machines of all types have been running for a very long time and it just isn't productive or useful to try to go for a record. The central realization is that machines provide services, and it is the service that needs to be continuously available, not the machine. Load balancers, fail-over, and similar schemes are much more likely to bring long-term success than a carefully tended kspliced single machine, even though the latter is impressive in its own right. -dsr- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130418170439.gb27...@randomstring.org
Re: what's your Debian uptime?
OpenBSD has only had something like two holes in over a decade which is nice for uptime. Two holes in the default install, which is a very different thing to two holes in the entire distribution. It is but you can see the erratas for the whole base system at openbsd.org/errata.html and they are few. There will of course be many unfound bugs but anything included in base receives a good audit before inclusion and some parts a constant one. The default install obviously includes the kernel so I think two exploits in over a decade, one of which was in the over engineered shall we say ipv6 that I have disabled (good practice on OpenBSD too) is very impressive especially when Linus states that there are so many updates every day that bugs are certainly getting in every day. Of course there are benefits to that but it's not security. If I ever run a Linux server for some certain functionality I will certainly apply the grsecurity patch. OpenBSD and linux with the grsec patch have security features that FreeBSD doesn't, even more so on older hardware. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/686045.32367...@smtp143.mail.ird.yahoo.com
Re: what's your Debian uptime?
On the humor side though I rememeber a story about a guy who moved his apartment. His machine was on a UPS. He determined a way to borrow a second UPS and daisy chain them for more uptime and then drove like a madman halfway to his new place where he had previously scouted and found a public power outlet. He stopped and charged both UPSes up again. Well I wouldn't go that far but I have taken the insert of a matchbox cut a slot in it and stuck it over the power button so that when reaching round the back there is no way of holding it down by accident. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/183047.41348...@smtp129.mail.ird.yahoo.com
Re: what's your Debian uptime?
Kevin Chadwick wrote: Well I wouldn't go that far but I have taken the insert of a matchbox cut a slot in it and stuck it over the power button so that when reaching round the back there is no way of holding it down by accident. Protecting the power switch from accidentally switching off is good operating practice. I wouldn't consider that unusual at all. It reminds me of another humorous story... Remember that comedy is someone else's tragedy. During a critical turn-on session while working at a large corporate america company there were three of us working on a new product. This was attached to a rack of computers and test equipment. Schedule was tight and late and expensive. It was quite a tense time. It was long nights and little sleep for days. One of the managers came over to check on the progress. While there he casually put up a hand and leaned against the rack as one might do against a wall. But it wasn't a wall and he pushed against and tripped the big red emergency power off switch on the rack! And we had just gotten everything set up to the point that we were getting past a critical debug item. And of course everything needed to be fsck'd and the case carefully set up again. It cost us a couple of hours at least and after several late nights. Argh! The next day I arrived to see that one of the techs had cut a piece of pvc pipe large enough to surround the switch. The pipe was now fixed around the power switch and protected it from someone leaning up against it. You could still push the button but you had to be intentional about it. For years after that managers were barred from the test lab during product turn-on. Bob signature.asc Description: Digital signature
Re: what's your Debian uptime?
If i am not mistaken, The OpenBSD Team recommends a clean installation every 6 month. For users following -stable instead of -current, the support goes back two releases which means about 12 to 18 months, since the releases have been every 6 months: http://www.openbsd.org/faq/faq5.html#Flavors So that would tend to limit the uptime. Regards, /Lars Yes and No. Supported (help you in case of problems) certainly as the man power simply isn't there to back port and all the devs run current. However things such as firewalls is no problem and even advocated and you can also compile packages very easily (certainly server packages). The kernel is sound so no reboots. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/676261.45729...@smtp156.mail.ir2.yahoo.com
Re: what's your Debian uptime?
On 4/18/2013 11:56 AM, Bob Proulx wrote: I don't think uptime challenges are useful. It makes people want to do something that they shouldn't want to do. Uptime is about continuous availability and reliability of infrastructure, systems, and software, with least disruption to users, and minimizing administrator workload. Hans and I have been speaking from that perspective. This isn't a manhood measurement contest. When kernel security upgrades come along just install them and reboot. First, why would one install such patched code if it's not part of the installed kernel? Second, your methodology doesn't scale. For large scale operations installing new kernel patches every few weeks simply isn't financially feasible/responsible. Even a junior admin's salary is better spent on things other than managing mass kernel upgrades. If one builds minimalist kernels one dramatically decreases frequency of mandatory kernel security patches. The security related flaws are typically in subsystems that are not part of a minimalist kernel. As a parting note I know of Postfix relays that have run continuously for over 6 years with no updates of any kind. A kernel with no TCP/UDP security related code flaws (pretty rare for Linux), Postfix in chroot, TCP 25 open inbound from public network, and TCP 22 open only on the management network. If the hardware and power hold up such a system can run indefinitely without a security exploit and without kernel patches. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5170ba97.2050...@hardwarefreak.com
Re: what's your Debian uptime?
On Tue, 2013-04-16 at 22:59 -0500, Stan Hoeppner wrote: Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44 So you are over a year behind in installing security updates for the kernel. (I know, if your machine doesn't have untrusted users and is well removed or disconnected from the internet, then that doesn't really matter). -- Tixy -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1366178670.3296.4.ca...@computer5.home
Re: what's your Debian uptime?
Am Mittwoch, 17. April 2013 schrieb Tixy: On Tue, 2013-04-16 at 22:59 -0500, Stan Hoeppner wrote: Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44 So you are over a year behind in installing security updates for the kernel. (I know, if your machine doesn't have untrusted users and is well removed or disconnected from the internet, then that doesn't really matter). This must not be so. Look, In my case I used a self compiled kernel, with very few modules. And as the only security holes have been in kernel modules, I did not compile, I needed not to install a new kernel. Those modules were just not existent. KISS-style. It makes things more secure! Hans -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201304170810.34643.hans.ullr...@loop.de
RE: what's your Debian uptime?
$ uptime 16:51:12 up 1136 days, 17:01, 1 user, load average: 0.22, 0.12, 0.08 From: hans.ullr...@loop.de To: debian-user@lists.debian.org Subject: Re: what's your Debian uptime? Date: Wed, 17 Apr 2013 07:58:31 +0200 Am Mittwoch, 17. April 2013 schrieb Stan Hoeppner: Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44 Great, but beat this! More than 500 days. At about 650 days uptime I rebooted accidentlly. See the message from netrcraft. This was a a mailserver, some years ago, running postfix, debian-i386. Best regards Hans --Forwarded Message Attachment-- To: hans.ullr...@loop.de Subject: Congratulations (Uptimed@popeye) Date: Thu, 6 Jul 2006 16:44:26 +0200 From: dae...@popeye.niedersachsen.de Uptimed noticed an uptime event! The uptime of popeye has reached a milestone: 500 days, 00:00:00 (five hundred days) Congratulations! Uptimed author, Rob Kaper r...@robertjohnkaper.com -- This message was automatically generated by Uptimed. Uptimed e-mail notifications can be configured from the uptimed.conf file. For more information visit http://cx.capsi.com/code-uptimed.html.
Re: what's your Debian uptime?
On 4/17/2013 1:10 AM, Hans-J. Ullrich wrote: Am Mittwoch, 17. April 2013 schrieb Tixy: On Tue, 2013-04-16 at 22:59 -0500, Stan Hoeppner wrote: Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44 So you are over a year behind in installing security updates for the kernel. (I know, if your machine doesn't have untrusted users and is well removed or disconnected from the internet, then that doesn't really matter). This must not be so. Look, In my case I used a self compiled kernel, with very few modules. And as the only security holes have been in kernel modules, I did not compile, I needed not to install a new kernel. Those modules were just not existent. KISS-style. It makes things more secure! I build all my server kernels from vanilla source. Not only do I not use modules, but I go a step further removing module support from the kernel entirely. I use SLAB instead of SLUB, and the deadline elevator. I build in disk/network/etc drivers along with the firmware blob. I do not use an init ramdisk. All of my systems have a small boot partition holding the kernel image, config, and map. And I use LILO. My kernels are pretty lightweight, stripped of anything I can identify as unnecessary: -rw-r--r-- 1 root root 605K Feb 20 2012 System.map-3.2.6 -rw-r--r-- 1 root root 38K Feb 20 2012 config-3.2.6 -rw-r--r-- 1 root root 1.7M Feb 20 2012 vmlinuz-3.2.6 Normally I build new kernels about every 6 months, but I've been holding back for a bit as 3.2.6 has been working very well, and I don't want to get my kernel too far ahead of my userspace. For example, the bleeding edge XFS kernel code doesn't particularly like many years old xfsprogs. I'll probably bump up to 3.8.x after Wheezy finally ships. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/516e6535.7030...@hardwarefreak.com
RE: what's your Debian uptime?
Hello hans, Am Mittwoch, 17. April 2013 schrieb Stan Hoeppner: Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44 Great, but beat this! More than 500 days. At about 650 days uptime I rebooted accidentlly. See the message from netrcraft. This was a a mailserver, some years ago, running postfix, debian-i386. Now I applaud a long uptime but... After a kernel upgrade or a Debian point release one must or should do a reboot or the updates are not applied so Someone running an uptime of 400+ days probably never applied any of the kernel or libX patches. If that is wise ? I do server updates when the Debian patches are released, usually within 2 days. Using checkrestart form the debian-goodies I test which services I need to restart, if any. After a kernel update I do a reboot of the server, after a point release usually too. I remember from the good old Novell Netware days that we had uptime contests too, some well over 2 years, posting screenshots to prove it. Untill someone found out how to manipulate the timer and posted an uptime longer then the existence of Novell netware. ;-) Bonno Bloksma
Re: what's your Debian uptime?
My laptop is at 112 days. Of course it hasn't actually been on all of those days. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130417115728.GE19117@debian
Re: what's your Debian uptime?
On Wed, 17 Apr 2013 09:59:45 + Bonno Bloksma b.blok...@tio.nl wrote: Hello Bonno, Now I applaud a long uptime but... After a kernel upgrade or a Debian point release one must or should do a reboot or the updates are not applied so.. ksplice can be used for security patching the kernel. This goes some way in mitigating the hazard of not rebooting. Of course, at some point the kernel will quite likely have to be updated. With careful consideration, it needn't be detrimental. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent If Adolf Hitler flew in today, they'd send a limousine anyway (White Man) In Hammersmith Palais - The Clash signature.asc Description: PGP signature
Re: what's your Debian uptime?
On 4/17/13 3:12 PM, Brad Rogers wrote: [snip] ksplice can be used for security patching the kernel. [snip] What's the status of ksplice in Debian? Oracle hasn't been the best steward for the other FOSS projects and it's been a while since ksplice was in the news. Regards, /Lars -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/516eb409.2040...@gmail.com
Re: what's your Debian uptime?
Lars Noodén: Oracle hasn't been the best steward for the other FOSS projects […] You are hereby given the Understatement of the Year Award! J. -- I have been manipulated and permanently distorted. [Agree] [Disagree] http://www.slowlydownward.com/NODATA/data_enter2.html signature.asc Description: Digital signature
Re: what's your Debian uptime?
On Wed, 17 Apr 2013 17:41:12 +0300 (EEST) Lars Noodén lars.noo...@gmail.com wrote: Hello Lars, What's the status of ksplice in Debian? Oracle hasn't been the best TBH, I don't know. It's in testing at v0.9.9-4. How that compares with upstream, I'm not sure, as the Oracle web site seems reluctant to let me find out. I had a passing interest in ksplice a few years ago, but as all my machines are shut off overnight, it was never really used here. -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent What do you call that noise, that you put on? This Is Pop - XTC signature.asc Description: PGP signature
Re: what's your Debian uptime?
On Wed, 17 Apr 2013 18:24:33 +0200 Jochen Spieker m...@well-adjusted.de wrote: Hello Jochen, Lars Noodén: Oracle hasn't been the best steward for the other FOSS projects […] You are hereby given the Understatement of the Year Award! :-)) -- Regards _ / ) The blindingly obvious is / _)radnever immediately apparent I am alone there's nobody there I Look Alone - Buzzcocks signature.asc Description: PGP signature
Re: what's your Debian uptime?
On Wed, 17 Apr 2013, Brad Rogers wrote: On Wed, 17 Apr 2013 17:41:12 +0300 (EEST) Lars Noodén lars.noo...@gmail.com wrote: Hello Lars, What's the status of ksplice in Debian? Oracle hasn't been the best TBH, I don't know. It's in testing at v0.9.9-4. How that compares with upstream, I'm not sure, as the Oracle web site seems reluctant to let me find out. [snip] From what I find online, 0.9.9-4 is from 2009. www.ksplice.com doesn't have much about the GPL version any more, if they ever did. They do have some binaries of 1.2.9 (according to the one sample I downloaded) for several Ubuntu and Fedora versions. Regards, /Lars
Re: what's your Debian uptime?
Jonathan Dowland wrote: My laptop is at 112 days. Of course it hasn't actually been on all of those days. If that is the kernel reported uptime then I think it has been on all of those reported uptime days. I believe linux only accrues uptime when it is on and running. Suspended it will pause the uptime. Resumed it will start ticking again. The wallclock time for you would be much longer. Bob signature.asc Description: Digital signature
Re: what's your Debian uptime?
On Qua, 17 Abr 2013, Bob Proulx wrote: I believe linux only accrues uptime when it is on and running. Suspended it will pause the uptime. Resumed it will start ticking again. Not really. uptime reports the amount of time elapsed since the system was booted, but I've noticed it is not paused for suspend and hibernation. -- When you become used to never being alone, you may consider yourself Americanized. Eduardo M KALINOWSKI edua...@kalinowski.com.br -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130417173120.horde.qza40zzid0z3hrlqbkvc...@mail.kalinowski.com.br
Re: what's your Debian uptime?
Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44 So you are over a year behind in installing security updates for the kernel. (I know, if your machine doesn't have untrusted users and is well removed or disconnected from the internet, then that doesn't really matter). This must not be so. Look, In my case I used a self compiled kernel, with very few modules. And as the only security holes have been in kernel modules, I did not compile, I needed not to install a new kernel. Those modules were just not existent. KISS-style. It makes things more secure! If you use a minimal config then I could believe that but bear in mind Linus famous words of a bugs a bug. Having looked for security issues in a timely manner myself and having heard someone being very vocal about a security related too like polkit having had atleast one security bug fixed silently. I would still update. I wondered about ksplice once but I believe security restrictions, perhaps grsecurity prevented it from being used which made sense to me. OpenBSD has only had something like two holes in over a decade which is nice for uptime. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___ -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/801742.38916...@smtp152.mail.ir2.yahoo.com
Re: what's your Debian uptime?
It is interesting. Whenever I someone is telling of big uptime, the arguiment is: Your server can not be secure! You have an old kernel! You MUST install/update the newest kernel and of course reboot. But this is not correct. For which reason a new kernel is necessary? 1. If there are extrem changes in the environment (unsupported new hardware or major software changes) 2. Security issues But a kernel can stay very, verry long time. On machines, where you do not change hard or software (i.e. new filesystems like btrfs), an old kernel will work perfectly. Security issues, which affect modules, but not the kernel itself, may not cause the need of a new kernel. When people lik me and others on this list, are using a very small kernel, with minimalistic modules, and the security issues affect modules, which are not built nor installed, then there is no need, to install a new kernel. So it is wrong to conclude and to say: Hey, your uptime is high, this concludes to an unsecure host due to an old kernel. To say so, is a big mistake! Just to clear things. :) Anyway, let's have fun at hacking. Best regards Hans -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201304172243.28312.hans.ullr...@loop.de
Re: what's your Debian uptime?
I agree with Hans. For instance, I had a sid box back in the day which was my dhcp server (an old laptop). It was behind a firewall, and not accessible from the internet. (I know, no security is 100%, but i have defense in depth.) Plus, I too had built a minimal kernel. In any case, my record is somewhere around 700 days, just short of 2 years. Then we had a power outage that burned through the UPS and the laptop battery... On Wed, Apr 17, 2013 at 4:43 PM, Hans-J. Ullrich hans.ullr...@loop.dewrote: It is interesting. Whenever I someone is telling of big uptime, the arguiment is: Your server can not be secure! You have an old kernel! You MUST install/update the newest kernel and of course reboot. But this is not correct. For which reason a new kernel is necessary? 1. If there are extrem changes in the environment (unsupported new hardware or major software changes) 2. Security issues But a kernel can stay very, verry long time. On machines, where you do not change hard or software (i.e. new filesystems like btrfs), an old kernel will work perfectly. Security issues, which affect modules, but not the kernel itself, may not cause the need of a new kernel. When people lik me and others on this list, are using a very small kernel, with minimalistic modules, and the security issues affect modules, which are not built nor installed, then there is no need, to install a new kernel. So it is wrong to conclude and to say: Hey, your uptime is high, this concludes to an unsecure host due to an old kernel. To say so, is a big mistake! Just to clear things. :) Anyway, let's have fun at hacking. Best regards Hans -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201304172243.28312.hans.ullr...@loop.de
Re: what's your Debian uptime?
Eduardo M KALINOWSKI wrote: On Qua, 17 Abr 2013, Bob Proulx wrote: I believe linux only accrues uptime when it is on and running. Suspended it will pause the uptime. Resumed it will start ticking again. Not really. uptime reports the amount of time elapsed since the system was booted, but I've noticed it is not paused for suspend and hibernation. Correct. Should that not be corrected? My desktop now says: 21:08:11 up 7 days, 10:15, 11 users, load average: 0.13, 0.17, 0.23 but when I look at the uptime graph it actually was running only some 51 hours and was hibernated 15 times, like so: http://uppix.net/d/0/b/dd3224cffef7cfcb34491997b6844.jpg (the red triangles are when the system was booted. color signifies CPU temp.) Hugo -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/kknl7j$7ug$1...@ger.gmane.org
Re: what's your Debian uptime?
On Wed, 17 Apr 2013 04:02:45 -0500 Stan Hoeppner s...@hardwarefreak.com wrote: On 4/17/2013 1:10 AM, Hans-J. Ullrich wrote: Am Mittwoch, 17. April 2013 schrieb Tixy: On Tue, 2013-04-16 at 22:59 -0500, Stan Hoeppner wrote: Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44 So you are over a year behind in installing security updates for the kernel. (I know, if your machine doesn't have untrusted users and is well removed or disconnected from the internet, then that doesn't really matter). This must not be so. Look, In my case I used a self compiled kernel, with very few modules. And as the only security holes have been in kernel modules, I did not compile, I needed not to install a new kernel. Those modules were just not existent. KISS-style. It makes things more secure! I build all my server kernels from vanilla source. Not only do I not use modules, but I go a step further removing module support from the kernel entirely. I use SLAB instead of SLUB, and the deadline elevator. I build in disk/network/etc drivers along with the firmware blob. I do not use an init ramdisk. All of my systems have a small boot partition holding the kernel image, config, and map. And I use LILO. My kernels are pretty lightweight, stripped of anything I can identify as unnecessary: -rw-r--r-- 1 root root 605K Feb 20 2012 System.map-3.2.6 -rw-r--r-- 1 root root 38K Feb 20 2012 config-3.2.6 -rw-r--r-- 1 root root 1.7M Feb 20 2012 vmlinuz-3.2.6 Normally I build new kernels about every 6 months, but I've been holding back for a bit as 3.2.6 has been working very well, and I don't want to get my kernel too far ahead of my userspace. For example, the bleeding edge XFS kernel code doesn't particularly like many years old xfsprogs. I'll probably bump up to 3.8.x after Wheezy finally ships. Since 3.2.6, Greg KH has released at least these updates, all of which he has accompanied with the unequivocal instructions that All users of the 3.2 kernel series should upgrade.: http://lkml.org/lkml/2012/2/20/410 http://lkml.org/lkml/2012/2/29/544 http://lkml.org/lkml/2012/3/12/414 http://lkml.org/lkml/2012/3/19/450 http://lkml.org/lkml/2012/3/23/293 http://lkml.org/lkml/2012/4/2/331 http://lkml.org/lkml/2012/4/13/271 http://lkml.org/lkml/2012/4/22/123 [At this point, maintenance of the 3.2.x branch was taken over by Ben Hutchings.] I can see three possibilities: A) You have carefully reviewed all the code changes in each update, and determined that none of them apply to your configuration. B) You disagree with Greg about the imperative nature of these updates. C) You concede that you're running known buggy / insecure kernel code, but you believe that your security and networking model isolates you from any realistic possibility of exploitation. I, too, run self-compiled vanilla sources, in a pretty stripped down configuration, albeit not quite as spare as yours: $ ls -l /boot | grep vmlinuz -rw-r--r-- 1 root root 2864400 Apr 8 06:42 vmlinuz-3.2.0-0.bpo.4-amd64 -rw-r--r-- 1 root root 2000736 Apr 14 21:22 vmlinuz-3.4.40 I'm running the 3.4.x branch, and following Greg's instructions, I wind up updating the kernel something like biweekly. Celejar -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130417225918.22d63709.cele...@gmail.com
Re: what's your Debian uptime?
Linux STRUMMER 2.6.26-2-amd64 #1 SMP Wed Sep 21 03:36:44 UTC 2011 x86_64 GNU/Linux 22:46:24 up 272 days, 14:08, 2 users, load average: 1.00, 1.10, 1.07 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/kknp41$87q$1...@ger.gmane.org
what's your Debian uptime?
Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44 -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/516e1e31.6000...@hardwarefreak.com
Re: what's your Debian uptime?
Am Mittwoch, 17. April 2013 schrieb Stan Hoeppner: Linux greer 3.2.6 #1 SMP Mon Feb 20 17:05:10 CST 2012 i686 GNU/Linux 22:35:31 up 412 days, 10:05, 1 user, load average: 1.18, 0.97, 0.44 Great, but beat this! More than 500 days. At about 650 days uptime I rebooted accidentlly. See the message from netrcraft. This was a a mailserver, some years ago, running postfix, debian-i386. Best regards Hans ---BeginMessage--- Uptimed noticed an uptime event! The uptime of popeye has reached a milestone: 500 days, 00:00:00 (five hundred days) Congratulations! Uptimed author, Rob Kaper r...@robertjohnkaper.com -- This message was automatically generated by Uptimed. Uptimed e-mail notifications can be configured from the uptimed.conf file. For more information visit http://cx.capsi.com/code-uptimed.html. ---End Message---