Domain: linuxmafia.org
Stories and comments across the archive that link to linuxmafia.org.
Comments · 20
-
Re:buildroot busybox uclibc
[crap. had a less than that i didn't entityize correctly. apologies for screwed up parent post]
If you want to build your own using a prepackaged set of tools, I strongly suggest using buildroot.
My firewalls are all diskless boot machines (they pull their image from a server that's on a private network), so size *does* matter to me. Having the full development environment simply is not an option.
As others have pointed out, having gcc on your firewall isn't going to provide you with a great deal of security. Just another (and a tiny one, at that) hoop to jump through. If they can root your box, then they can upload a compiler (or, more likely, a precompiled binary).
I use buildroot to compile my system. I have to tweak the make scripts, but I can get openssh/iptables and a bootable system compiled in a <6MB image. (it can be made smaller, but I've got logging and other stuff on there).
I also have a modified version of gshield which generates a script that I can edit to use as my firewall.rc. (I don't actually use ghield as the firewall, just capture the commands that it would have executed to create the ruleset at runtime)
Best of luck.
-
gShield is very good
gShield is a nice package that uses well-commented config files and scripts to setup an iptables firewall. Quote from page:
support for multiple NATs, configurable public service access, access control lists, routable protection, DMZ support, port-forwarding, MAC-specific filtering, configurable outgoing filtering, blacklists, support for transparent proxy, QoS marking of common transports and more.
I use it at work and at home. One caveat since you are using Mandrake: gShield.rc is not a SysVinit script, so /sbin/ntsysv (or whatever SysVinit config tool you are using)will not be able to configure it into runlevels without modification. Personally, I am running it out of rc.local. -
gShield
Slightly OT, since I didn't upgrade, but rolled a new firewall into service. gShield is very nice for configuring your ruleset. It uses a configuration file that is very easy to read, and very well commented.
-
Re:And it won't die any time soon
Also, for many more Slackware packages, head over to LinuxMafia, "Slack Pack Central".
-
Package management debate
I have always found the whole "Slackware has no package maintenance tools" debate to be a joke. I mean, give me a break. If you want to use a package system, and you can't figure out pkgtool and removepkg, you've got problems. I don't care what distros package management system you are using, if you are counting on it to not totally screw up your system and not backing up your data, you are a braver person than I am. Besides, if the stuff at linuxmafia isn't your cup of tea, you should be capable of compiling your own stuff. Slack is a highly stable distro with a firm base and a package management system that works perfectly well.
-
Stone Age?
I see the misconception of Slackware being an antiquated, outdated operating system still exists. Remember, that idea died with the introduction of 7.0 and GLIBC2. The fact is that Slackware now stands among the most feature-filled and up to date Linux distributions, and it's damn cool at the same time.
Avoid associating a worthwhile operating system with one that carries a package manager or method of keeping the system updated automatically. Slackware maintains its position as a niche distro outside the general hoi polloi fanfare. And it has BSD-style inits! I've lost count on how many times I've had to fix X servers or busted simlinks for users brought up on the Redhat philosophy. But don't get me wrong; Redhat may not neccessarily be bad, but simply different.
Threads like this almost serve to convince people that Slackware dying is the case. If I recall, Slackware still runs on a fair number of servers on the 'net. Simplicity is art, and Slackware ships with all the fluff cut out. Thanks, Pat!
Y'all need to join the family.
An anonymous, Slackware-using coward. -
Slackware will live onAs long as Linuxmafia exists, Slackware can never die. If there is an interest (there is) people will make their own
.tgz packages to keep Slackware current. And, there's always the option of compiling from source yourself.Long Live Slackware!
-
Re:Slackware is below the horizon
However, the lack of package management holds it back
This is a common misconception. pkgtool makes it very easy to add, update, and remove packages, and the simple package format makes it easy to make your own. In combination with installwatch and install2slack, maintaining multiple machines is a no-brainer.
If you want pre-built packages for slackware, you might try linuxmafia, where you can find contributed packages for a wide variety of software.
Now, if you mean that slackware's package management system doesn't check dependancies, you'd be right. It's not as if it doesn't exist, though.
-
Slackware Forever!
Slither hither, ye hapless Redhat user!
And when you're done with that, join the clan! -
It's Time
Nobody can accuse them of jumping into this. It's something that they have worked toward for years now and 0.9.5 has added some great features without hurting the current level of stability. This can only be good for the project.
Disclaimer: I use Galeon, so my main interest in Moz is Gecko to power the latest Galeon release. I do ride the lizard now and then just to see what they've done though. With the tabbed windows, they've almost caught up with Galeon.
:)A note for fellow Slackers, Mozilla 0.9.5 has been up for a couple days and Galeon 0.12.4 is worth snagging as well.
-
Server level
We have a couple of Linux boxes running now on the back end. Our firewall is running kernel 2.4.x to get the improvements netfilter brings. gShield is a great tool for firewall control. Don't edit the config files with Notepad or Wordpad, though.
We have a dedicated PC at our hosting company, a RAQ4 w/Apache.
On the desktop, we are stuck with MS. Most of the software we use for our business, (insurance) is provided as part of our contracts with the insurance companies. We don't rate and quote insurance with the software they provide, they don't do business with us. We are stuck for the moment. In the future, though, we may be able to make some changes. Many of hte companies we do business with are moving to "web" apps, or Metaframe/Terminal Server scenarios. -
Those aren't the only errors!
Look what he says about Slackware 7.1:
"At the release of 7.1, not only does Slackware include XFree86 4.0, but also KDE 2.0 (beta), Kernel 2.4 (test), and Perl 5.6. While none of the other options will cause much of a problem (as they are in the unstable tree), Perl 5.6 causes some big problems. Still, this is just one problem, and unless you actually run Perl, this won't affect you."
Which is false. Slack 7.1 uses 2.2.17, XF 3.3.6, KDE 1.1.2. Anly the Perl part is close to accurate. But Perl 5.6 works creat at running Kuro5hin, so you have to wender. If at least two distro parts were way off base, who's to say they're all not wrong in same way (which I naturally would not know since I'm reading the article to familiarize myself with them!).
(Note: yeah, some of the stuff he mentioned is in contrib, but they are not reallf useable packages -- LinuxMafia has better packages.)
-- -
Re:Updating GnomeWell, you can always try the sources. Just remember to add the --prefix=/usr when running the
./configure.If you really really want the slackware packages, wait for it on LinuxMafia.
-
Re:Why...?
Stability...
Quoted from the slackware.com site:
"Slackware [is] .. designed with the twin goals of ease of use and stability as top priorities."
Bleeding edge isn't top priority .. stability is.
If you want XFree86-4.0.2 in Slackware ... install the .tgz yourself.
If you want the 2.4.x kernel ... compile/install it yourself. -
The Digital Video Interface - DVI
This one is quite scary, with an encrypted signal leaving your computer to your monitor. See http://www.digital-cp.com/.
All new monitors have both analog/DVI inputs. Eventually new monitors will have only DVI inputs, and computers only DVI outputs. This will force countless computer upgrades, as making a box to decode the DVI to run to analog will be illegal under the DMCA. So, summarily we have;
1) Our right to "reverse engineer" stripped away form us,
2) Software that will control what we see and when we see it, taking away any last remnant of "first sale" rights,
3) People who can not afford to purchase "the right equipment" left further behind and denied access to what others are seeing and using,
4) As copyright law is "primarily defined by use" it will become accepted business practice to charge a "per use" fee for everything, including public domain material like "facts" (i.e. phone books)
5) Richard Stallman's right to read scenario becomes reality.
To say this comes from the pits of hell is an understatement. -
Re:Proof that Slackware isn't dead.
I assume you know about installwatch. Linuxmafia has a "unofficial" version with an added script for the Slackware packaging system; makes installation from source a breeze, along with updating the package database and easy uninstall via the standard Slack pkgtool/removepkg. It's as simple as:
./configure
make
su
installwatch -o logfile make install
inst2slack logfile -
Re:The best distribution
...except if you use installwatch (search for it on freshmeat). I've been doing all my installs on Slackware from source via installwatch for about a year now, and I love it. Uninstalling is a breeze! No more old versions around, etc. The Slackware-specific version is at Linuxmafia.
-
Tried Slackware?
Well, yeah, anyone putting a stock RedHat box on the net is an idiot. Anyone putting a stock *anything* box on the net is probably an idiot too.
;^)However it's true that RedHat is particularly bad - that doesn't mean Linux is bad - RedHat != Linux. If you want a Linux distro that is reasonably secure by default, give Slack a try. I know it gets a bad rap for supposedly being hard to install, but 1) if you are using OBSD already that's surely not a concern for you and 2) when I finally gave it a try, I found it to be little if any harder to install than RedHat or Mandrake were anyway. The selection of packages available with the native package management system is smaller than the RPM collection, of course, but it usually includes all the important stuff and is very up to date - check out LinuxMafia if you need something that isn't included. Plus you can always compile yourself, use the included rpm conversion tools (rpms usually but not always will work fine after a quick conversion) or even install RPM if you want to. YMMV, but I've found Slack to provide a very nice middle ground between OBSD and RedHat.
-
Why packages? Slackware works!My experience with Redhat and Mandrake gave me these same problems. Eventually the frustration took control of me, and I decided to go to another distro. Since I couldn't manage to get Debian running, I eventually went with slackware instead. In slackware, there are no packages per se. Every piece of software is just a tgz. However, it is possible for newbies (like me) to treat them exactly like packages! The included program, pkgtool, is very easy to use, and LinuxMafia.org provides plenty of downloadable files that slackware likes!
My question, therefore, is why we need Debian packages or RPMs. It seems to me that Slackware has managed to create an easy-to-use system that uses only tgz files, a system that all other distros could rather easily import.
-
Re:As if I needed an excuse to avoid GNOME 1.2.0I know this is somewhat offtopic, but WTF..
I actually use Slackware's package facilities quite often. Everytime I compile a new piece of software from scratch (which is usually the only route for slackware users), the first thing I do is to create a corresponding slackware
.tgz package and place it in my package archives.I do this for a lot of reasons. Uninstalling (and sometimes upgrading) software on slackware can be a major pain in the ass. Also, after my system breaks, I have an easy way to get most of my system back in a fairly decent amount of time providing I don't loose the package archive.
Oh, LinuxMafia Package Central has a decent amount of 3rd party slackware packages. In most generic cases, if I can find something there first, I'll end up using it. Gnome 1.2.0 isn't available there yet, but I wouldn't be too surprised if it showed up there soon.