?

Log in

No account? Create an account
entries friends calendar profile my webpage Previous Previous Next Next
In my mailbox this morning... - Tina Marie's Ramblings
Red hair and black leather, my favorite colour scheme...
skywhisperer
skywhisperer
In my mailbox this morning...

Dear TinaMarie,

Thank you for being a Red Hat Network customer.

This e-mail provides you with important information about the upcoming
discontinuation of Red Hat Linux, and resources to assist you with your
migration to another Red Hat solution.

As previously communicated, Red Hat will discontinue maintenance and
errata support for Red Hat Linux 7.1, 7.2, 7.3 and 8.0 as of December
31, 2003. Red Hat will discontinue maintenance and errata support for
Red Hat Linux 9 as of April 30, 2004. Red Hat does not plan to release
another product in the Red Hat Linux line.
....


I hadn't heard anything about this. Did every other geek in the world know, or did they keep it a real secret?

Now I'm really glad I didn't upgrade to 9.

Current Mood: surprised surprised

1 comment or Leave a comment
Comments
alioth1 From: alioth1 Date: November 3rd, 2003 10:12 am (UTC) (Link)

We all knew!

Yes, every other geek knew about it :-)

The new free RedHat product is Fedora Linux (what was going to be RH 10 merged with Fedora). It's not an 'officially supported' RedHat product, but rather, largely community supported. Which, by the way, works very well for Debian.

If you want to keep using the old free versions of RH, you can always support yourself by reading Bugtraq and building packages from source if there's a need.

Personally, I'm completely rearranging the important thing (my servers). My desktop machine will keep running 8.0 (I don't care if it's supported or not, it works, and it's not broken and doesn't need fixing, and has no public services). The servers are exposed big time to the Big Bad Internet. The way I'm rearranging it:

I'm stuck with RH on the physical iron - it's fiddly and risky to try and switch distros remotely so the actual physical box will be stripped of everything except the very basics: ssh (I already use ssh compiled from source), the kernel (which is already my own custom kernel), iptables and the usual basic GNU unix utilities.

Services will be run from a bunch of complete virtual machines living within this box. A bit like how IBM has done it for decades on the mainframe. The shell server will have its own user-mode Linux. The webserver will too, and so will the mail server/DNS etc. They will have public IP addresses, and will appear to be real physical machines to everyone else. It's just the entire network from the machines, to the cabling, to the network switch is actually virtual! The host machine will just provide firewalling via iptables. Try a traceroute to the VM - the host machine shows up as a router along the way! The virtual machines will all run Debian. Debian, IMHO, is _the best_ Free (as in speech and beer) Linux server distro. The packaging system (apt) beats the pants off anything that RedHat shipped. And it will continue to be supported, and the updates are easy via apt etc.

Better still, if a cracker exploits a buggy PHP script on the webserver virtual machine, it'll be useless to them as a DDOS zombie or spam zombie because the script kiddie will be locked in a virtual machine that's contained by strict egress filtering rules at the host's firewall. Even if they root he VM, they can't disable the firewall (which they could do if they rooted the host). The VM can additionally be chroot jailed. Of course, nothing is completely unhackable, but skript kiddies will just give up and go some place else because they will have to hack so many layers to make the system useful to them - and it is extremely unlikely that they can ever get close to breaking out of a UML instance running in skas3 (separate kernel address space) mode. And of course, with Debian's updates, the likelyhood of a crack in the first place is kept to a minimum.
1 comment or Leave a comment