Thanks, I was wondering how that worked.

Nice write up, and there’s lots of choice so although Slackware was the first distro I ever ran, back in the 90s, it probably still has a place.

I’m interested in your take on security, without updates. Do you consider Slackware is secure?

Now we’re getting there!

I get it, and have switched back and forth myself a few times over the years…

I’m a Linux sysadmin who is also a PC gamer.

I run Windows for my main desktop as a gamer. Greatest choice, best compatibility, it’s the primary focus for game developers, etc. I use debian on my laptops and home servers as I don’t game on those and otherwise Linux is better in most other areas.

At least for me, it doesn’t matter a huge amount what OS I use as a desktop provided it’s stable and not annoying. Sometimes lilnux is annoying because of compatibility or bugs or specific software isn’t available or work poorly, sometimes Windows is annoying because of monitoring, design choices that favour Microsoft instead of the user, changes - often hidden - to existing practices, or any of the thousand little annoyances. Neither is painless 100% of the time but they’re not really so different from a day to day driver if the software you need works well on both, which for many people is basically just a web browser.

I applaud those who game under Linux, you’re doing great stuff and opening the doors for everyone in the future.

How it’s set up depends on your business needs. We have a few hundred, and ow they’re set up and managed is defined by a dozen or so groups. Base image to deploy, then ansible and config management to set up the roles.

Users are generally authorised via AD using sssd. Some have very specific Groups which have normal user access and occasionally sudo privs for specific commands. SSH, RDP or physical access.

Our sysadmins have local users with root privs, but most administration is done at scale using ansible or Uyuni.

Like everything, least privilege is the best way. AD allows us to quickly control access if someone leaves or is compromised, but it could equally be done with any central LDAP system and groups.

sanity check

enable raid 0 striping

Sanity checked: You’re mad.

deleted by creator

True. Learning your first programming language (or scripting language) is usually the hardest.

Put it this way - it doesn’t hurt.

Nothing fully replaces real world experience with the exact software and technologies your potential employer uses, but having demonstrable ability to use and understand linux is very transferrable. Ultimately it comes down to the interviewers and what they’re looking for, and to the more technical of those, choosing linux as a daily driver shows you’re more interested in understanding how computers work and that you have a degree of problem solving ability.

Read some adverts of the jobs you want to get, being realistic that you may need to start low to get that experience, and build ability in what’s wanted, especially the bits that are marketable.

You are right.

It’s human nature emboldened by freedom, of course. Codes of Practice help, but can’t change the freedom that comes from entitlement and anonymity.

But on balance, there’s an awful lot of genuine people doing good, respectfully and politely.

Small number of machines?

Disable unattended-upgrades and use crontab to schedule this on the days of the week you want.

Eg, Monday each week at 4 am - every combination of dates and days is possible with crontab. 2nd Tuesdays in a month? No problem.

0 4 * * MON apt-get update && apt-get upgrade && reboot

(You can also be more subtle by calling a script that does the above, and also does things like check whether a reboot is needed first)

Dozens, hundreds or thousands of machines? Use a scheduling automation system like Uyuni. That way you can put machines into System Groups and set patching schedule like that. And you can also define groups of machines, either ad-hoc or with System Groups, to do emergency patching like that day’s openssh critical vuln by sending a remote command like the above to a batch at a time.

All of that is pretty normal SME/Enterprise sysadminning, so there’s some good tools. I like Uyuni, but others have their preference.

However - Crowdstrike on Linux operates much like CS on Windows - they will push out updates, and you have little or no control over when or what. They aren’t unique in this - pretty much every AV needs to be able to push updates to clients when new malware is detected. But! In the example of Crowdstrike breaking EL 9.4 a few months ago when it took exception to a new kernel and refused to boot, then yes, scheduled group patching would have minimised the damage. It did so for us, but we only have CS installed on a handful of Linux machines.

• HomeAssistant and a bunch of scripts and helpers.
• A number of websites, some that I agreed to host for someone who was dying.
• Jellyfin and a bunch of media
• A lot of docker containers (Adguard, *arrs)
• Zoneminder
• Some routing and failover to provide this between main main server and a much smaller secondary (keepalived, haproxy, some of the docker containers)
• Some development environments for my own stuff.
• A personal diary that I wrote and keep track of personal stats for 15 years
• Backup server for a couple of laptops and a desktop (plus automated backup archiving)

Main server is a ML110 G9 running Debian. 48G/ram. 256 ssd x2 in raid1 as root. 4tb backup drive. 4tb cctv drive. 4x4tb raid 10 data drive. (Separating cctv and backup to separate drives lowers overall iowait a lot). 2nd server is a baby thinkcentre. 2gb ram, 1x 128gb ssd.

Edit: Also traccar, tracking family phones. Really nice bit of software and entirely free and private. Replaced Life360 who have a dubious privacy history.

Edit2: Syncthing - a recent addition to replace GDrive. Bunch of files shared between various desktops/laptops and phones.

Nice analogy, except you’d check the script before you tried to use it. Computers are really good at crc/hash checking files to verify their integrity, and that’s exactly what a privileged process like antivirus should do with every source of information.

you lose benefits of economy of scale.

I think you mean - the shareholders enjoy the profits of scale.

When a company scales up, prices are rarely reduced. Users do get increased community support through common experiences especially when official channels are congested through events like today, but that’s about the only benefit the consumer sees.

Linux is that it is today thanks to Redhat.

Mmm, maybe - but only if you allow that the same can be said for the tens of thousands of other companies and individuals who have contributed.

Yes. Is it moist under there?

Agreed.

deleted by creator

deleted by creator

And Macs, we have it on all three OSs. But only Windows was affected by this.