Learn from suse install to improve my Ubuntu install?

[ubuntu at rio.vg]

Scott Kitterman wrote:
> 
> On the server side, my second Ubuntu mail server went from power on to boot 
> from the install CD to a fully functional Postfix server with SASL and TLS in 
> less than 4 hours (that included testing).  I can, and will, automate this 
> further, but that's not unreasonable.  

I think the issue is really inherited from Debian.  If you're setting up
an "appliance" style server (i.e. a server that only does one thing),
it's great.  But then, that's easy.  When you're setting up much more
general purpose or development servers, it gets to be a pain in the rear
to keep having to install more and more things one by one.

>> I don't buy the "We don't install anything listening by default, so you
>> don't need a host firewall".  It's fine for the single user at the end
>> of a cable modem, but even installing something as simple as nfs require
>> rpc portmap, which is then a listening service.
> 
> There are two schools of thought on this.  Personally, I like the belt and 
> suspenders approach (Firewall even if nothing is listening), but that's me.  
> If they did install a firewall by default, then you'd get to have the 
> argument about which one.

What do you mean?  There's only one: iptables.  What frontend to use to
help you configure the arcane syntaxes of iptables isn't as big of a
deal, I think.

> Well that was a killer for me.  It worked great, I just could never update it.  

That's why I installed apt.  Solved the whole issue.  It's even in the
normal suse repository.  Also, fou4s has a beta out for 10.1.  That's
another thing I missed.  fou4s is just so nice to run from cron every
night and inform me of which server need updates.  Apt can do it, but
it's not as nice.  fou4s, for instance, will not only let me know which
updates, but also WHY, so I can decide how urgent the update is.

(As an aside, this should probably be in another thread, but is there
any way possible to get apt to tell you WHY a package is in its "Held
back" list?  I know you can try things like dist-upgrade, but that's
really a microsoft way of doing things.  I'd like to know WHY, rather
than just keep trying things to see if it works.)

> AppArmor I turned off the first time it stopped me from doing something I 
> wanted.  On a server, maybe, but on a desktop, I think it's overkill.

Interesting.  Both on server and desktop, I haven't run into any issues
from it.  Obviously, it's much more important on the server-side, but I
rather like how it even wraps Firefox, for instance.  The configuration
of it is pretty straightforward.  I'm confident I could change the
configuration should it deny me anything.

>> So, as I said, I'm still on the fence.  I'm keeping an eye on Ubuntu,
>> but so far SuSE hasn't become too problematic to use (since you can
>> install apt) and Ubuntu isn't really mature enough yet, imho.
> 
> For a lot of server applications I think it's plenty mature and it's security 
> fix support is generally very good (where's that ClamAV remote execution fix 
> anyone?), so for a lot of functions, I'd have to disagree with you on the 
> server end.

Easy set up for an appliance style server is not maturity.  That's easy.
 The trick is a secure development or otherwise complex server with
minimal headaches.  I don't think it's there yet.  It's a tricky balance
between installing things that may not be absolutely necessary, but
vastly reduce annoyance when you do need them, and taking the old
Solaris kitchen sink approach of "You WILL install everything, and
everything will be running, or we will make your life difficult." :)

> On the Desktop, KDE is KDE by and large.  The biggest difference is package 
> management.  I'm pretty happy with Adept, Apt, and Dpkg.

There is one thing on the desktop that SuSE does with the latest release
that I've really come to rely on.  I admit my knowledge in this area is
limited, but SuSE did something to ALSA to make it multi-threaded or
something.  On my SuSE box, I can throw as many apps at ALSA and it will
just mix the sounds and output it all.  I'm not talking about aRts or
esd.  ALSA itself.  Apps that I know do not use aRts or esd, like
RealPlayer or even ePSXe can output sound right along with Amarok at the
same time.  This is the first time sound has really felt seamless in Linux.