Re: 2.2 kernel vs. 2.4 kernel, please help!
<quote who="Penguin">
> I am trying to figure out what kernel I should use, for the next 6
> months at least anyway. Security is my main objective, most other
> things can go to the wall if they conflict.
>
> But I would like my Nvidia card to work with a 2.2 kernel, and I
> would like to be able to use cdrecord/xcd-roast, and other goodies
> too. I need to be able to run XFree 4.1. I would like to be able
> to have sound, using a SoundBlaster 128 Live card.
>
> I would prefer iptables, since I know it has a LOG option to record
> all incoming and outgoing like a packet sniffer for my modem
> dialup connection - does ipchains with the 2.2 kernel have a
> comparable option? I want to see if when I log into my POP3 server
> if my user and pass is sent in clear, etc etc. I want to see
> everything passing on the wire.
>
> Can I use iptables with a 2.2 kernel?
not as far as i know
> Given that I am super paranoid, maybe my old Debian 2.2r2 Potato is
> the best bet for me. Is there any reason why I may not be able to
> upgrade X to XFree 4.1 with this version of Potato?
it is possible through unofficial debs, run a search for
xfree4 and potato and you should find a url pretty quick
(last time i checked it took about 2-3 minutes). some
minor problems may occur(at least did last time i tried it)
but they are easily worked around in most cases.
that said, i highly reccomend 2.2 over 2.4 anyday. as
someone who runs about 35 linux servers and workstations
(maybe more, i haven't tried counting). all of my
systems are 2.2. I use the openwall patch from
www.openwall.com/linux. it makes a system a little
more secure. 2.4 for me is not stable yet, i have
read some reports that 2.4.16 is considered to
be the "2.4.0" as in the first "stable" 2.4 kernel.
so for me that means wait another year before testing
it. i'd like to use iptables too, but if i needed
a better firewall i would use freebsd or openbsd
rather then use linux 2.4 at this point. im confident
it will stabilize it will just take a while more.
if you want to sniff your POP3 traffic then use
tcpdump or something. if your using POP3 then
you are sending your password in clear text,
POP3 is not an encrypted protocol. you can get
better results from tcpdump if your goal is to
sniff traffic. I don't have a sound blaster live
but i do have a nvidia geforce MX200 on one of my
desktops, its rock solid under 2.2 i use it everyday
for mostly video capture and unreal tournament and
i haven't rebooted since i installed a new CDRW
about 2 months ago. i also burn cds regularly on
that machine(have burned about 60 sofar..). on
my desktop at work i have a G400 and another
CDRW(plextor) and have burned about 30-40 cds
since i last rebooted about 220 days ago.
my soundcard of choice is the SB PCI 128(es1370/1371),
rock solid, sounds good, drivers are excellent.
no midi though, but i dont need midi.
only place i run linux 2.4 is on my dreamcast
since thats the only kernel that runs on it i think.
once linux 2.4 gets to the point of 1 update every
3-4 months then i may consider testing it, also
when it gets to the point where people are no
longer scrambling to the latest release that
fixes critical bugs in the previous release.
2.2 has been at this state(IMO) since 2.2.10
(with the exception of 2.2.11->~2.2.13, 2.2.11
was a real bad apple). i did not deploy 2.2
in production until 2.2.10, my next deployment
kernel i think was 2.2.14. now my current
is 2.2.19(not 2.2.20 yet). there were some
minor security issues in later kernels, but
since all of my systems have no untrusted
users its not a rush to update to them, infact
with the exception of only 2 systems, the only
users that have shell access also know the
root password(total of 2 people).
hope this helps..
nate
Reply to: