Date: Tue, 06 Feb 2007 21:30:52 +0100 From: Karol Kwiatkowski <karol.kwiat@gmail.com> To: Kevin Kinsey <kdk@daleco.biz> Cc: FreeBSD Chat <chat@freebsd.org> Subject: Re: Productivity with FBSD, or: "portupgrade" vs. virus scans.... Message-ID: <45C8E57C.6050001@gmail.com> In-Reply-To: <45C8CB7B.5090200@daleco.biz> References: <45C8CB7B.5090200@daleco.biz>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig8C0462EA0AACAB3E9C35B1A4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Kevin Kinsey wrote: > Hello, Hi, > [...] > My box does *everything* except provide workstation facilities to my > family and co-workers. Company intranet and site development server, > gateway/fw/nat/proxy, POP/IMAP and MTA, SAMBA, DNS, rsync for backups, > print services via apsfilter over lpr, and, my desktop with XFCE4. I > have set up scripts to handle rebuilding -STABLE, usually about monthly= =2E > I have the CD Burner we use; the only thing we need Win* for are the > kid's games and school apps, as a "test box" for clients and web > previewing in MSIE, and the fact that other family members (and one > co-worker) all prefer "known territory". >=20 > Needless to say, the FBSD box needs to be "up and running" almost all > the time. It seems lately that maintaining the many ports providing al= l > these services is taking away valuable time that should be spent *reall= y > working*. My setup, in somewhat similar scenario, includes an old PC* which serves all "critical" services: ppp/gateway/firewall, SMTP/POP3, DNS (cache), NTP, WWW, Samba. It is running RELEASE branch (6.2 atm). As for updating - I'm using freebsd-update whenever I can. Unfortunately, on this one I can't (I need ALTQ amongst other things) so I set up a jail on my workstation (more memory, much faster) to build kernel/world. Prepared files go over LAN through sshd - a script and public key authorization - and get installed with another script. For ports I use similar technique - packages are build on the workstation in a jail, transfered to "server" and 'portupgrade -afPP' takes care of the rest. Again, in general I would use packages from ftp sites, I'm compiling them only because I need some special options. That way I'm more flexible with my desktop - I can turn it off or "brake" by playing with kernel ;) > Perhaps I need a more reliable Internet link; packet radio occasionally= > (at least with my current provider) seems to experience sharp drops in > performance, which makes tarball-fetching take a long time during the > day, whilst the fact that there are so many ports installed means > "portupgrade -arR --fetch-only" takes more than an overnight, also. I guess fetching them overnight is the best option. > If you're a desktop FBSD user: >=20 > How do you keep up with ports? First let me say my desktop, differently then in your scenario, is only for me. There are times when I know I can't afford any (possible) delay, but generally I stay up-to-date. I use ports, the only exception is OpenOffice.org. The procedure is: - run script update-ports.sh - it used to use cvsup, now portsnap; - check UPDATING (oh yeah ;) - upgrade via 'portupgrade -rp portname' - I've got some big ones (like kdelibs) on hold, so I can choose when I'd like to do them; With 'nice +20' it's perfectly normal to work while upgrading (seamonkey is compiling as I write). > *Do you have (or have you, at some time, had) much trouble? I had some problems at the beginning, when I was to smart to do better :) I was doing strange things like messing with compilation flags, upgrading only some of the libraries (used by other ports), etc. I learned my lesson and haven't got any troubles for few years now at all (well, there was one when gnome went to LOCALBASE, but that doesn't happen too often). > *If you have trouble, do you accept it as a "cost" of using FreeBSD?= It was frustrating a few times but there was only me to blame. I learned how to use portupgrade and be carefull to details (like "will X brake if I upgrade Y"). > How often do you upgrade your ports/packages? Few (1-3) times a week. > Any suggestions on what I might do differently? > > *Should I quit updating FBSD except for major point releases? I think that would be a good idea. I use STABLE on _my_ desktop where I can play with it, but RELEASE otherwise. If I wouldn't have that small PC I mentioned before I would definitely went with RELEASE with security updates. > *Should we upgrade the server-type ports and leave the desktop apps > alone when we get a "stable" configuration there? All services facing the Internet should be treated carefully. As for others - I guess that depends but I wouldn't browse Internet with an outdated browser, for example. > *How dangerous is it to be using outdated ports (particularly the > servers)? On the Internet - pretty dangerous in general (robots will find you eventually). On LAN probability is much smaller, but remember some "bad" software may get installed on internal Windows machines and start attack from there. > To sum up, I doubt I'll jettison FBSD from my desktop, but I wish to be= > assured I'm not wasting time doing what amounts to "busy work" to keep > my 3rd-party apps going when I could sit at the next desk and probably > worry less about that.... >=20 > Thanks for your time, thoughts and strategies, >=20 > Kevin Kinsey You're welcome. To sum it up - in your situation I think I would go with RELEASE plus security updates for system and packages from ftp sites. This setup should give you a "stable" base to work with. Best regards, Karol * Celeron 400Mhz, 96MB RAM, 20GB HDD with few network cards and practically nothing else (no monitor, no keyboard, etc.) --=20 Karol Kwiatkowski <karol.kwiat at gmail dot com> OpenPGP 0x06E09309 --------------enig8C0462EA0AACAB3E9C35B1A4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFyOWEezeoPAwGIYsRCLiuAJ9rZM5GC3qaW8gbRbBidH3t8MgbBgCgnKw4 wc7iR10O4o3RceaCmfuUPUU= =uCc/ -----END PGP SIGNATURE----- --------------enig8C0462EA0AACAB3E9C35B1A4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45C8E57C.6050001>