On 01/26/2014 09:57 AM, Ted Byers wrote:
[...] Would I be right in guessing that none of the above is an issue if you're using an SSD, since there are no moving parts in an SSD?
Not entirely. The 'no moving parts' is a side issue. There's much work been done on 'parallelism' and its all indicated that its a good thing for performance. If you make use of it, that is. One machine I used had 5-channel memory, difficult to do properly unless you use very small memory chips. That meant that TWO disk controllers and the CUP and a take drive and a debugger could all walk though memory. Just not accessing the same 512-byte bank at the same time. Why bother? Well my old PDP-11s had controllers that could manage up to 8 spindles; could seek simultaneously on all of them but only transfer from one. If I wanted to try simultaneous transfer, not exactly possible on PDP-11 memory hardware, I needed a separate controller. But overlapped seeks ... and smaller drives ... Today if we have multiple spindles we do RAID. No, the point is a separate PARTITION. Even the "above" applies with a single (large) disk drive that has been partitioned. Even the old technique Mike Tilson used was applicable for a single drive. The problem with a single drive is reliability, but that's not what I'm talking about here. If you have a SSD you can still partition it. Personally I wouldn't put /tmp on a SSD.
* one of the problems of DOS/Windows is that can't make the root 'read only' since it needs activity. Yes you can create a D: partition and move the swap file off C: but it still needs to have C: writeable. Not so for Linux. You can set it up, assuming you aren't doing upgrades, with the root partition READ-ONLY. Yes you need to migrate other things off the root partition and perhaps set symlinks (heck, there are a lot under /etc/ anyway!) and rbind. Having binaries and libraries RO is a great defence against hackers and malware.
Now this is interesting, as there is always a risk of attack by bad guys. Is there a comprehensive 'HOW TO' you can point to that is adequate to show even a novice how to protect himself using this practice? If not, how would you advise such a novice how to partition, say, a new system with one or two large SSDs (Crucial has had one that is almost 1TB for quite a while), so that he can make his binaries and libraries RO, for a machine intended to be a web server? And, if it is set up that way, what method would he have to use in order to be able to apply updates (particularly those related to security - there will be, for example, such updates to apache's httpd server, and whatever DB he's using, and obviously these would need to be applied so that the web apps are protected as well as can be done)?
If you stop and think about it, a LiveCD version of Linux has a read-only setup. Some of those allow you to have a USB with a writeable segment for customization. http://en.wikipedia.org/wiki/Read-only_root_filesystem I'd experiment. I'd google first, since this has been discussed many times at USENIX BOAF and other conferences. http://www.a-netz.de/2013/02/read-only-root-filesystem/ This is close to a how-to: https://sites.google.com/site/linuxpendrive/rorootfs Take a look at your system and think in terms of "if each partition was on a separate 'drive', which ones could I snip the write wire to?" You'll soon see that those 1T SSD are NOT a good idea. The problem is putting everything in one place. A mistake of MS-DOS/Windows. Certainly having /tmp on a SSD is a BAD idea. And if you have it as tmpfs in memory then you better have a way of cleaning it unless you reboot your machine to flush it daily. The reality is that you can run all of SUSE on a 20G system. I'm running a 12.3 system on a 20G drive testing out BtrFS. (Actually it less since I have a 4G Swap partition) /home is NFS mounted on a server. The problem with a large drive of any kind is that one is tempted to overload. Yes there is a trade-off; perhaps a reliable 4T drive is more failure-resistant than four 1T drives. Statistics seems to have a lot to do with it. I'm finding old, old 20G and 30G drives outlasting my much larger ones. -- The truth of a proposition has nothing to do with its credibility. And vice versa. Excerpt from the notebooks of Lazarus Long, from Robert Heinlein's "Time Enough for Love" -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org