Author Topic: Father-Proof Computer  (Read 1024 times)

Offline cavy

  • Trusted User
  • Member
  • *****
  • Posts: 477
  • Karma: 97
  • Caveman
    • View Profile
  • Peppermint version(s): Peppermint Ten
Father-Proof Computer
« on: April 24, 2017, 06:27:08 am »
Hi PCNetSpec,

Re https://forum.peppermintos.com/index.php/topic,5443.0.html where you elucidated me about different kernels. I had been researching how to pin the kernel, as part of my own plan to  ;)  father-proof his computer   ;).

HWE
https://wiki.ubuntu.com/Kernel/LTSEnablementStack

4.10 kernel
https://kernelnewbies.org/Linux_4.10

How to install Longterm Liquorix kernels
https://liquorix.net/

Pinning kernel
I've concluded it is only suitable for certain kernels.

HWE I was unaware of. The 4.10 I understand will be Debian's Stretch LTS kernel of choice. Also came across Liquorix kernel, research suggests it's Ubuntu friendly.   ;)

You seemed to allude to Banjo's choice of the 4.10 kernel being a strong candidate for stablity. How does this compare to Liquorix or HWE.  ;)  Essentially I want to install and forget, and be serviceable until 2021   ;)

regards cavy    :D

Next project: Automate the updates    ;)
“We know what we are, but not what we may be.”

Various machines to sample the delights of Linux

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 2169
  • Karma: 415
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Father-Proof Computer
« Reply #1 on: April 24, 2017, 06:59:44 am »
I don't see the point of Liquorix unless he's doing some high-octane gaming ;) I don't think it's going to be long-term enough.

Quote
Debian vs. Ubuntu

As a general rule, you can assume, with some exceptions, that the LATEST Ubuntu release is roughly compatible with Debian Testing. You CANNOT assume that any earlier release is compatible. But even that is not safe, because Ubuntu could release with GCC 4.6, then one month later, Debian could change to GCC 4.7, so you have to check to make sure, don't assume. You can always assume that older Ubuntu's, or Debian Stables, are not going to be fully compatible, and the older they are, the less compatible they will be. This also applies to all Debian or Ubuntu derived distros, like LMDE, Mint, Mepis, and so on. Obviously, true Sid or Testing based distros, like Antix, will have no problems.

http://techpatterns.com/forums/about1891.html


Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Father-Proof Computer
« Reply #2 on: April 25, 2017, 06:59:58 am »
Personally I'd stick with the 4.4 kernel, or 4.8 from the HWE .. they're the ONLY kernels that will receive automatic security updates.

I ONLY mentioned 4.10 in the other topic because there was zero chance of support if a kernel update went belly up .. it was NOT a recommendation ;)

If you move away from the 4.4/4.8(HWE) kernels from the default repos, you have to weigh the benefits of a static kernel with no risk of regression against the downside of no security updates .. I can't make that decision for you.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline cavy

  • Trusted User
  • Member
  • *****
  • Posts: 477
  • Karma: 97
  • Caveman
    • View Profile
  • Peppermint version(s): Peppermint Ten
Re: Father-Proof Computer
« Reply #3 on: April 25, 2017, 10:21:19 am »
@ murraymint

Quote
I don't see the point of Liquorix unless he's doing some high-octane gaming ;) I don't think it's going to be long-term enough.

Cheers m8, he does live on the edge; with pysol, lol 

@ PCNetSpec

Quote
Personally I'd stick with the 4.4 kernel, or 4.8 from the HWE .. they're the ONLY kernels that will receive automatic security updates.

I ONLY mentioned 4.10 in the other topic because there was zero chance of support if a kernel update went belly up .. it was NOT a recommendation ;)

If you move away from the 4.4/4.8(HWE) kernels from the default repos, you have to weigh the benefits of a static kernel with no risk of regression against the downside of no security updates .. I can't make that decision for you.

Okay, I read too much into your earlier 4.10 comment (for Banjo). ;) Mea Culpa ;)

Would either of the 4.4/4.8(HWE) kernels be suitable to pin...?

Reason, why...! Usually have do routine maintenance, run updates and reboot if there had a kernel upgrade. When called to fix some issue, usually minor and of his making.

Are there other viable options...?
“We know what we are, but not what we may be.”

Various machines to sample the delights of Linux

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Father-Proof Computer
« Reply #4 on: April 25, 2017, 12:10:03 pm »
If you're going to "pin" a kernel you're denying yourself security updates anyway .. so pick whichever you want (including the non default 4.10).
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline cavy

  • Trusted User
  • Member
  • *****
  • Posts: 477
  • Karma: 97
  • Caveman
    • View Profile
  • Peppermint version(s): Peppermint Ten
Re: Father-Proof Computer
« Reply #5 on: April 25, 2017, 01:57:29 pm »
Thank you.   :D

I'm trying to get my head around this opaque topic. Apart from your help to upgrade to a newer kernel a few years back, I have not given this topic much thought, except for maintenance, when purging old kernels.   :)

With Peppermint being on the Ubuntu platform, and designed to upgrade its kernel on a regular basis. Is the accepted method I have happily used for years without question, as the Linux way.   ;)

We could compare the finer points of our cousin and original donar, who have choosen a static kernel, but they have optimised their system this way. Plus read conflicting views on the merits of static and upgradeable kernels. Confusing at best.   :-\

But it did seem to offer a solution to my dilemma.   ::)

I bow to your opinion, I enjoy a stable system too much, to be chasing my tail all day, correcting things.   ;)
“We know what we are, but not what we may be.”

Various machines to sample the delights of Linux

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26452
  • Karma: 65531
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: Father-Proof Computer
« Reply #6 on: April 25, 2017, 03:41:15 pm »
Here's my take.....

Default kernels (on Ubuntu/Peppermint) - have the benefit of security updates (there was a security updated kernel just released so if you're on a static kernel your security isn't up to date .. If a kernel ever regresses, you still have the earlier kernel to fall back on from the GRUB menu. Sure things can go wrong but they're rare.

Static kernel - Nearly (but not completely) no risk of regression, but you're leaving yourself open to vulnerabilities.

It's a toss up really .. you need to do a risk/benefit analysis for your own personal setup and future requirements.

On the whole, we advise people stick with the default kernels for security purposes and because when asking for help on here we're working from a known baseline ( I mean if you come here and say some software won't work I assume it's not the kernel if its working on my system, if you tell me you're on a non-default kernel I can't be sure about that so helping you is sometimes impossible).

That said we recognise there are certain cases where a static kernel may be a better fit .. but unless there's a particular reason (such as unsupported new hardware) to switch I'd still suggest you stick to a pinned default kernel rather than go for a non default one as the graphics stack, and some other software may have been compiled with that kernel in mind. When someone says "our software/drivers/etc. is guaranteed to work in 16.04" it's been tested that it compiles against the 4.4 kernel series, there's no guarantee it will compile against the 4.10 series (in my experience this applies mainly to drivers).

At the end of the day there's no single "correct" answer here .. it's all a balancing act where the variables differ from use case to use case :)

So as long as you understand the risks .. the choice can only be made by you.

If you don't understand the risks .. stick to the defaults .. they're the best balance for most people (hence why they're the defaults ;))
« Last Edit: April 25, 2017, 03:45:47 pm by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec