Date: Mon, 11 Mar 2019 11:03:04 -0500 From: Valeri Galtsev <galtsev@kicp.uchicago.edu> To: freebsd-questions@freebsd.org Subject: Re: Barebone kernel options request Message-ID: <413d100f-6bb5-e59c-abed-b32b1842635f@kicp.uchicago.edu> In-Reply-To: <20190311155608.GB99810@rpi3.zyxst.net> References: <ea-mime-5c8509f6-a788-2c4256bf@webmail.numericable.fr> <20190311080756.6191bb55.freebsd@edvax.de> <23686.24032.265558.282058@jerusalem.litteratus.org> <MWHPR04MB0495F8EB3312EE2AA56623A780480@MWHPR04MB0495.namprd04.prod.outlook.com> <20190311155608.GB99810@rpi3.zyxst.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/11/19 10:56 AM, tech-lists wrote: > On Mon, Mar 11, 2019 at 01:54:48PM +0000, Carmel NY wrote: > >> Just out of some sort of morbid curiosity, I would be interested in >> knowing exactly what problem the OP is trying to correct or alleviate >> here. If his storage, memory or whatever resources are stretched to the >> limit, he would be better served by purchasing a newer, more powerful >> machine. "You can't make a silk purse out of a sow's ear." > > I dunno if this applies to the OP but I also compile custom kernels and > world for some machines. My basic reasons: > > 1. I want available only what is needed, for the os/machine's purpose, > so that there's more resources for the machine's job. Each disabled > option means that some resource of some type, however tiny, becomes > available. These add up. > > 2. Having only what you need means you have less to maintain, which is > important for security. I guess it makes the "vulnerability surface" > smaller, at least in theory. I mostly achieve that by running these things in jails. Sometimes I have multiple jails representing one "server" - with the same IP, say, these may be in separate jails: shell (where users can ssh to), www, mail, mail/spam filter. Just my $0.02 Valeri > > 3. It might be the case that the machine I'm maintaining isn't mine, so > the option to "buy better hardware" is out of the question. > > Being able to tailor the OS for exactly the requirement in hand is a > major plus point in favour of FreeBSD for me. point #2 above is > particularly relevant for an internet-facing machine. -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?413d100f-6bb5-e59c-abed-b32b1842635f>