Constructing IT Infrastructure — A Diary + Part III

Selecting the Distributions

Julian M. Kleber
5 min readJun 3, 2023
Cat created with NightCafe

This is really tough work. It is also a strategic decision as we do not want to do that every other month or so.

What does a distribution need?

  • Able to use a Code Editor
  • And git
  • Able to host containers -> here the fun starts displaying how deep the cartel is. Docker is gone k8s not so good either. Now it is Podman which is maintained by Redhat. All depend on the OCI. Which is good. It is similar to what open source should be. Except when Docker suddenly wanted money.
  • The new k8s is https://cri-o.io/
  • Do not be fake open source like Canonical for example. Else you will have the Docker problem again.
  • Notice how there is at some point no alternative any longer and how the company makes themselves ridiculous by offering AI to accelerate the products they are using to generate a lot of profit by wasting the time of humanity like having endless Word documents and crashes etc.
  • Notice that relying on an monopoly software will cause problems in the near future as it does now already. When it started a couple of years ago the severeness of all of it was low. But looking now at the market they were breaking more and more stuff such that almost nothing is really working any longer.

Experiments

This list is updated now continuously up to a point where I found something that works properly. I guess it will then change and change until the other side has enough of it.

Note how macOS fails to host virtual machines using open source software. When I was working with Windows 10 it had almost the same problems except for only hosting VMs that were in risk of being compromised. High security standards could not be hosted on both systems.

Everything boils down to QEMU on a Mac. That really is working. Having a GUI for the VMs is not. Hosting up a vagrant does not work either. What does work however, is using Podman.

Note how Podman runs on FreeBSD and Linux natively but is broken on Windows. While I was implementing industrial automation for a customer on Windows systems the functionality was limited by some firewall or something. The nice thing on Podman though is that you now only need to use the Fedora OS as a base for each container.

It was required to use Windows in production at a client but it could not do the job so I was developing in a container. Not sure if the breaking of the container is related to me developing solutions on scale with it.

The thing about the human mind and do not forget that + you cant really use it to harm someone. It takes a lot of effort and people are not by nature violent. Enough philosophy for now though. If you believe something else though you might have been brain-washed. I recommend my Reflections on Mathematics series for starting to treat this.

Anyhow here is the list

FreeBSD

FreeBSD logo
  • Tried but could not download packages from FTP server during install for the ports. Maybe one can go without the ports package management.

Endeavour OS

EndeavourOS logo
  • EndeavourOS -> Is an Arch Linux derivative. It works nice and looks nice. However the security was downgraded after I implemented it at a customer. Unfortunately the aggressor also destroyed the GI (golden image). Read more on the attack. It is/was especially nice for developer usage but could also be tweaked with some nice behaviour for a webserver like fooling nmap etc easily.

Debian

Debian logo

Worked last year quite well, but my old Fujitsu server was too slow for constructing a golden image.

On Apple Silicon you do not have a chance to get it to work in a VM. VMs seem to be corrupted on MacOS. Yet, QEMU works. It somehow is annoying + but on the other hand it keeps strict separation of development and office activities. It is good for productivity and can be framed as a feature.

It feels weird though that it gets harder and harder to be free. Should get people worried to be honest. The package manager seems functional however.

Installing it takes a while but one can omit swap and privilege escalation can be prevented using 2FA.

Pure Arch

Archlabs logo.

On MacOS it has the same problems as Debian.

OpenSuse

OpenSUSE logo

I tried it once back in 2022. Liked the feeling about it. However, I could not easily secure it and the pam module was weakened in security.

Join our email list 9K+ and people to learn more about the good lifestyle, technology, and fashion.

Thank you for being here

⛵ Thank you for reading. We hope that we could provide you with something valuable and we would be glad to hear about your thoughts and ideas. Please drop a comment below or file an issue. Live long and prosper!🖖⛵

--

--

Julian M. Kleber
Julian M. Kleber

Written by Julian M. Kleber

Just sailing ⛵ - Constructing for endurance | www.julianmkleber.com

No responses yet