NS8 vs NS7: hardware requirements and security (feel free to change/suggest a title)

Salut Stéphane,

Do you mean that I need a “super computer” to run NS8 ?

Isn’t a MUST for any software ?

I was waiting for B2 to continue testing…
Do you mean I have to wait for B3 or RCx ?

If NS-8 switched to containers for security reasons, can you tell me how many Nethserser-7.9, properly configured and updated, were hacked before ?

Michel-André

no time to argue mate

1 Like

Then I have no time to check NS8

Michel-André

1 Like

If NS-8 switched to containers for security reasons, can you tell me how many Nethserser-7.9, properly configured and updated, were hacked before ?

Uhmm, out of several reasons I doubt that there is a serious answer (not only to NS servers) who’s/what company have been hacked or compromised.

For NS 7 a regulary use of #:history, #:pam_tally2 and #:faillock should be on the daily routine of a sysadmin. Of course besides a proper configured and up-to-date server in generally.

And I thought you supported “Never touch a running system”!

→ This may have been valid for production servers for a single use only, and shielded from the Internet as such…

Running on VM you might as well add in “test updates on VMs”…

:slight_smile:

My 2 cents
Andy

Hi Andy,

probably OT, but anyway.

We are only in production. Every single day in a year without (hopefully) any break in IT. Would this happen, no ERP, nearly no machine would run, no telephone, no banking, I don’t have to go in details.

And yes - security updates for the OS I do take serious. Therefore the uptime of our servers cannot beat yours. You wrote elsewhere (in this forum), how long servers are running which you maintain. AFAIK there are kernel updates which require a reboot. Nevertheless I bet: none of your maintained servers have ever been hacked. Am I wrong?

What do you mean with single use?

In a hybrid world the desktops (also software for machines (better interface between human and machine) - printers, drilling machines, …) in a company are usually (>90%) MS$ systems. Sometimes apple OS also. (Well, hmm, I confess, we still have SIEMENS (SINUMERIK) controls on machines…) but this is another world.

What I see at this point, if running a linux server, samba (share/ibay management) seems to be essential. Maybe with active directory or not. Besides an easy management for users and groups. Next would be email. To manage and for the users, it could be something like webmail, roundcube, SOGo but also i.e. thunderbird, whatever. Sometimes something is historically… Easy management (for admin and users) is highly appreciated. At glance with all features to make email as safe as possible. Database(s). Groupware for most companies… There are surely other and more needs for other business.

Right now (for us), assuming properly configured, it’s pretty safe to run all this on a common linux NS7 server. We’ve never been hacked or compromised. The server was built as “shoot and forget”. To be very clear - this is meant with my statement “never touch a running system”. But of course with all recommended security updates in first place for the OS, and if announced also for the installed software.

For me this is the SME idea. Remember MITEL. All I see is that the child NS8 needs much more attention in many directions. Only spoken for me.

Cut this now - it’s really off topic. Sorry for jumping on.

As a good Example: Proxmox PBS hardly needs any reboots, as it is capable of reloading the (newer) Kernel while running!

Proxmox itself can’t do this, due to VMs and Containers running, CTs especially depend on the same Kernel.

NethServer and OPNsense are also good examples. They do neeed reboots once in a while, but only (OPNsense) when Kernel upgrades are included.
Todays upgrade from 23.7.4 → 23.7.5 on OPNsense did not need a reboot…

I do also have clients which mandate Linux Desktops, and only LibreOffice. MS Office can be a reason for losing theor Job (In Germany!), and some use only Macs. Some use Windows only as VMs with RDP…

Single use example:
PC to control drilling stations: It may control one or many drilling stations, depending on requirements, load, but certainly not running ERP software, Mail or even CAD! File Sharing would only be for “Jobs” to be places in there…

I fully agrree with this statement.

I also have clients with such machines.
Windows based systems can be crippled by a security update / upgrade, I’ve experienced this several times…

My clients do not have enough Money to induce Microsoft to puch the update fix of their update!

And even their best protected Microsoft Systems are apparently easily read by the chinese, whenever they want to! Ask the US government Foreign dept!

My 2 cents
Andy

OT over /!

I’m sure that you will change your mind :broken_heart:

We’re trying (I speak for the @dev_team ) to do everything is possible but we’re re-creating an entire piece of software so bear with us :slight_smile: if things are not moving at your pace.
Keep testing can help the project a loooooot.

AFAIK no one for reasons that are attributable to our software but mostly due to misconfigurations

3 Likes

yes the way is long but free to recreate a piece of software like NS7 in NS8 I fully admit it. However the times are changing and what I have known in 2007 with SME7, 2013 with SME9, 2014 with NS6, 2017 with NS7…a strong server is over, first by the virtualization and now by the containerization.

so here not sure about security reasons to switch to containers but only to not be alone in the train station looking the train of progress running without us.

In IT when we do not move forward we step back, but of course it is a developer point of view

4 Likes