Discussion on LTS OSes
-
@IRJ said in Linux OS Thoughts?:
Negatives about bleeding edge:
Often not supported
No available benchmarks
Higher chance for bugs as it gets untested releasesNone of these are true for what we are discussing. They are often MORE supported (Ubuntu they are the ONLY option for what IT calls support, and as that is the biggest OS, this is a big deal.) RHEL gives more phone support to LTS, but more coding support to current.
Benchmarks are easily available.
Higher chance of bugs based on what? I don't believe this to be true, especially in real world usage. It sounds plausible, but doesn't really hold up.
-
@stacksofplates said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
Literally all the NIST, CIS, etc standards point to LTS and dont have benchmarks for Bleeding Edge.
And this, in turn, makes them complete and utter jokes with no place in a production environment. If they don't know computing basics (and they don't) they shouldn't be making recommendations. We know that these agencies are inept and at best decades behind the times. That they recommend LTS tells us a lot about if that's a good idea. Remember until just two years ago NIST was recommending insecure passwords because they couldn't keep up with decades old basic computer knowledge.
The hardening for RHEL is written by Red Hat, not NIST. So the benchmarks are made by the people that make the software...
Coincidentally I know this because I've contributed directly to SCAP remediations.
-
@IRJ said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
Literally all the NIST, CIS, etc standards point to LTS and dont have benchmarks for Bleeding Edge.
And this, in turn, makes them complete and utter jokes with no place in a production environment. If they don't know computing basics (and they don't) they shouldn't be making recommendations. We know that these agencies are inept and at best decades behind the times. That they recommend LTS tells us a lot about if that's a good idea. Remember until just two years ago NIST was recommending insecure passwords because they couldn't keep up with decades old basic computer knowledge.
A good portion of business that have any compliance requirements dont have a choice. Pretty much businesses that have any kinds of audits are going to need to meet benchmarks even if they arent specific to CIS or NIST. Nobody is able to provide valid benchmarks for Bleeding Edge as they change so much.
That's unrelated to what is "good" or "secure". Politics and good business are opponents, not partners.
-
@scottalanmiller said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
Literally all the NIST, CIS, etc standards point to LTS and dont have benchmarks for Bleeding Edge.
And this, in turn, makes them complete and utter jokes with no place in a production environment. If they don't know computing basics (and they don't) they shouldn't be making recommendations. We know that these agencies are inept and at best decades behind the times. That they recommend LTS tells us a lot about if that's a good idea. Remember until just two years ago NIST was recommending insecure passwords because they couldn't keep up with decades old basic computer knowledge.
A good portion of business that have any compliance requirements dont have a choice. Pretty much businesses that have any kinds of audits are going to need to meet benchmarks even if they arent specific to CIS or NIST. Nobody is able to provide valid benchmarks for Bleeding Edge as they change so much.
That's unrelated to what is "good" or "secure". Politics and good business are opponents, not partners.
Sometimes you need both. Without requirements we would be in much worse shape. There has to be an audit process in place, and they has to be realistic time for it. Most of audit checks make perfect sense. Sure there is always weird requirements, but overall they surely are considered best practice.
-
@WrCombs said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
Stick to LTS versions (...hides)
what is LTS Versions vs. Bleeding Edge
That's not a comparison. They are saying Bleeding Edge in an attempt to discredit "Current Releases." Bleeding edge is something wholly different.
LTS: Long Term Support. These are OS releases that are selected (every major vendor does this... Windows, RHEL, Ubuntu, Suse, etc.) to get "support" for a really long time with a guarantee that the code versions won't change. It's a locked release that you can install and use and get "support" for a long time. I say "support" because it's not always what it sounds like. Ubuntu doesn't offer anything we'd call actual support for their LTS, it's all a marketing thing not a tech thing.
Current Release: This is the current product release from a vendor. Windows, RH, Ubuntu, Suse all offer these. Windows, RH, and Ubuntu all have a ~6 month release cycle for current. Suse alone uses a rolling release model. None of these imply anything like cutting or bleeding edge, those terms would denote a misunderstanding of what releases are. A current release can easily include software that is decades old, nothing about it implies a faster release of packages. And if it did, Ubuntu LTS is also "Current" every 18 months, so if bleeding edge is bad, then their LTS is also bad because they would overlap.
Current selections of both....
Windows:
LTS: Windows LTSB 1809
Current: 1903Red Hat:
LTS: CentOS 8 / RHEL 8
Current: Fedora 30Ubuntu:
LTS: 1804
Current: 1910Suse:
LTS: OpenSuse Leap
Current: OpenSuse Tumbleweed -
@IRJ said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
Literally all the NIST, CIS, etc standards point to LTS and dont have benchmarks for Bleeding Edge.
And this, in turn, makes them complete and utter jokes with no place in a production environment. If they don't know computing basics (and they don't) they shouldn't be making recommendations. We know that these agencies are inept and at best decades behind the times. That they recommend LTS tells us a lot about if that's a good idea. Remember until just two years ago NIST was recommending insecure passwords because they couldn't keep up with decades old basic computer knowledge.
A good portion of business that have any compliance requirements dont have a choice. Pretty much businesses that have any kinds of audits are going to need to meet benchmarks even if they arent specific to CIS or NIST. Nobody is able to provide valid benchmarks for Bleeding Edge as they change so much.
That's unrelated to what is "good" or "secure". Politics and good business are opponents, not partners.
Sometimes you need both. Without requirements we would be in much worse shape. There has to be an audit process in place, and they has to be realistic time for it. Most of audit checks make perfect sense. Sure there is always weird requirements, but overall they surely are considered best practice.
Sometimes you have to bow to politics over what is good for the business all things being equal. The law often demands or promotes reckless behaviour (like allowing faxes under HIPAA... absolutely criminal if the law didn't promote it.)
But that doesn't make the practice good, only required.
-
@stacksofplates said in Linux OS Thoughts?:
@Dashrender said in Linux OS Thoughts?:
@DustinB3403 said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@WrCombs said in Linux OS Thoughts?:
@DustinB3403 said in Linux OS Thoughts?:
@WrCombs said in Linux OS Thoughts?:
Learn linux - But with out the " "
Okay so let's break this down one more step. What about Linux do you want to learn?
If you looked at Linux like the day you go your learners permit, it's just learning what the tools are and how to use them. Is there something specific you are wanting to do with Linux?
looking at Linux Administration.
Oh, in the case, installing RHEL 8 is probably the best place to start.
Spend money on RHEL, really? When we were just telling him to not spend money on Windows 10 Pro for his work provided computer.
In a lab/home environment, sure that makes sense, but this is discussing his career. Which I would lean towards Fedora as a jump point.
RHEL is still free (as far as I know) it's just a HUGE PITA to get your hands on if you don't buy support for it.
You can get it for free through a dev account, but it's offered through CentOS as the free version unless you build it from source yourself.
Other than a name - what is the difference between CentOS and RHEL? it's my understanding that RHEL is a less rev'ed version of CentOS, which is a less rev'ed version of Fedora... in essence, it's LTS.
-
@DustinB3403 said in Linux OS Thoughts?:
@Dashrender said in Linux OS Thoughts?:
@DustinB3403 said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@WrCombs said in Linux OS Thoughts?:
@DustinB3403 said in Linux OS Thoughts?:
@WrCombs said in Linux OS Thoughts?:
Learn linux - But with out the " "
Okay so let's break this down one more step. What about Linux do you want to learn?
If you looked at Linux like the day you go your learners permit, it's just learning what the tools are and how to use them. Is there something specific you are wanting to do with Linux?
looking at Linux Administration.
Oh, in the case, installing RHEL 8 is probably the best place to start.
Spend money on RHEL, really? When we were just telling him to not spend money on Windows 10 Pro for his work provided computer.
In a lab/home environment, sure that makes sense, but this is discussing his career. Which I would lean towards Fedora as a jump point.
RHEL is still free (as far as I know) it's just a HUGE PITA to get your hands on if you don't buy support for it.
Interesting, but is there really a value to using RHEL without support?
Only for testing or claiming that you've used it.
-
@Dashrender said in Linux OS Thoughts?:
@stacksofplates said in Linux OS Thoughts?:
@Dashrender said in Linux OS Thoughts?:
@DustinB3403 said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@WrCombs said in Linux OS Thoughts?:
@DustinB3403 said in Linux OS Thoughts?:
@WrCombs said in Linux OS Thoughts?:
Learn linux - But with out the " "
Okay so let's break this down one more step. What about Linux do you want to learn?
If you looked at Linux like the day you go your learners permit, it's just learning what the tools are and how to use them. Is there something specific you are wanting to do with Linux?
looking at Linux Administration.
Oh, in the case, installing RHEL 8 is probably the best place to start.
Spend money on RHEL, really? When we were just telling him to not spend money on Windows 10 Pro for his work provided computer.
In a lab/home environment, sure that makes sense, but this is discussing his career. Which I would lean towards Fedora as a jump point.
RHEL is still free (as far as I know) it's just a HUGE PITA to get your hands on if you don't buy support for it.
You can get it for free through a dev account, but it's offered through CentOS as the free version unless you build it from source yourself.
Other than a name - what is the difference between CentOS and RHEL? it's my understanding that RHEL is a less rev'ed version of CentOS, which is a less rev'ed version of Fedora... in essence, it's LTS.
There's some package differences like subscription manager. But it's mostly branding.
-
@stacksofplates said in Linux OS Thoughts?:
@DustinB3403 said in Linux OS Thoughts?:
@scottalanmiller can explain what the fundamental differences is between LTS and anything bleeding edge.
To summarize it lazily, LTS is a set in time that is only updated for security concerns. BE is everything not that and you wanting to use the newest features as soon as they are released.
Yeah that's not true. Dot releases with CentOS/RHEL give you packages that weren't in previous releases. For example adding VDO in 7.5 or 7.6. By the way, I believe you still need copr on Fedora to install that (so not in upstream yet.).
New packages, but if they update old ones, it stops being an LTS and just becomes a different "current". But just adding something new and optional isn't the same as updating something old. MS follows the same rules.
-
@scottalanmiller said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
Literally all the NIST, CIS, etc standards point to LTS and dont have benchmarks for Bleeding Edge.
And this, in turn, makes them complete and utter jokes with no place in a production environment. If they don't know computing basics (and they don't) they shouldn't be making recommendations. We know that these agencies are inept and at best decades behind the times. That they recommend LTS tells us a lot about if that's a good idea. Remember until just two years ago NIST was recommending insecure passwords because they couldn't keep up with decades old basic computer knowledge.
A good portion of business that have any compliance requirements dont have a choice. Pretty much businesses that have any kinds of audits are going to need to meet benchmarks even if they arent specific to CIS or NIST. Nobody is able to provide valid benchmarks for Bleeding Edge as they change so much.
That's unrelated to what is "good" or "secure". Politics and good business are opponents, not partners.
Sometimes you need both. Without requirements we would be in much worse shape. There has to be an audit process in place, and they has to be realistic time for it. Most of audit checks make perfect sense. Sure there is always weird requirements, but overall they surely are considered best practice.
Sometimes you have to bow to politics over what is good for the business all things being equal. The law often demands or promotes reckless behaviour (like allowing faxes under HIPAA... absolutely criminal if the law didn't promote it.)
But that doesn't make the practice good, only required.
If HIPAA was anything like NIST , Holy shit would we be in good shape in comparison. If you have dealt with the two, you will realize there is no comparing the two.
HITRUST is well trusted in the medical field. They are difficult to acheive and take years of work in some cases to acheive HiTRUST.
HIPAA is literally bullshit that is well below common sense knowledge.
-
@scottalanmiller said in Linux OS Thoughts?:
@WrCombs said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
Stick to LTS versions (...hides)
what is LTS Versions vs. Bleeding Edge
That's not a comparison. They are saying Bleeding Edge in an attempt to discredit "Current Releases." Bleeding edge is something wholly different.
LTS: Long Term Support. These are OS releases that are selected (every major vendor does this... Windows, RHEL, Ubuntu, Suse, etc.) to get "support" for a really long time with a guarantee that the code versions won't change. It's a locked release that you can install and use and get "support" for a long time. I say "support" because it's not always what it sounds like. Ubuntu doesn't offer anything we'd call actual support for their LTS, it's all a marketing thing not a tech thing.
Current Release: This is the current product release from a vendor. Windows, RH, Ubuntu, Suse all offer these. Windows, RH, and Ubuntu all have a ~6 month release cycle for current. Suse alone uses a rolling release model. None of these imply anything like cutting or bleeding edge, those terms would denote a misunderstanding of what releases are. A current release can easily include software that is decades old, nothing about it implies a faster release of packages. And if it did, Ubuntu LTS is also "Current" every 18 months, so if bleeding edge is bad, then their LTS is also bad because they would overlap.
Current selections of both....
Windows:
LTS: Windows LTSB 1809
Current: 1903Red Hat:
LTS: CentOS 8 / RHEL 8
Current: Fedora 30Ubuntu:
LTS: 1804
Current: 1910Suse:
LTS: OpenSuse Leap
Current: OpenSuse TumbleweedActually 1909 has been released officially.
-
@Dashrender said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@WrCombs said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
Stick to LTS versions (...hides)
what is LTS Versions vs. Bleeding Edge
That's not a comparison. They are saying Bleeding Edge in an attempt to discredit "Current Releases." Bleeding edge is something wholly different.
LTS: Long Term Support. These are OS releases that are selected (every major vendor does this... Windows, RHEL, Ubuntu, Suse, etc.) to get "support" for a really long time with a guarantee that the code versions won't change. It's a locked release that you can install and use and get "support" for a long time. I say "support" because it's not always what it sounds like. Ubuntu doesn't offer anything we'd call actual support for their LTS, it's all a marketing thing not a tech thing.
Current Release: This is the current product release from a vendor. Windows, RH, Ubuntu, Suse all offer these. Windows, RH, and Ubuntu all have a ~6 month release cycle for current. Suse alone uses a rolling release model. None of these imply anything like cutting or bleeding edge, those terms would denote a misunderstanding of what releases are. A current release can easily include software that is decades old, nothing about it implies a faster release of packages. And if it did, Ubuntu LTS is also "Current" every 18 months, so if bleeding edge is bad, then their LTS is also bad because they would overlap.
Current selections of both....
Windows:
LTS: Windows LTSB 1809
Current: 1903Red Hat:
LTS: CentOS 8 / RHEL 8
Current: Fedora 30Ubuntu:
LTS: 1804
Current: 1910Suse:
LTS: OpenSuse Leap
Current: OpenSuse TumbleweedActually 1909 has been released officially.
That's what I got on my new laptop.. weird.
-
@scottalanmiller said in Linux OS Thoughts?:
@WrCombs said in Linux OS Thoughts?:
@IRJ said in Linux OS Thoughts?:
Stick to LTS versions (...hides)
what is LTS Versions vs. Bleeding Edge
That's not a comparison. They are saying Bleeding Edge in an attempt to discredit "Current Releases." Bleeding edge is something wholly different.
LTS: Long Term Support. These are OS releases that are selected (every major vendor does this... Windows, RHEL, Ubuntu, Suse, etc.) to get "support" for a really long time with a guarantee that the code versions won't change. It's a locked release that you can install and use and get "support" for a long time. I say "support" because it's not always what it sounds like. Ubuntu doesn't offer anything we'd call actual support for their LTS, it's all a marketing thing not a tech thing.
Current Release: This is the current product release from a vendor. Windows, RH, Ubuntu, Suse all offer these. Windows, RH, and Ubuntu all have a ~6 month release cycle for current. Suse alone uses a rolling release model. None of these imply anything like cutting or bleeding edge, those terms would denote a misunderstanding of what releases are. A current release can easily include software that is decades old, nothing about it implies a faster release of packages. And if it did, Ubuntu LTS is also "Current" every 18 months, so if bleeding edge is bad, then their LTS is also bad because they would overlap.
Current selections of both....
Windows:
LTS: Windows LTSB 1809
Current: 1903Red Hat:
LTS: CentOS 8 / RHEL 8
Current: Fedora 30Ubuntu:
LTS: 1804
Current: 1910Suse:
LTS: OpenSuse Leap
Current: OpenSuse TumbleweedThat makes a lot more sense.
-
@scottalanmiller said in Linux OS Thoughts?:
@stacksofplates said in Linux OS Thoughts?:
@DustinB3403 said in Linux OS Thoughts?:
@scottalanmiller can explain what the fundamental differences is between LTS and anything bleeding edge.
To summarize it lazily, LTS is a set in time that is only updated for security concerns. BE is everything not that and you wanting to use the newest features as soon as they are released.
Yeah that's not true. Dot releases with CentOS/RHEL give you packages that weren't in previous releases. For example adding VDO in 7.5 or 7.6. By the way, I believe you still need copr on Fedora to install that (so not in upstream yet.).
New packages, but if they update old ones, it stops being an LTS and just becomes a different "current". But just adding something new and optional isn't the same as updating something old. MS follows the same rules.
Yeah that's not true. They definitely update packages. RHEL/CentOS 7.1 had NetworkManager-1.0.0-16. RHEL/CentOS 7.6 has 1.18.0-5. Just one example.
They definitely update packages as dot releases come out.
-
@IRJ said in Linux OS Thoughts?:
Negatives about bleeding edge:
Often not supported
No available benchmarks
Higher chance for bugs as it gets untested releases
What are the tangible negatives for LTS?Issue LTS Current Latest Technology (including security) Stagnant Updates Much Sooner Bugs More Time to View Code More Updated Code and Refactoring Support - Official Better from HR and Suse Better from Microsoft and Canonical Support - Devs Hated Focused Support - Products Better for Badly Supported Products Better for Well Supported Products In the Interest of the Vendor Low High Security Reviews More Time to Benchmark Less Time to Benchmark Security - Hackers More time to find holes Less time to find holes Features Fewer More Patching Consistent Consistent Performance Generally Worse Generally Better Abrubtness of Changes High Low OS Level Version Updates Generally Breaking Generally Painless Encourages Proper Maintenance Discourages Encourages Third Party Library Support Often Requires Leaving LTS Status to Work Less Likely Requires Leaving Supported Conf More Support for Components (DB) Higher Lower Lots of the things about one versus the other is "tends to". LTS tends to encourage bad behaviour. Current tends to see bugs first. Of hard and fast things it's less clear, which is why traditionally LTS was considered better in the 90s and 2000s, but isn't seen that way today. How software is delivered, maintained, used and supported is very different. DevOps, for example, has removed many of the arguments for LTS.
I bolded the winners in a category when there was one.
-
@stacksofplates said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@stacksofplates said in Linux OS Thoughts?:
@DustinB3403 said in Linux OS Thoughts?:
@scottalanmiller can explain what the fundamental differences is between LTS and anything bleeding edge.
To summarize it lazily, LTS is a set in time that is only updated for security concerns. BE is everything not that and you wanting to use the newest features as soon as they are released.
Yeah that's not true. Dot releases with CentOS/RHEL give you packages that weren't in previous releases. For example adding VDO in 7.5 or 7.6. By the way, I believe you still need copr on Fedora to install that (so not in upstream yet.).
New packages, but if they update old ones, it stops being an LTS and just becomes a different "current". But just adding something new and optional isn't the same as updating something old. MS follows the same rules.
Yeah that's not true. They definitely update packages. RHEL/CentOS 7.1 had NetworkManager-1.0.0-16. RHEL/CentOS 7.6 has 1.18.0-5. Just one example.
They definitely update packages as dot releases come out.
Right, which technically, makes it not an LTS but just a stagnant current
Basically, LTS is such a bad idea, everyone has abandoned it but people demand it, so they keep the terms around to make government agencies and such accept it. -
@WrCombs said in Linux OS Thoughts?:
@Dashrender said in Linux OS Thoughts?:
Back to the OP.
@WrCombs wants to things most likely...
a desktop environment to run in - So Fedora or Ubuntu most likely... and then a separate "server" box to install Linux Server OSes on to experiment with to do things like - setup FreePBX, setup NC, setup file server, etc.
yes.
I could even VM those, right? or no? - Forgive the newbness, but I'm thinking a Desktop and then run a VM Boxes with server OS's to do what @Dashrender is saying and thoughts on which ones to try.You could do this with any platform, desktop or server. On Fedora and CentOS/RHEL it's just an option that you check at installation and you have everything you need to start building and creating VMs.
-
@Dashrender said in Linux OS Thoughts?:
Actually 1909 has been released officially.
ANd that's an LTSB? Or just current? I thought it was slated for LTSB but was breaking and they held it off?
-
@scottalanmiller said in Linux OS Thoughts?:
@stacksofplates said in Linux OS Thoughts?:
@scottalanmiller said in Linux OS Thoughts?:
@stacksofplates said in Linux OS Thoughts?:
@DustinB3403 said in Linux OS Thoughts?:
@scottalanmiller can explain what the fundamental differences is between LTS and anything bleeding edge.
To summarize it lazily, LTS is a set in time that is only updated for security concerns. BE is everything not that and you wanting to use the newest features as soon as they are released.
Yeah that's not true. Dot releases with CentOS/RHEL give you packages that weren't in previous releases. For example adding VDO in 7.5 or 7.6. By the way, I believe you still need copr on Fedora to install that (so not in upstream yet.).
New packages, but if they update old ones, it stops being an LTS and just becomes a different "current". But just adding something new and optional isn't the same as updating something old. MS follows the same rules.
Yeah that's not true. They definitely update packages. RHEL/CentOS 7.1 had NetworkManager-1.0.0-16. RHEL/CentOS 7.6 has 1.18.0-5. Just one example.
They definitely update packages as dot releases come out.
Right, which technically, makes it not an LTS but just a stagnant current
Basically, LTS is such a bad idea, everyone has abandoned it but people demand it, so they keep the terms around to make government agencies and such accept it.Not really. They don't jump major versions. Dot releases and patches of a project are stable. They just don't jump major versions like in upstream projects. It's still LTS.
