title graphics

Blog: Opensuse 10.2 issues: ZENworks, security and boxed vs. Internet version


More than a month now that Opensuse 10.2 was released. It's not the time where big changes in the Linux world are taking place, so basically I thought "YASD" (Yet another Suse distribution) ;-).

ZENworks

Anyway I was curious how the client part of ZENworks management is, since it in my in-depth reports of SLES 10 and it's foundation Suse 10.1 it was not a good piece of software. To make the long story short: Except the "detail window" in the updater it is really better: On a Core 2 Duo (E6600, x86_64 version of Opensuse) parse-meta-data runs for ~8 minutes consuming up to 210 megs and 95% of one core, followed by update-status consuming between 95-100% CPU and up to 170 megs of for 5.5 minutes. As in Suse 10.1 if you log in, let ~1h pass and click on the zen-updater icon, CPU cycles are wasted again, nothing seems to be cached. An update of a handful RPMs only takes ~45 minutes (load >1) on this "state of the art"-machine. Politely speaking the ZENworks client is still not a good example of software design.

RPM diffs: boxed and Internet version

Another point I was curious to check: In 10.1 there were tremendous differences between the download version and the purchase version. This has not changed (the RPM* files were generated by a zgrep -w rpm ls-lR.gz | grep -v x86_64.rpm):
me@mybox:/tmp|0% ls -lgG RPM_list_* 
-rw-r----- 1 223574 2007-01-18 12:20 RPM_list_downloaded.txt
-rw-r----- 1 333095 2007-01-18 12:19 RPM_list_IA32-boxed.txt
me@mybox:/tmp|0% for i in nessus arpwatch john snort tinyca pwgen eclipse nvu bluefish \
cacti nagios asterisk sipset OpenPBS pcp pcpmon ebtables vlan xsupplicant pam_radius \
drbd heartbeat nbd ocfs2 ez-ipupdate courier-imap cyrus-imapd exim cfengine uucp uudeview \
amanda bacula dump xfsdump clamav ncftp pdksh bash-completion ghostview git webalizer \
xfce xplanet scummvm gnokii gsmlib exif exifprobe exiftran jhead pdftk scribus mdbtools ulogd \
do
for> grep -w $i RPM_list*.txt | sed 's/\:\-/ /g' | awk '{ print $1"\t "$10"\t\t"$6" Bytes" }' for> done > check_last_diffs.txt
me@mybox:/tmp|0%
The file check_last_diffs.txt shows only minor changes to 10.1: gnokii git-core clamav xfsdump cyrus-imapd ocfs2-tools pwgen and some asterisk packages made it into the download version of Opensuse 10.2. There are still important parts missing. For your convenience: Here is the complete diff of the RPMs in both versions.

Relaxed default security

Opensuse 10.2 is still posing a security threat on users doing a fresh install: per default for logging in locally in front of the computer you do not have to provide credentials: After booting the machine logs in the first user automatically you created during install.
  Also beagle's hard disk activity became with up 30 minutes per day quite annoying, maybe the new hard disk contributed to that a bit. rpm -ev cured that problem.  (Dirk Wetter, 1/18/2007)


New: compressed/encrypted suspend image

<update> As I learned on LinuxTag this year the new pm-utils which is becoming the standard for all Linux distros, is able to compress and/or encrypt the suspend image. Under OpenSuse 10.2 this is accomplished by /etc/suspend.conf:
[..]
## compression will often speed up suspend and resume
compress = y
#
## encryption support is rather basic right now - e.g. USB keyboards will not
## work to enter the key in the standard initrd, also beware of
## non-US keyboard layouts. Only use this if you know what you are doing.
encrypt = y
#
#early writeout = n
#splash = y
In tests I performed (Core 2 Duo, SATA II disk) compression didn't speed up suspend or resume. However encryption is an important issue especially for laptops. And: It's an elegant solution, before suspend and before resume you'll be prompted for a passphrase. </update>  (Dirk Wetter, 6/03/2007)

Discuss this article  |   Permalink, Comments [0]   |   del.icio.us   |   digg this

Discussions

Matthew Baker (10/4/2007, 11:52 AM) wrote:

I'm running a new install of OpenSuse10.2 and ran into most of the problems with zdm and it's associated programs pretty much as you describe in http://drwetter.org/suse10.1/report.suse-10.1.html. I had to kill the processes, update the run levels to not run the zen service then used YAST to remove zmd and rug. All OK now.
Open Suse 10.2 has openSUSE updater which is configurable to use Default or ZENWorks (ZENdoesntworkverywell) as the update method. I use Default which just runs the equivalent of the YAST software update.

Permalink, Comments [1], Reply

   Dirk Wetter(10/17/2007, 11:47 PM) wrote:

Thx! On my 10.2 desktops the zen-applet was used by default. Since I switched off the zen stuff similar as you did (in 10.1), I was missing the notification. opensuseupdater worked, however I had to straighten out the permissions since I always got the "triangle" (see http://linux.derkeiler.com/Mailing-Lists/SuSE/2007-03/msg01276.html)

Comments [0], Reply