- This topic has 21 replies, 5 voices, and was last updated Feb 12-8:37 pm by Brian Masinick.
-
Posts
-
stevesr0
Hi,
On my sid system, I have a 5.15.02 kernel installed. This is not listed as a recommended kernel. Is this because it is susceptible to security problems that the recommended ones have been patched against?
On my 19 system, the newest kernel 5.10.88 is recommended as a patched kernel. Should I just remove my nonpatched ones and just keep one alternative patched kernel to try if I suddenly have a problem)?
stevesr0
anticapitalista
antiX can only support its own kernels. We have 4 (4.4, 4.9, 4.19 and 5.10)
Of course, users can install kernels from Debian. liquorix, but it is up to the user to determine how secure they are.
For Debian, one would assume it is secure.Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
Hi anticapitalista,
Thanks for reply.
To clarify my question, I understand that the antiX kernels are customized in several ways for efficiency (with regard to low power hardware) and specifically to eliminate the use of systemd.
From your reply, I assume you accept that new Debian kernels are likely patched against security issues.
The default repositories recommended for antiX systems include debian ones and these bring in debian kernels. I generally have been using the newest kernel (5.15.02) on my Sid sysvinit install without obvious problems for several months.
So, my current understanding is these may work fine when running antiX, but they may not be as lean and mean as the antiX customized kernels.
Is that correct?
stevesr0
anticapitalista
Debian kernels will work fine, yes.
They are more optimized for sever use though rather than a desktop.
Fortunately, systemd has not infiltrated the kernel (yet) so that makes no difference (yet).Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
Brian Masinick
Hi anti, you’re right about kernels. Those that are built primarily or exclusively for servers, and distributions specifically tuned for server use and server security do those things well, but it’s at the expense of interactive user performance. This is much easier to see as your personal equipment ages.
Fedora, for example (also the distribution behind the unconscious following toward systemd), is a solid distribution. After not using it at all for a while, I’ve tried the past couple of releases. They are just as solid as any other distribution, and almost certainly more secure; they are designed that way, and it shows up. Most obvious is the performance implication: you definitely want a system with some speed and power, because the overhead for that intense attention to security with every possible “Security Enhanced Linux” feature enabled, the overhead is considerable.
I don’t see much, if any degraded performance in Debian, even with systemd, but the memory footprint is somewhat greater than what we have, even with a modest environment.
I have some other observations about another related topic, which I’ll share in the thread containing the specific conversation.
--
Brian MasinickInterestingly, I have run across an example where an antiX kernel works and a newer debian kernel has a glitch.
I am running pipewire with wireplumber and have been using the debian 5.15.0-2 amd64-smp kernel, most of the time. When I try the latest antiX supported kernel (5.10.88), the system seems to work just as well.
However, after yesterday’s SID upgrade installed newer versions of wireplumber and libwireplumber (0.3.45-1), pavucontrol did notw detect a usb headset as either an available input or output.
I rebooted a couple of times with the default kernel (5.15.0-2) without changing this result.
Then I thought to try the latest antiX kernel (5.10.88).
Pavucontrol detected the usb headset and sent sound to it without a problem.
I posted this issue to the pipewire gitlab issue site.
Interested in whether they will agree this is a kernel-package upgrade interaction bug…
stevesr0
olsztyn
I understand that the antiX kernels are customized in several ways for efficiency (with regard to low power hardware)
I would be very much interested to understand some details what has been customized in antiX kernels for efficiency. Particularly that my latest understanding (probably incorrect) is that Debian kernel has not yet been corrupted by systemd…
Any info or opinion is very much appreciated…Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersBrian Masinick
I understand that the antiX kernels are customized in several ways for efficiency (with regard to low power hardware)
I would be very much interested to understand some details what has been customized in antiX kernels for efficiency. Particularly that my latest understanding (probably incorrect) is that Debian kernel has not yet been corrupted by systemd…
Any info or opinion is very much appreciated…As anti noted, Debian’s kernels have not been corrupted by systemd matters, but added the caveat “yet”.
Any kernel has a set of core features for its release, but distributors can also add or remove modules and set various parameters to optimize or tune for better performance with a particular workload. As was cited in a previous comment, some kernels are optimized for server performance, whereas others are optimized for interactive performance, and still others are completely “general purpose”, acceptable for various workloads, but not necessarily optimized for them.Any user can, if they wish, grab the source code for a particular kernel version – as long as that source code is available, and compile it with whatever features they wish. The more the features, the larger the kernel binary is. The more specific the kernel is to the particular set of conditions in which it will be used, the better it will work for those conditions.
Compiling a kernel isn’t trivial, but it’s not beyond the reach of anyone who is willing to put the time and effort in to read about the specific kernels of interest, the modules that can or cannot be included in a particular release, the prerequisite hardware and software to build the kernel, and associated documentation to read, learn, understand and then build. Kernel.org has been the definitive source for Linux kernels. This site may have mirror sites; I’m not sure because it’s been a pretty long time since I’ve personally compiled either a UNIX or Linux kernel, but I have done it. They are WAY bigger than they were when I did it but I’m pretty sure the tools and documentation are as good, or hopefully better than they were when I first took on the task.
See https://kernel.org/ –
mainline: 5.17-rc3 2022-02-06 [tarball] [patch] [inc. patch] [view diff] [browse]
stable: 5.16.8 2022-02-08 [tarball] [pgp] [patch] [inc. patch] [view diff] [browse] [changelog]
longterm: 5.15.22 2022-02-08 [tarball] [pgp] [patch] [inc. patch] [view diff] [browse] [changelog]
longterm: 5.10.99 2022-02-08 [tarball] [pgp] [patch] [inc. patch] [view diff] [browse] [changelog]
longterm: 5.4.178 2022-02-08 [tarball] [pgp] [patch] [inc. patch] [view diff] [browse] [changelog]
longterm: 4.19.228 2022-02-08 [tarball] [pgp] [patch] [inc. patch] [view diff] [browse] [changelog]
longterm: 4.14.265 2022-02-08 [tarball] [pgp] [patch] [inc. patch] [view diff] [browse] [changelog]
longterm: 4.9.300 2022-02-08 [tarball] [pgp] [patch] [inc. patch] [view diff] [browse] [changelog]
longterm: 4.4.302 [EOL] 2022-02-03 [tarball] [pgp] [patch] [inc. patch] [view diff] [browse] [changelog]
linux-next: next-20220209 2022-02-09 [browse]- This reply was modified 1 year, 2 months ago by Brian Masinick.
--
Brian MasinickThank you Brian for this detailed insight and experience. I do expect complexity associated with compiling kernels. Although compiling code is not alien to me, having been a programmer for a long time, I do not see such pressing need at this point, especially having ready to go kernels available.
I am not exactly familiar with how hardware drivers are incorporated in Linux kernels but the fact they appear to be so dependent on being so rigidly compiled as part of particular kernel seems a disadvantage of design in Linux. But perhaps it is also a convenience for typical Linux users.
Notwithstanding my above rambling there is an existing particular reason I am highlighting the architecture aspect of Linux:
I think (perhaps I am wrong on this), just based on my rudimentary testing and some research on the Internet, that there exist some bugs in some video drivers or their implementation, both Intel and Nouveau supporting nVidia. Specific forensic evidence indicating a possible fix in 5.15 kernel:
Using Google Earth 7.3 for testing rendition of 3D imagery on various laptops:
– Kernel 5.10 and 4.9: On the least powered Thinkpad X61 (Intel video) Google Earh image is being rendered in just small corner in upper left – unusable. This is a widely know issue pointing to video driver bugs for various and much more powerful laptops. The same issue exists in my testing on Thinkpad T410 (Intel video) with antiX and a few other distros.
– Kernel 5.10 and 4.9: Testing on my laptops with nVidia based laptops (two other T410 laptops (1440×900)), using Nouveau driver: 3D rendering is perfect on these.
– Same kernels on Thinkpad X220 (Intel video): Works fine too, native smaller resolution.
– Kernel 5.10 on much more powerful Thinkpads T520 (i7 with nVidia 4200M and Intel video 1920×1080): 3D rendering works perfectly on antiX, but it seems using just Intel as nVidia Nouveau driver does not (strangely) seem installed according to inxi. The same laptops using kernel 5.4 (using some other distros than antiX) do not render properly – same bug as described in the first bullet point, although also using Nouveau nVidia driver.
– Using the same (Intel video based) Thinkpad T410) that failed to render properly on antiX with kernel 5.10 renders just fine using kernel 5.15 (using a different distro for now). I will proceed to test if it works also on antiX with this newer kernel at some point…So I apologize for all these testing these details but I have been trying to be systematic in my testing to narrow down these video driver issues. And if kernel 5.15 proves to include a better video drivers I will certainly may want to implement in antiX.
Thanks for attention and Best Regards…- This reply was modified 1 year, 2 months ago by Brian Masinick. Reason: Brian
- This reply was modified 1 year, 2 months ago by olsztyn.
- This reply was modified 1 year, 2 months ago by Brian Masinick. Reason: Brian
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersBrian Masinick
Software drivers are written in code; they have to come from somewhere. Typically a kernel adds support for various hardware. I’ve not examined how they are doing it these days, but I do know that a few really old hardware components, many of them from 20-30 year old hardware, have been pared out of recent kernels and newer hardware has been added.
In fairness to the developers, it becomes increasingly difficult to maintain 3-4 decades of hardware in a single kernel. Even in our own software tree we see multiple versions of kernels from the 4.* series and the 5.* series.
This is necessary for a reasonable sized kernel to work efficiently and effectively.
--
Brian MasinickBrian Masinick
See also the end of life, as anti has indicated, regarding the 4.4 kernel.
For anyone super interested I would grab source code (if it’s even available; it may no longer be available).
(If it is, you might be able to incorporate security patches to the code).
--
Brian MasinickA new upgrade of wireplumber and libwireplumber came to Sid. (4.8-1 to 4.8-2).
Didn’t change things as far as I can tell. Detects my usb headset with the 10.88 kernel, but not the 5.15.0-2 kernel.
stevesr0
hughtmccullough
While on the topic of recommended kernels, I have a much simpler question. After installing antiX 21 I have the option of two kernels – 4.9.0-279 and 5.10.57. I notice that 4.9.0-294 and 5.10.88 are available but weren’t installed automatically. Currently I use 4.9.0-279 because 5.10.57 complains about a non-existent TPM chip when booting (although it does boot after a short delay).
Everything works fine, so far. What would be the benefit or otherwise of installing 4.9.0-294? Will other, newer kernels appear in the future and, if so, should I keep an eye out and update when a new one arrives? Why does it not happen automatically?
anticapitalista
https://antixlinux.com/latest-antix-kernels/
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
- You must be logged in to reply to this topic.
