So, lots of people know that at Microsoft, we’ve recently shipped the latest version of Windows. No, not Windows Live, but Windows Vista. And in the blogosphere, there’s a fair amount of questioning about whether or not to upgrade. I’ve skipped the debate, largely because it puts me in a difficult position. If I list a bunch of reasons to upgrade, I’m just being a corporate shill. If I list a bunch of reasons not to upgrade, I’m biting the hand that feeds me. Luckily, however, the fine folks in charge of Debian just released Etch, or Debian v4.0. I’ve been running Debian for years now on my servers at home, so I thought I’d post a bit about my thoughts on upgrading Debian. You can extrapolate this to other operating systems at your discretion, and as always, your mileage may vary.
I run Debian on two boxes that act as my utility servers; they manage my mail, Web server (including this blog), DNS entries for various domains I run, backups (fully mirrored!), and archival storage. I initially picked Debian for two reasons:
- It was the most stable Linux distribution;
- The Debian package management system (apt-get) was infinitely better than the RPM hell of Redhat and related distros.
First question - why not run Windows? Well, at the time, I had recently graduated from UW, which at the time was still a UNIX shop (mostly Digital UNIX from DEC), and I was very familiar with administering UNIX type OSes. Next question - why not move to Windows? Well, simple answer — there’s no reason to. Really, I don’t want to “maintain” standard services, like Web, Mail, and DNS. The protocols are standard and new features are few and far between, and frankly I don’t care that much. I just want mail to come to me, meaning it arrives on my server, gets piped through SpamAssassin, and gets dumped in my INBOX. I want my DNS server to resolve the various domains to the right IP address.
And this brings me to Debian 4.0… will I upgrade my servers? It’s nice and stable, with lots of bug fixes, security upgrades, and new features.
Probably not.
Again, at the end of the day, I don’t want to spend time mucking about with upgrading and likely breaking something that works. I just want the services to work, and they do. I run a number of applications on the OS, and they serve my needs. The likelihood of downtime and spending hours hunting for a misconfiguration isn’t something I’m looking to spend tons of time on.
But what about all the security features?
Well, yeah, OK. I guess my system is hackable on the ports I have open (mail, dns, web, ssh… but all you port-scanning script kiddies already know that, dontcha?). I run a service called DenyHosts that blocks IPs after 3 failed attempts, and I get 1-3 blocked IPs per day. It also automatically contributes these bad hosts to a central DB, so we can all share the, uh, love.
Ultimately, when running key services, the goal is stability. Change, meaning new applications, OS, or whatnot, all bring a risk of downtime. So, my mantra is not to change anything unless absolutely necessary. While I used to be all about the latest version of Postfix, well, I’ve discovered new hobbies to occupy my time. Not to mention my day job. 