----- Original Message ----- > From: "Rob Landry" <41001...@interpring.com>
> On Wed, 6 May 2015, Joey Alcala wrote: > > > I want to run rivendell on the newest/ most modern kernel (and > > desktop environment) possible > > I wouldn't do that. I would run it in an environment where it is known to > work reliably and where any issues are likely to have already been found > and resolved. Otherwise, you may be setting yourself up for many hours of > extra work finding solutions to weird compile problems, etc. I'd like to lay one extra layer of foundation under Rob's excellent advice. There are two reasons why you might want to do things the way Joey initially suggests here, and one of them is harder to work around than the other. One is that a more up to date kernel/os is more secure against attacks. That's true, as far as it goes, but it doesn't go far enough. Your on-air automation computer is the core of your "Air Network". It ought to be next to impossible to get to that Air Network, not only from your upstream Internet connection, but from other internal networks as well. That LAN should be protected by its own physically separate firewall, whose security policy should be DENY ALL, with holes poked in it only in places you absolutely know you need them, and all by IP address -- unless you're *very* careful about your DNS hygiene. (If you don't know what that means, you're not knowledgeable enough to be "very careful". :-) Not even your in-house computers should be able to get to it, I should reiterate, except in a *very* controlled fashion. This is part of the power vs control tradeoff you have to make if you decide to have an IT based broadcast infrastructure; if you don't have someone to set it up who knows the IT side as well as the broadcast side, you are living on borrowed time. === The other side is one of support: If you don't keep components up to date, then it can become harder and harder to get support for them. This one's a little harder to rebut, except for one thing: It's an appliance. You shouldn't be doing *anything* on your Rivendell machine except automation playback. Boxes are cheap; Linux is free; if you need to do other stuff, set up another box and do it there. This is *why* it's an appliance: because that keeps its complexity down far enough that the people who assembled it can reasonably do all the support you need on it. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274 _______________________________________________ Rivendell-dev mailing list Rivendell-dev@lists.rivendellaudio.org http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
