Re: NetBSD and ECC RAM?

[Kevin Bowling <kevin.bowling%kev009.com@localhost>]

On Mon, Feb 19, 2024 at 12:19 AM Michael van Elst <mlelstv%serpens.de@localhost> wrote:
>
> michael.cheponis%gmail.com@localhost (Michael Cheponis) writes:
>
> >I've been running ECC in the Windows box for years, it seems like a 'no
> >brainer' for servers. Servers usually run for years, and Stuff Happens over
> >the years [1].
> >But I'd prefer a reliable, unhackable, trustable compute fabric.  ECC is
> >part of the 'reliable' part.
>
> I agree, but the "box" will run with ECC, even when the OS doesn't
> know about it. OS support is needed to get information about errors
> and for better fault tolerance.

Servers tend to have BMCs, so you can execute 'ipmitool sensors' and
'ipmi sel elist' to get the information out.

Linux has the 'EDAC' subsystem but I don't think it gains you so much
if you have a BMC.  Kernel printfs for some errors and character
drivers to do userspace development.  And it would support systems
without BMCs.  A lot of fragile chipset specific code to get that.

>
> >I would also like to see per /dev entry ACLs.  I would like to see better
> >security than owner-group-everbody permissions.
>
> I have rarely seen ACLs being used for "better security". Even when that
> was possible, the complexity usually outweighed any gain in control.
>
> Systems that implied access control through simple rules worked much
> better. It's still not a feature that you had to enable or a switch
> you toggled, it requires constant effort, in particular on systems
> that don't just perform a fixed set of functions.
>