I never really liked the taste of diet either. I liked regular Coke, but not most of the other flavors. However, I wanted to cut down on the sugar. I mostly started drinking iced tea with lemon. I also tried the various diet sodas with lemon and like some of them. In fact, I find them quite tasty that way.
My particular favorites are diet Coke and diet Dr. Pepper with lemon. In fact, I REALLY like the latter with lemon.
When I'm at a restaurant that doesn't have iced tea or lemon, I will mix the diet with about a quarter lemonade or another option. This takes the nasty diet taste away.
However, you mention the "convenience of can beverages", so the routine of doing the squeezing of some lemon sounds like it won't be an acceptable option.
Munin is nice because it's just so simple to install and configure it. We used to use some scripts I had written to track server statistics, but have entirely switched to munin. However, munin also has some "monitoring" capabilities, which I usually disable. I wish they just stuck to graphing and didn't try to add monitoring to munin.
Also, generating a lot of graphs can impact the system load. Not that you shouldn't use it, but I have definitely seen times where the system was getting hit particularly hard and munin seemed to be using up a lot of resourcesm at the same time. You probably don't want to install it on an already overloaded system...
Also, munin's design is such that if the system gets hit particularly hard, munin may not be able to run and capture this information. It doesn't lock itself into memory, or run at an escallated priority, so if the system is being thrashing particularly hard, you often will get empty samples in munin instead of getting pointers to whether the problem was due to high load, high disc activity, high swap activity, etc... So it's really better suited to long-term capacity planning more than tracking down short-term load problems.
As far as setting up service restarts, I totally agree that it's the lazy way out. The ideal solution is to track the problem to root cause and prevent it from happening. However, unlike the other respondant, I'm fine with that.
As a sys admin, your job is to keep the system and services available. A brain-dead restart of Apache or bind once a week is much preferable to leaving it down for hours from 3am to 9am and then trying to track down a bug in bind or some random PHP application.
So, by all means fix the real cause if possible. However, I recommend setting up automatic restarts with alerts going to appropriate people so you can keep an eye on when restarts happen. For one of my machines an apache restart happens about once every 2 weeks, and a bind restart happens once every other month. I'm not particularly inclined to spend significant resources debugging bind to prevent a 60 second outage of one of my two name servers once every 60 days. At least not today, I have other higher priority tasks to work on.
High availability redundant NFS servers for storing the mailbox data and user information.
One or more machines mounting this file-system for handling POP, IMAP, and SMTP from accounts and mailfolders off the NFS server.
Webmail can be tricky because you need to make sure that either users always hit the same machine for webmail during a session, or session information is shared among the cluster. LVS systems can handle either of these scenarios, so it's not a problem, just something you have to be aware of.
LVS systems up front, again running High Availability which do load-balancing and automatic removal of failed servers. These are the machines that have the IPs which your customers contact, and then get spread across the real machines in the middle layer above.
This sort of solution works really well, and we have deployed it for customers of ours with good results. You can get started for only $5k to $10k worth of hardware and if you're building this from scratch it will probably only take you around 100 hours. If you have experience with this sort of setup it can take as little as 10 to 20.
If $5k to $10k for hardware is out of your budget, you probably shouldn't be looking at this sort of solution. Individual stand-alone servers or even a single pointy box, possibly with high availability, is probably where you want to be in that case.
linux-ha.org is the place to go for High Availability software on Linux.
Don't listen to the people who say you need math or other sciences in order to do computers. In general, the people who say that tend to be people who don't know anything about computers.
I was never very good at math, never really took any chemistry or biology, but did get into physics and electronics a bit. However, I was insanely into computers. Since then I've done lots of work programming, system and network administration, and all sorts of other computer-related work. A decade ago I started a technology company that has allowed me to challenge myself in so many different ways ever since.
My theory about the math thing is that math is a well understood and traditional area of study which has similar problem-solving requirements that computers do. Coming up with the set of rules that make a proof come together are quite similar to building a program.
Because math is more easily and generally understood and taught, the people who have the skills required for computers probably have had more exposure and training related to math. For example, when I was in elementary through high schools, we got to play with computers, but I only had one semester of classroom instruction in computers, but I pretty much had a math class every semester for 12 years.
I feel that you can learn and hone the same skills through working and playing with computers directly, not using math as some gateway drug... It's worked fairly well for me.
So, what can you do in computers without math? Programming, human factors, and even business and management can use technical people in it. In short, whatever you want to do.
"Sprinting" I find works really well. We just got back from PyCon, a 3 day conference with 4 days of sprinting afterwards. Sprinting is where people get together, either in person or via the IRC, to work on a particular task or set of tasks. Evelyn and I along with a group of a some other folks worked to get the new www.python.org site up. It had been in process for the better part of a year, but we were able to do a big push to get it ready to put up that 4 days and a few days afterwards, coordinated via IRC.
Linux Users Groups can tend to put people with good ideas together, and our local LUG tends to push people talking about their projects at the meetings. I've gotten a lot of good feedback from talking about my projects to the group. A good way to get peer review for a 1 person project.
The LUG meeting is once a month. The rest of the weeks of the month we have a Hacking Society meeting at the coffee shop. The idea is to set up a space where we can folks can work on various projects, everything from resolving bugs on Debian and Python projects, catching up on e-mail, working on software or talking about ideas and projects, installing different distros or getting software or hardware working.
We had our first Hacking Society meeting 5 years ago and had 3 other people at it. Since then, we've had over 100 different people at our local meeting, and regularly get a dozen people every week. Other chapters of Hacking Society have set up in 5 other locations around the world, but only one or two of them are really active. For those ones, it's really been working well. I'd be happy to help others set up local Hacking Societies, see http://www.hackingsociety.org/ for more information.
Just connecting with the community of people doing things is very powerful motivation and provides ideas to help get more work into it.
Things like wikis and SVN/CVS servers and bug tracking helps put software together. As long as it can foster the communities of people to get ideas shared and motivation going around. Things like IRC and mailing list can really help out with the ideas and peer review and motivation.
My wife and I have each have a pair of the PX-100s. We've had them for something around 2 years, and have had absolutely no problems with them. You question the robustness of the folding design. These units seem to be extremely solid. Plus, the case they fit in is also quite solid.
We both carry them in our computer bags, just toss them in and go...
They sound great, but don't require more power than a typical laptop or portable audio device. I haven't felt like I needed an amp.
They let you hear a lot of the surrounding sound, particularly if you adjust them to cover more or less of your ears. The only problem I've had is that about once a month whem I'm putting them on, I'll brush the foam ear-pads, and them come off. That's absolutely the only complaint I have, if those stayed on a litter better, I'd be happy.
I also have a pair of Grado SR-60s, which are not at all as portable and also not as comfortable. The ear cans press on the ears pretty hard, and the temples of my glasses get pressed into my head, so I can only wear them for a bit. They also really could use an amp.
I'm just purchasing an Etymiotic, the less expensive ones. Found them for around $80. They would not at all be suitable for you, they are heavy isolation, something around 25dB. I'm largely getting them because I wanted something a little bit less bulky, particularly for when I'm walking around and traveling and the like.
In short, the Sennheisers are great, I'm very happy with them. I don't think you will have any problems with the folding mechanism. They fold easily and are quite portable.
>Uh, your servers are supposed to only reply with *ONE* packet.
Be that as it may, tcpdump of that particular remote address showed one request coming in and 10 responses going back, spaced at 1 second intervals. This may be because the remote was making a request that resulted in the 10 responses. I'd doubt it was a but in ntpd, but that may be as well.
We've run public NTP servers for the better part of a decade now, mostly for the convenience of geographically local folks like the various LUGs. When I found out about the pool, I had our servers added there. Everything was fine for a few months, then over a month we started getting phone calls from firewall admins about how our time servers were attacking their networks. Every time a machine in their network would ask our servers for the time, our servers responded with 10 packets spaced at 1 second intervals, so these improperly configured firewalls were logging a lot of packets from us.
I finally shut it down after one particular call, the third that week, where the caller was rude and abusive when I suggested that he should be doing more investigation about the traffic before calling someone else to complain about it. Being a public service, it's just not something that scales well to have to field these calls. I hated to do it, but it was just too much of a distraction.
I'm not saying that you shouldn't add your servers to the pool... I just thought it was an amusing story.
I've had one of the previous generation Squeezebox devices for a couple of years now, and I'm very happy with it. While I could have set up a Linux box doing this, I have limited time to fart around with things and the squeezebox just WORKED. The device itself support mp3 and uncompressed audio streaming, and since most of my music is in FLAC format (from ripped CDs), I thought I'd have problems with it. However, I just installed the software, let it dig around my music collection, and changed some firewall rules and was off and running.
The biggest complaint I have about it is that sometimes if the server is busy (scanning music again, for example), it will stutter during playback. A bigger buffer would be useful here I think.
Also note that the SlimServer software can be used without the device. In fact, if you want to try out how you will like a squeezebox, there is a Java applet that exactly emulates the squeezebox, including display, remote control, and more. A good way to tell if you are going to want to spend $300 on the box. See the http://softsqueeze.sourceforge.net/ softsqueeze web site for more information.
There's also a simpler client that can also talk to the slimserver that you can run. A friend has been running this on his stereo PC for several years now, without getting a squeezebox. It works great for him, and you control it via a browser on the slimserver, just like with the regular squeezebox.
The browser control of the server is another thing I love about it. If I'm on the patio or in the dining room with music playing, I can just use my laptop to change the volume, skip a song, or pause, instead of hunting down the remote. Plus it works really well to add a particular song we are talking about at a party or the like.
It's a great device. I got it on sale at $249, and am very happy with it. In fact, we have two of them. I want to add another one for the bathroom for showering tunes.
I deal with a lot of different online vendors. For something this bad, I'd definitely remember, but often I have experiences that are just slightly annoying, and I don't remember a few weeks or months down the line. However, my computer never forgets. One way to have the mind of an elephant is to add a bogus entry to your system's "hosts" file. On Unix-like systems, this is/etc/hosts. On Windows it's c:\windows\system\hosts or similar (depending on versions) I believe. To block shopping at shopper.example.com, try adding a line like:
The 127.0.0.* network block is all local addresses on your system, and would never be routable. So, if you unknowingly click on a link to a site you decide you don't want to go back to, just add it to the hosts file and requests for the site will never complete.
High Availability is all about cost/benefit. RAID and a redundant power-supply are both reasonably cheap for smaller systems, and increase system management complexity only a bit. They are also fairly limited in what they can protect against: certain disc or power supply failures.
A cluster can, if properly designed, protect against all sorts of failures: disc, power supply, controller, motherboard, CPU, backplane, cable, network, some designs can even deal with physical disaster like a fire in one of your server rooms and fail over to another or even another geographic location. However, the more protection you add, the more time it takes to implement, test, and maintain.
Tandem, one of the large vendors of fault tolerant hardware/software systems published a report in the late '80s saying that with recent advances in hardware and software, the major cause of system outages was now due to human error: administrators removing the active CPU when trying to replace a failed CPU for example. To properly implement a cluster can involve dozens or hundreds of hours of staff time setting things up, testing, and documenting it all. Especially if it's your first time, I'd say that budgeting 100 hours isn't unreasonable.
With HA clusters, the devil is definitely in the details. For example, incorrectly implmenting shared storage locking can mean that an unplugged network cable can result in having to re-load your systems from backups. In that case you're far worse off than if you had no HA at all. Sure, this is a nightmare scenario that hopefully shouldn't happen in production if you do appropriate testing, but I use it to illustrate a point.
Usually HA is implmented in places where downtime has a real cost, so you are paying more for maintenance and hardware so that you don't have to pay (usually many times) more in lost revenue and/or reputation in downtime.
It's not just a matter of getting WiMax cards as the person asking the question seems to think. It's a matter of getting the cards and routers *AND* having a service provider cover your area. If you don't currently have a provider offering terresterial wireless or DSL/cable, WiMax isn't going to change that at all.
You do have a few options though. Move, of course... Or, if there's demand in your area, start up an ISP or cooperative. If there isn't demand for at least 10 people, you now know why nobody is offering it in your area.;-/
I also have no degree and no certificates. The last time I was asked about the degree was almost 15 years ago. I was being interviewed to do some light HP-UX system administration, and network administration for a group of around 30 developers. In reality, I was being hired as "remote hands" for an admin located in another state that was managing this group, so their requirements weren't that high, though pay was for some reason.
The interview boiled down to this: "You worked at HP in 1998 and 1999. What were you doing there?" "The first job was as an intern doing software testing. The second was working in the HP-UX development lab writing tools to test standards compliance." "You worked at the HP-UX Development lab?" "Yes." "Don't take this the wrong way, but I don't see any degrees listed, do you have a degree?" "No." "When can you start?"
So, at some point I think you get past people asking about the degree and being more interested in your experience. The degree may be able to get you into new experiences that you might not otherwise be able to cite experience for in the past. However, experience trumps a degree.
I know some people who are extremely good and have a degree, and some that are extremely good and have no degree. I also know someone with a degree from MIT that I would never hire.
When I hire, I usually think of who I know that I think would be good for the job first, and have had passable luck with hiring that way.
I've heard stories of adding free wireless generating a few thousand dollars per month of extra business, but those are second-hand. I can't point to anything proving that. However, I do have quite a lot of experience with using free wireless. Perhaps that helps.
I work at home, and really enjoy the ability to have a change of scene. I've been spending a lot of time at coffee shops for about 3 years now. Also, I often go out for meetings with my partner and we usually will go to a place that has net so that we can do whatever we need while we're talking.
In our area, we have only 5 restaurants that have wireless, and two of them are pretty foul. Our favorite we will on average go to twice a week. They have good food, but if it weren't for the wireless, I'd probably only go there once or twice a month. The restaurants around it I haven't been to in probably 2 months.
3 years ago I basically spent nothing at coffee shops. I have never really liked coffee. Today I spend around $300/month at coffee shops on mochas (light on the chocolate), teas, and chais. I also tend to meet with one of the other guys in our business frequently at coffee shops, and also clients, which probably generates another $200/month in revenue, and have set up a couple of regular meetings at coffee shops as well, generating another $200/month.
The common complaint is that people come in, hog tables, don't buy anything. I spend a LOT of time at almost all of the local coffee shops that have wireless. I have seen that, but it's pretty rare around here. When people complain about that, I wonder if it's just a regional thing, or if it's really a problem at all. I haven't seen it. Usually when a coffee shop is full, it's either students studying for midterms, or it's a bunch of people being social.
There's also a statement that people on computers just sit there in front of the terminal and grump, not talking to anyone else. I've met around two dozen people, from just being regulars and saying "hey, how's it going?" to helping people fix their networking, to people asking me about stickers on my laptop. I haven't seen evidence that it's isolating.
What are some businesses that have successfully used free WiFi? Panera Bread comes to mind. We don't have one here yet, but the last time we had some time to kill in the large urban center an hour away, that's where we went because of the Free WiFi.
When we travel we will often stay at Holiday Inn Expresses, because they tend to have free WiFi, even though they're more expensive than the places we would normally stay otherwise. Free WiFi is the primary selector we use for places to stay when we travel, if we can't get that we go for free wired net. If we have lots of selection, we will tend to select the place that most proudly displays "Free (whatever) Internet" on their billboards or building. I kid you not. It's important to us, and therefore it's important to us to support it.
Remember about 8 months ago when slashdot reported that state parks in Texas were adding free WiFi? My wife and I used it as an excuse for a vacation in January. We stayed at a Holiday Inn Express in Rockport (roughly mid-way between Corpus Christi and a park with WiFi), that had free WiFi. The park was pretty vacant when we were there, because it was very much the off season, but they got all this business simply because the state park added wifi.
So, does free WiFi help business? I haven't seen any evidence that it hurts it, and have quite a lot of personal evidence that it helps quite a lot. (He says, writing this from a restaurant who's Free WiFi is broken, so he's using lowly CDMA.)
You're already doing bandwidth monitoring right? Graphing with rrdtool or
the like? If you aren't you probably should be. It's a great tool for not
only current troubleshooting, but also capacity analysis and more.
However, I've also found that it's a fantastic tool for detecting
successful intrusions. Detecting attempted intrusions tends to produce
many false positives, but if you are watching the bandwidth utilization of
your systems and networks, it's pretty easy to tell within a few hours that
you have some unusual use going on, usually tracked down to a particular
machine or network at least.
So, don't underestimate the usefulness of watching your network traffic
graphs. With rrdtool it's pretty easy to pull out information and average
it. For example, we watch not only our overall 95th %ile utilization, but
also rank each user based on their utilization. If use suddenly goes up,
increasing their rank, it's probably something we should look at. It's
been extremely effective for detecting open HTTP proxies, SMTP relays, and
people compromised with various vulneribilities.
Take a laptop that you use for your communications. With the availability of WiFi, you can use your laptop most places where there are computers and many places where there aren't. You have to worry less about what someone else may have installed, and you don't have to wait for a terminal to open up. Don't forget to use secure protocols to speak to your server though.
When I went to DefCon a few years ago, I loaded a fresh laptop and set it up to VPN all traffic leaving it, plus I didn't access any private resources, I had my e-mail copied to a webmail account on another box I was running. It worked great.
The answer to this question depends entirely on how heavy each request you serve is. If you are just throwing together some PHP code that pulls information from a few databases, possibly updating some others, on every hit, it could require quite a large number of machines to handle the load. If you are clever, effectively making the results static pages, it may take very few systems.
A good starting place is to just measure it by testing how long it takes to serve a page like what you are expecting to be publishing, and come up with an average of how long it takes to serve that request. Multiply this by the number of expected visitors and you get the number of machines you get a rough idea of the number of machines you need to handle the load. Very rough, but it's a starting place.
For example, the last time my site got slashdotted, users were hitting a page that is generated from a database. Through clever design, these pages get cached quite heavily, so only the first view requires 200-ish ms to generate. After that, unless the database is updated, the pages require more around 10ms to serve. Serving a static page through Apache requires around 8ms.
During the heaviest hit period, there was only around 4% CPU load on the server. Without the caching, this probably would have been more like 80%.
Nobody can tell you what the answer to this question will be for your situation. I can tell you that everyone plans for their new site to be as popular as slashdot, but would remind you that trying to come out of the chute able to handle the load of slashdot is probably a waste of time and money. Sure, if you have a few hundred thousand dollars to spend on hardware you can happily build up an infrastructure that will handle huge loads. However, if it takes a year or two for those loads to come, at that time you can buy the same computing horsepower for probably half what it costs today. In the mean time, why don't you spend the time you would have spent architectuing this massive database cluster and set of apache workers, instead providing content and marketing to your site?
It's easy to spend time on the geeky network and computing parts of a design, as a geek, but the marketing and content side is the one that's most likely to make it a slashdot.
My company has a merchant account, which allows us to process credit cards. The number one thing we get fraudulent orders for is Linux based Virtual Private Servers (VPS). Last week we got orders for two VPSs. The orders claimed to be from different people, but used the same root password and were from the same IP address in Russia. The orders were also both placed twice.
I decided to try tracking this down on our end to see where we could lead it. I called our merchant processor with what they call a "code 10", but the result of that call was basically just that they would tell me what bank had issued the cards and what the phone number to that bank was. Both cards were issued by Citibank.
After spend around 30 minutes on the phone with Citibank, all they would do is verify if I had the correct information for the account, and tell me that they wouldn't do anything unless the card-holder called in.
The interesting thing was that on one card the expiration date was wrong. I don't know how my merchant processor authorized the charge with the wrong expiration date. Also, the phone number on both was wrong, but it was correct in the first 6 digits, it was just the last 4 that were different. I wondered if the person making the charge was using VoIP to make it appear that they were in that area when actually they were in Russia.
We ended up reaching one of the actual people by phone that afternoon, and they confirmed that they had not made this charge, the phone number was incorrect, and they also said that they weren't using that card actively at the moment. The other person I couldn't track down by other means, so we sent them a letter.
I find it extremely odd that, as a merchant there is relatively little I can do when I get a fraudulent charge. I guess maybe I should report it to the police and see if there's anything they want to do with it. Citibank couldn't have cared less, no requests for the IP addresses the charges were made from, etc.
If I were to get screwed by a credit card company for charges I didn't make, I'd probably start looking at things like this that make it clear they don't really follow up on this fraud, which could be seen as negligence. Particularly if they had authorized a charge on a card with the wrong expiration date and/or billing phone number, I'd wonder what they're doing to earn their cut in the first place.
I think there's a misconception made by the poster that pricing is going to be cheaper for a single CPU system with no SCSI or RAID built into the motherboard, and they're trying to cut the cost down. However, the law of supply and demand asserts that if most people who want big memory systems also want lots of CPU and disc, then the price for a single CPU motherboard may actually be MORE expensive (because there's less demand).
Personally, I'd say just suck up the extra few hundreds of dollars (from what I've seen) and consider it part of the cost of the 16 to 64GB of RAM.
The first thing you should think about before deciding to develop software rather than purchase it is: Is our organization a software company? If you aren't a software company, what makes you think you can successfully deploy a software project?
I developed this opinion over a number of years working for a Fortune 500 telecommunications provider. For political reasons, most of the developers had been promoted internally from other jobs. So now we had 30 people thrown at a project, only one of which REALLY loved the work. So there were a bunch of rather ordinary developers working for years on this "next generation" project.
In other cases I was supporting products developed by another division of the company. These products ran part of the order processing system, but were so buggy that the two of us supporting it literally couldn't take lunch at the same time because various components required constant maintenance.
I've come to the opinion that under all but the most extraordinary circumstances, a company should not work on developing custom applications in-house. They should either farm them out to a development company, or they should adjust their processes to work with existing Commercial Off The Shelf (COTS) applications. Concentrate on your core business and you're probably better off. If your core business is not software, you probably can't do a successful software project.
Yeah, I've been thinking for years that it would be nice to do exactly this. However, I've *NEVER* seen a laptop that could do this. But...
I've been watching the KVM-over-IP market for the last several years, and it looks like recently they've dropped from $3,000 down to under $500. I'm seriously tempted to get one of these. The ones I've been looking at, because we run only Linux, have been ones that are accessable via VNC, and allow you to control the keyboard, mouse, and read the display, even in text mode. Sounds like one of these and a cross-over cable in your bag would be just the thing.
Of course, many newer systems will allow you to, if properly configured, modify the BIOS over serial, and many installs of Linux now allow you to control them via VNC or serial, so that may be a lower-cost option to get you where you need to be.
I've been using the Merlin C201 PCMCIA card under Linux for nearly 2 years now. The card shows up as a regular modem which you run PPP on. I've got an extensive page on how to do this setup at http://www.tummy.com/Community/Articles/merlin-c20 1/.
The service is through Sprint, and costs $80/month for all "you can eat". Apparently, the service agreement for the $10/month net with your phone prohibits the use of a laptop with it, but there are people using USB adapters or similar to access the net over the phone. The setup is similar to the PCMCIA card, using PPP.
Sprint coverage is pretty good. The first trip I took with it was up into the mountains, where I was able to get extremely good coverage from my camp site. Another crowd would wonder WTF I was doing with a laptop when camping, but the/. crowd will understand, I'm sure.
The speed is pretty good. I can do downloads at 12 to 15KB/sec, and at one point while camping I ran an incremental backup of my laptop up to a my server. I think it pushed 600MB of data across it, uploaded, at 7KB/sec average.
The real killer is the latency. It runs, on average, 500ms (half a second). For web page downloads it's not so bad, but for anything interactive it's pretty nasty. Latency usually ranges between 250ms and 1000ms, but if coverage lapses or is spotty it can be several seconds.
That said, I love the connectivity. These days you can get WiFi in most locations if you are willing to go to a place that has it. The CDMA is great for times when I want to use the net from a place that doesn't have it, or a place where their WiFi is wedged because of a flaky AP or a butt-head with a virus or running file sharing.
One of the best ways to tell a company that they should go ahead with a product, is to put your money where your mouth is, as they say.
I'd be willing to pre-order a graphics card that fully documented it's specs and cooperated with the Linux community for my desktop. The problem is that many companies aren't prepared for such a thing, and don't have a way to take your money. So, helps us out... Where do we pre-buy one?
Slashdot Mirror
I never really liked the taste of diet either. I liked regular Coke, but not most of the other flavors. However, I wanted to cut down on the sugar. I mostly started drinking iced tea with lemon. I also tried the various diet sodas with lemon and like some of them. In fact, I find them quite tasty that way.
My particular favorites are diet Coke and diet Dr. Pepper with lemon. In fact, I REALLY like the latter with lemon.
When I'm at a restaurant that doesn't have iced tea or lemon, I will mix the diet with about a quarter lemonade or another option. This takes the nasty diet taste away.
However, you mention the "convenience of can beverages", so the routine of doing the squeezing of some lemon sounds like it won't be an acceptable option.
Sean
Munin is nice because it's just so simple to install and configure it. We used to use some scripts I had written to track server statistics, but have entirely switched to munin. However, munin also has some "monitoring" capabilities, which I usually disable. I wish they just stuck to graphing and didn't try to add monitoring to munin.
Also, generating a lot of graphs can impact the system load. Not that you shouldn't use it, but I have definitely seen times where the system was getting hit particularly hard and munin seemed to be using up a lot of resourcesm at the same time. You probably don't want to install it on an already overloaded system...
Also, munin's design is such that if the system gets hit particularly hard, munin may not be able to run and capture this information. It doesn't lock itself into memory, or run at an escallated priority, so if the system is being thrashing particularly hard, you often will get empty samples in munin instead of getting pointers to whether the problem was due to high load, high disc activity, high swap activity, etc... So it's really better suited to long-term capacity planning more than tracking down short-term load problems.
As far as setting up service restarts, I totally agree that it's the lazy way out. The ideal solution is to track the problem to root cause and prevent it from happening. However, unlike the other respondant, I'm fine with that.
As a sys admin, your job is to keep the system and services available. A brain-dead restart of Apache or bind once a week is much preferable to leaving it down for hours from 3am to 9am and then trying to track down a bug in bind or some random PHP application.
So, by all means fix the real cause if possible. However, I recommend setting up automatic restarts with alerts going to appropriate people so you can keep an eye on when restarts happen. For one of my machines an apache restart happens about once every 2 weeks, and a bind restart happens once every other month. I'm not particularly inclined to spend significant resources debugging bind to prevent a 60 second outage of one of my two name servers once every 60 days. At least not today, I have other higher priority tasks to work on.
Sean
The typical way to set this up is:
High availability redundant NFS servers for storing the mailbox data and user information.
One or more machines mounting this file-system for handling POP, IMAP, and SMTP from accounts and mailfolders off the NFS server.
Webmail can be tricky because you need to make sure that either users always hit the same machine for webmail during a session, or session information is shared among the cluster. LVS systems can handle either of these scenarios, so it's not a problem, just something you have to be aware of.
LVS systems up front, again running High Availability which do load-balancing and automatic removal of failed servers. These are the machines that have the IPs which your customers contact, and then get spread across the real machines in the middle layer above.
This sort of solution works really well, and we have deployed it for customers of ours with good results. You can get started for only $5k to $10k worth of hardware and if you're building this from scratch it will probably only take you around 100 hours. If you have experience with this sort of setup it can take as little as 10 to 20.
If $5k to $10k for hardware is out of your budget, you probably shouldn't be looking at this sort of solution. Individual stand-alone servers or even a single pointy box, possibly with high availability, is probably where you want to be in that case.
linux-ha.org is the place to go for High Availability software on Linux.
Sean
Don't listen to the people who say you need math or other sciences in order to do computers. In general, the people who say that tend to be people who don't know anything about computers.
I was never very good at math, never really took any chemistry or biology, but did get into physics and electronics a bit. However, I was insanely into computers. Since then I've done lots of work programming, system and network administration, and all sorts of other computer-related work. A decade ago I started a technology company that has allowed me to challenge myself in so many different ways ever since.
My theory about the math thing is that math is a well understood and traditional area of study which has similar problem-solving requirements that computers do. Coming up with the set of rules that make a proof come together are quite similar to building a program.
Because math is more easily and generally understood and taught, the people who have the skills required for computers probably have had more exposure and training related to math. For example, when I was in elementary through high schools, we got to play with computers, but I only had one semester of classroom instruction in computers, but I pretty much had a math class every semester for 12 years.
I feel that you can learn and hone the same skills through working and playing with computers directly, not using math as some gateway drug... It's worked fairly well for me.
So, what can you do in computers without math? Programming, human factors, and even business and management can use technical people in it. In short, whatever you want to do.
As Joseph Campbell says, "follow your bliss".
Sean
"Sprinting" I find works really well. We just got back from PyCon, a 3 day conference with 4 days of sprinting afterwards. Sprinting is where people get together, either in person or via the IRC, to work on a particular task or set of tasks. Evelyn and I along with a group of a some other folks worked to get the new www.python.org site up. It had been in process for the better part of a year, but we were able to do a big push to get it ready to put up that 4 days and a few days afterwards, coordinated via IRC.
Linux Users Groups can tend to put people with good ideas together, and our local LUG tends to push people talking about their projects at the meetings. I've gotten a lot of good feedback from talking about my projects to the group. A good way to get peer review for a 1 person project.
The LUG meeting is once a month. The rest of the weeks of the month we have a Hacking Society meeting at the coffee shop. The idea is to set up a space where we can folks can work on various projects, everything from resolving bugs on Debian and Python projects, catching up on e-mail, working on software or talking about ideas and projects, installing different distros or getting software or hardware working.
We had our first Hacking Society meeting 5 years ago and had 3 other people at it. Since then, we've had over 100 different people at our local meeting, and regularly get a dozen people every week. Other chapters of Hacking Society have set up in 5 other locations around the world, but only one or two of them are really active. For those ones, it's really been working well. I'd be happy to help others set up local Hacking Societies, see http://www.hackingsociety.org/ for more information.
Just connecting with the community of people doing things is very powerful motivation and provides ideas to help get more work into it.
Things like wikis and SVN/CVS servers and bug tracking helps put software together. As long as it can foster the communities of people to get ideas shared and motivation going around. Things like IRC and mailing list can really help out with the ideas and peer review and motivation.
Sean
My wife and I have each have a pair of the PX-100s. We've had them for something around 2 years, and have had absolutely no problems with them. You question the robustness of the folding design. These units seem to be extremely solid. Plus, the case they fit in is also quite solid.
We both carry them in our computer bags, just toss them in and go...
They sound great, but don't require more power than a typical laptop or portable audio device. I haven't felt like I needed an amp.
They let you hear a lot of the surrounding sound, particularly if you adjust them to cover more or less of your ears. The only problem I've had is that about once a month whem I'm putting them on, I'll brush the foam ear-pads, and them come off. That's absolutely the only complaint I have, if those stayed on a litter better, I'd be happy.
I also have a pair of Grado SR-60s, which are not at all as portable and also not as comfortable. The ear cans press on the ears pretty hard, and the temples of my glasses get pressed into my head, so I can only wear them for a bit. They also really could use an amp.
I'm just purchasing an Etymiotic, the less expensive ones. Found them for around $80. They would not at all be suitable for you, they are heavy isolation, something around 25dB. I'm largely getting them because I wanted something a little bit less bulky, particularly for when I'm walking around and traveling and the like.
In short, the Sennheisers are great, I'm very happy with them. I don't think you will have any problems with the folding mechanism. They fold easily and are quite portable.
Sean
>Uh, your servers are supposed to only reply with *ONE* packet.
Be that as it may, tcpdump of that particular remote address showed one
request coming in and 10 responses going back, spaced at 1 second
intervals. This may be because the remote was making a request that
resulted in the 10 responses. I'd doubt it was a but in ntpd, but that
may be as well.
Sean
We've run public NTP servers for the better part of a decade now, mostly for the convenience of geographically local folks like the various LUGs. When I found out about the pool, I had our servers added there. Everything was fine for a few months, then over a month we started getting phone calls from firewall admins about how our time servers were attacking their networks. Every time a machine in their network would ask our servers for the time, our servers responded with 10 packets spaced at 1 second intervals, so these improperly configured firewalls were logging a lot of packets from us.
I finally shut it down after one particular call, the third that week, where the caller was rude and abusive when I suggested that he should be doing more investigation about the traffic before calling someone else to complain about it. Being a public service, it's just not something that scales well to have to field these calls. I hated to do it, but it was just too much of a distraction.
I'm not saying that you shouldn't add your servers to the pool... I just thought it was an amusing story.
Sean
I've had one of the previous generation Squeezebox devices for a couple of years now, and I'm very happy with it. While I could have set up a Linux box doing this, I have limited time to fart around with things and the squeezebox just WORKED. The device itself support mp3 and uncompressed audio streaming, and since most of my music is in FLAC format (from ripped CDs), I thought I'd have problems with it. However, I just installed the software, let it dig around my music collection, and changed some firewall rules and was off and running.
The biggest complaint I have about it is that sometimes if the server is busy (scanning music again, for example), it will stutter during playback. A bigger buffer would be useful here I think.
Also note that the SlimServer software can be used without the device. In fact, if you want to try out how you will like a squeezebox, there is a Java applet that exactly emulates the squeezebox, including display, remote control, and more. A good way to tell if you are going to want to spend $300 on the box. See the http://softsqueeze.sourceforge.net/ softsqueeze web site for more information.
There's also a simpler client that can also talk to the slimserver that you can run. A friend has been running this on his stereo PC for several years now, without getting a squeezebox. It works great for him, and you control it via a browser on the slimserver, just like with the regular squeezebox.
The browser control of the server is another thing I love about it. If I'm on the patio or in the dining room with music playing, I can just use my laptop to change the volume, skip a song, or pause, instead of hunting down the remote. Plus it works really well to add a particular song we are talking about at a party or the like.
It's a great device. I got it on sale at $249, and am very happy with it. In fact, we have two of them. I want to add another one for the bathroom for showering tunes.
Sean
What you should have done is to have copied all of your mp3s and ornpay off the system *BEFORE* you gave your notice. ;-)
Sean
I deal with a lot of different online vendors. For something this bad, I'd definitely remember, but often I have experiences that are just slightly annoying, and I don't remember a few weeks or months down the line. However, my computer never forgets. One way to have the mind of an elephant is to add a bogus entry to your system's "hosts" file. On Unix-like systems, this is /etc/hosts. On Windows it's c:\windows\system\hosts or similar (depending on versions) I believe. To block shopping at shopper.example.com, try adding a line like:
127.0.0.69 shopper.example.com www.shopper.example.com
The 127.0.0.* network block is all local addresses on your system, and would never be routable. So, if you unknowingly click on a link to a site you decide you don't want to go back to, just add it to the hosts file and requests for the site will never complete.
Sean
"[...] the internet will split apart"
With all the spam I get from the EU and other parts of the world, my first reaction: "Is that a promise?"
Sean
High Availability is all about cost/benefit. RAID and a redundant power-supply are both reasonably cheap for smaller systems, and increase system management complexity only a bit. They are also fairly limited in what they can protect against: certain disc or power supply failures.
A cluster can, if properly designed, protect against all sorts of failures: disc, power supply, controller, motherboard, CPU, backplane, cable, network, some designs can even deal with physical disaster like a fire in one of your server rooms and fail over to another or even another geographic location. However, the more protection you add, the more time it takes to implement, test, and maintain.
Tandem, one of the large vendors of fault tolerant hardware/software systems published a report in the late '80s saying that with recent advances in hardware and software, the major cause of system outages was now due to human error: administrators removing the active CPU when trying to replace a failed CPU for example. To properly implement a cluster can involve dozens or hundreds of hours of staff time setting things up, testing, and documenting it all. Especially if it's your first time, I'd say that budgeting 100 hours isn't unreasonable.
With HA clusters, the devil is definitely in the details. For example, incorrectly implmenting shared storage locking can mean that an unplugged network cable can result in having to re-load your systems from backups. In that case you're far worse off than if you had no HA at all. Sure, this is a nightmare scenario that hopefully shouldn't happen in production if you do appropriate testing, but I use it to illustrate a point.
Usually HA is implmented in places where downtime has a real cost, so you are paying more for maintenance and hardware so that you don't have to pay (usually many times) more in lost revenue and/or reputation in downtime.
Sean
It's not just a matter of getting WiMax cards as the person asking the question seems to think. It's a matter of getting the cards and routers *AND* having a service provider cover your area. If you don't currently have a provider offering terresterial wireless or DSL/cable, WiMax isn't going to change that at all.
;-/
You do have a few options though. Move, of course... Or, if there's demand in your area, start up an ISP or cooperative. If there isn't demand for at least 10 people, you now know why nobody is offering it in your area.
Sean
I also have no degree and no certificates. The last time I was asked about the degree was almost 15 years ago. I was being interviewed to do some light HP-UX system administration, and network administration for a group of around 30 developers. In reality, I was being hired as "remote hands" for an admin located in another state that was managing this group, so their requirements weren't that high, though pay was for some reason.
The interview boiled down to this: "You worked at HP in 1998 and 1999. What were you doing there?" "The first job was as an intern doing software testing. The second was working in the HP-UX development lab writing tools to test standards compliance." "You worked at the HP-UX Development lab?" "Yes." "Don't take this the wrong way, but I don't see any degrees listed, do you have a degree?" "No." "When can you start?"
So, at some point I think you get past people asking about the degree and being more interested in your experience. The degree may be able to get you into new experiences that you might not otherwise be able to cite experience for in the past. However, experience trumps a degree.
I know some people who are extremely good and have a degree, and some that are extremely good and have no degree. I also know someone with a degree from MIT that I would never hire.
When I hire, I usually think of who I know that I think would be good for the job first, and have had passable luck with hiring that way.
Sean
I've heard stories of adding free wireless generating a few thousand dollars per month of extra business, but those are second-hand. I can't point to anything proving that. However, I do have quite a lot of experience with using free wireless. Perhaps that helps.
I work at home, and really enjoy the ability to have a change of scene. I've been spending a lot of time at coffee shops for about 3 years now. Also, I often go out for meetings with my partner and we usually will go to a place that has net so that we can do whatever we need while we're talking.
In our area, we have only 5 restaurants that have wireless, and two of them are pretty foul. Our favorite we will on average go to twice a week. They have good food, but if it weren't for the wireless, I'd probably only go there once or twice a month. The restaurants around it I haven't been to in probably 2 months.
3 years ago I basically spent nothing at coffee shops. I have never really liked coffee. Today I spend around $300/month at coffee shops on mochas (light on the chocolate), teas, and chais. I also tend to meet with one of the other guys in our business frequently at coffee shops, and also clients, which probably generates another $200/month in revenue, and have set up a couple of regular meetings at coffee shops as well, generating another $200/month.
The common complaint is that people come in, hog tables, don't buy anything. I spend a LOT of time at almost all of the local coffee shops that have wireless. I have seen that, but it's pretty rare around here. When people complain about that, I wonder if it's just a regional thing, or if it's really a problem at all. I haven't seen it. Usually when a coffee shop is full, it's either students studying for midterms, or it's a bunch of people being social.
There's also a statement that people on computers just sit there in front of the terminal and grump, not talking to anyone else. I've met around two dozen people, from just being regulars and saying "hey, how's it going?" to helping people fix their networking, to people asking me about stickers on my laptop. I haven't seen evidence that it's isolating.
What are some businesses that have successfully used free WiFi? Panera Bread comes to mind. We don't have one here yet, but the last time we had some time to kill in the large urban center an hour away, that's where we went because of the Free WiFi.
When we travel we will often stay at Holiday Inn Expresses, because they tend to have free WiFi, even though they're more expensive than the places we would normally stay otherwise. Free WiFi is the primary selector we use for places to stay when we travel, if we can't get that we go for free wired net. If we have lots of selection, we will tend to select the place that most proudly displays "Free (whatever) Internet" on their billboards or building. I kid you not. It's important to us, and therefore it's important to us to support it.
Remember about 8 months ago when slashdot reported that state parks in Texas were adding free WiFi? My wife and I used it as an excuse for a vacation in January. We stayed at a Holiday Inn Express in Rockport (roughly mid-way between Corpus Christi and a park with WiFi), that had free WiFi. The park was pretty vacant when we were there, because it was very much the off season, but they got all this business simply because the state park added wifi.
So, does free WiFi help business? I haven't seen any evidence that it hurts it, and have quite a lot of personal evidence that it helps quite a lot. (He says, writing this from a restaurant who's Free WiFi is broken, so he's using lowly CDMA.)
Sean
So, don't underestimate the usefulness of watching your network traffic graphs. With rrdtool it's pretty easy to pull out information and average it. For example, we watch not only our overall 95th %ile utilization, but also rank each user based on their utilization. If use suddenly goes up, increasing their rank, it's probably something we should look at. It's been extremely effective for detecting open HTTP proxies, SMTP relays, and people compromised with various vulneribilities.
Sean
Take a laptop that you use for your communications. With the availability of WiFi, you can use your laptop most places where there are computers and many places where there aren't. You have to worry less about what someone else may have installed, and you don't have to wait for a terminal to open up. Don't forget to use secure protocols to speak to your server though.
When I went to DefCon a few years ago, I loaded a fresh laptop and set it up to VPN all traffic leaving it, plus I didn't access any private resources, I had my e-mail copied to a webmail account on another box I was running. It worked great.
Sean
The answer to this question depends entirely on how heavy each request you serve is. If you are just throwing together some PHP code that pulls information from a few databases, possibly updating some others, on every hit, it could require quite a large number of machines to handle the load. If you are clever, effectively making the results static pages, it may take very few systems.
A good starting place is to just measure it by testing how long it takes to serve a page like what you are expecting to be publishing, and come up with an average of how long it takes to serve that request. Multiply this by the number of expected visitors and you get the number of machines you get a rough idea of the number of machines you need to handle the load. Very rough, but it's a starting place.
For example, the last time my site got slashdotted, users were hitting a page that is generated from a database. Through clever design, these pages get cached quite heavily, so only the first view requires 200-ish ms to generate. After that, unless the database is updated, the pages require more around 10ms to serve. Serving a static page through Apache requires around 8ms.
During the heaviest hit period, there was only around 4% CPU load on the server. Without the caching, this probably would have been more like 80%.
Nobody can tell you what the answer to this question will be for your situation. I can tell you that everyone plans for their new site to be as popular as slashdot, but would remind you that trying to come out of the chute able to handle the load of slashdot is probably a waste of time and money. Sure, if you have a few hundred thousand dollars to spend on hardware you can happily build up an infrastructure that will handle huge loads. However, if it takes a year or two for those loads to come, at that time you can buy the same computing horsepower for probably half what it costs today. In the mean time, why don't you spend the time you would have spent architectuing this massive database cluster and set of apache workers, instead providing content and marketing to your site?
It's easy to spend time on the geeky network and computing parts of a design, as a geek, but the marketing and content side is the one that's most likely to make it a slashdot.
Sean
My company has a merchant account, which allows us to process credit cards. The number one thing we get fraudulent orders for is Linux based Virtual Private Servers (VPS). Last week we got orders for two VPSs. The orders claimed to be from different people, but used the same root password and were from the same IP address in Russia. The orders were also both placed twice.
I decided to try tracking this down on our end to see where we could lead it. I called our merchant processor with what they call a "code 10", but the result of that call was basically just that they would tell me what bank had issued the cards and what the phone number to that bank was. Both cards were issued by Citibank.
After spend around 30 minutes on the phone with Citibank, all they would do is verify if I had the correct information for the account, and tell me that they wouldn't do anything unless the card-holder called in.
The interesting thing was that on one card the expiration date was wrong. I don't know how my merchant processor authorized the charge with the wrong expiration date. Also, the phone number on both was wrong, but it was correct in the first 6 digits, it was just the last 4 that were different. I wondered if the person making the charge was using VoIP to make it appear that they were in that area when actually they were in Russia.
We ended up reaching one of the actual people by phone that afternoon, and they confirmed that they had not made this charge, the phone number was incorrect, and they also said that they weren't using that card actively at the moment. The other person I couldn't track down by other means, so we sent them a letter.
I find it extremely odd that, as a merchant there is relatively little I can do when I get a fraudulent charge. I guess maybe I should report it to the police and see if there's anything they want to do with it. Citibank couldn't have cared less, no requests for the IP addresses the charges were made from, etc.
If I were to get screwed by a credit card company for charges I didn't make, I'd probably start looking at things like this that make it clear they don't really follow up on this fraud, which could be seen as negligence. Particularly if they had authorized a charge on a card with the wrong expiration date and/or billing phone number, I'd wonder what they're doing to earn their cut in the first place.
Sean
I think there's a misconception made by the poster that pricing is going to be cheaper for a single CPU system with no SCSI or RAID built into the motherboard, and they're trying to cut the cost down. However, the law of supply and demand asserts that if most people who want big memory systems also want lots of CPU and disc, then the price for a single CPU motherboard may actually be MORE expensive (because there's less demand).
Personally, I'd say just suck up the extra few hundreds of dollars (from what I've seen) and consider it part of the cost of the 16 to 64GB of RAM.
Sean
The first thing you should think about before deciding to develop software rather than purchase it is: Is our organization a software company? If you aren't a software company, what makes you think you can successfully deploy a software project?
I developed this opinion over a number of years working for a Fortune 500 telecommunications provider. For political reasons, most of the developers had been promoted internally from other jobs. So now we had 30 people thrown at a project, only one of which REALLY loved the work. So there were a bunch of rather ordinary developers working for years on this "next generation" project.
In other cases I was supporting products developed by another division of the company. These products ran part of the order processing system, but were so buggy that the two of us supporting it literally couldn't take lunch at the same time because various components required constant maintenance.
I've come to the opinion that under all but the most extraordinary circumstances, a company should not work on developing custom applications in-house. They should either farm them out to a development company, or they should adjust their processes to work with existing Commercial Off The Shelf (COTS) applications. Concentrate on your core business and you're probably better off. If your core business is not software, you probably can't do a successful software project.
Sean
Yeah, I've been thinking for years that it would be nice to do exactly this. However, I've *NEVER* seen a laptop that could do this. But...
I've been watching the KVM-over-IP market for the last several years, and it looks like recently they've dropped from $3,000 down to under $500. I'm seriously tempted to get one of these. The ones I've been looking at, because we run only Linux, have been ones that are accessable via VNC, and allow you to control the keyboard, mouse, and read the display, even in text mode. Sounds like one of these and a cross-over cable in your bag would be just the thing.
Of course, many newer systems will allow you to, if properly configured, modify the BIOS over serial, and many installs of Linux now allow you to control them via VNC or serial, so that may be a lower-cost option to get you where you need to be.
Sean
I've been using the Merlin C201 PCMCIA card under Linux for nearly 2 years now. The card shows up as a regular modem which you run PPP on. I've got an extensive page on how to do this setup at http://www.tummy.com/Community/Articles/merlin-c20 1/.
The service is through Sprint, and costs $80/month for all "you can eat". Apparently, the service agreement for the $10/month net with your phone prohibits the use of a laptop with it, but there are people using USB adapters or similar to access the net over the phone. The setup is similar to the PCMCIA card, using PPP.
I also have a page on using the LG-5350 phone and USB cable to get net access using PPP with Linux at http://www.tummy.com/Community/Articles/lg5350/
Sprint coverage is pretty good. The first trip I took with it was up into the mountains, where I was able to get extremely good coverage from my camp site. Another crowd would wonder WTF I was doing with a laptop when camping, but the /. crowd will understand, I'm sure.
The speed is pretty good. I can do downloads at 12 to 15KB/sec, and at one point while camping I ran an incremental backup of my laptop up to a my server. I think it pushed 600MB of data across it, uploaded, at 7KB/sec average.
The real killer is the latency. It runs, on average, 500ms (half a second). For web page downloads it's not so bad, but for anything interactive it's pretty nasty. Latency usually ranges between 250ms and 1000ms, but if coverage lapses or is spotty it can be several seconds.
That said, I love the connectivity. These days you can get WiFi in most locations if you are willing to go to a place that has it. The CDMA is great for times when I want to use the net from a place that doesn't have it, or a place where their WiFi is wedged because of a flaky AP or a butt-head with a virus or running file sharing.
Sean
I'd be willing to pre-order a graphics card that fully documented it's specs and cooperated with the Linux community for my desktop. The problem is that many companies aren't prepared for such a thing, and don't have a way to take your money. So, helps us out... Where do we pre-buy one?
Sean