That's what they do. Before they accept a patch and sent it higher up in the chain (eventually all the way up to Linus) they do check the code and sign off on that.
At some point the patchsets get so large that it might not be looked at all parts and just checked on those parts that are more likely to have problems.
That's like comparing apples to oranges. One is a language used to generate HTML, do database queries, talk to memcached, etc. The other is a webserver.
Have a look at some of their presentations, then you know what I'm talking about.
The scale they are at, they have a lot of machines with memcached running. And PHP has to connect to them, it has to connect to many and just the overhead of TCP was even to much for them. So they switched to UDP.
The issue of packetloss was actually an other problem, it's because they are sending that much data in their internal network, they saturated it at some point. Yes, it might have meant that UDP-packets would be lost, but it doesn't really matter. Because TCP wasn't even able to cope before that, it was already to slow and with the packetloss would have been useless as well.
Facebook added to memcache the ability to use UDP instead of TCP. They also changed MySQL so one replication-command from one datacenter to the next would also invalidate what is in memcache on that location.
At some point they have so much traffic from their webservers to their backendsystems, they saturated their internal network and were dropping UDP.
That's the kind of problems/scale they deal with, I'm surprised PHP wasn't their biggest bottleneck before (they did some work on PHP already, but not something like this).
After all Facebook is the second site after www.google.com-search page (which handles 'just' one task) and Google has pretty much a custom-build platform.
if you add these 4, then you'll be up to date: http://www.personal.psu.edu/dvm105/blogs/ipv6/2009/09/two-more-gone.html http://www.personal.psu.edu/dvm105/blogs/ipv6/2010/01/ipv4-free-pool-drops-below-10.html
OK, this was just a quick write up, what I meant to say was: 98% of delivery attempt including deliveries which get tags as high-scoring spam are deleted or kept for a few months or not accepted at the SMTP-level or TCP-level. Yes, we also drop connections at the TCP-level, if an IP-address has to many concurrent connections. And we obviously use 4xx and 5xx codes.
OK, this was just a quick write up, what I meant to say was: 98% of delivery attempt including deliveries which get tags as high-scoring spam are deleted or kept for a few months or not accepted at the SMTP-level or TCP-level.
I work at an ISP, we drop a lot on the floor, mostly SMTP-connections, but everything gets checked and scored very carefully first. We've been operating these mailservers for years, but never had a user complaint. Some may complain, but that's just because it's stuck at the sending provider. To give you an idea: 98% of what we get is not delivered to mailboxes.
Because ISC is one of those companies that is pushing DNSSEC and a lof ot other DNS-companies are not, because they think it's a bad idea to implement something which is so complicated. Many security bugs arrise when things start to get complicated.
You have no idea. DNSSEC takes a lot of time, it's complicated, many things can go wrong. If just one thing goes wrong it completely fails. On top of that it needs to be updated regularly.
That's why DNSSEC hasn't been implemented by 80% of ISP in the world. Like the 'fix' for the Kaminsky-attack.
Linux has: USB3 before any other OS, hotswap-memory, hotswap-cpu, hotswap-pci, hotswap-scsi, numa, scales to I don't know how many nodes in a cluster and cpu-configurations. Runs on the most possible hardware-archictures (NetBSD is not the top dog in this field anymore). Has the most build-in drivers of any OS. Thus runs on really small and really large. Is used for embedded from wallplugs to netbooks all the way up to smaller mainframes. Manufacturers of TV's, networking-devices like switches use it for the control-plane. It also has the broadest range of filesystem support, etc. most of the websites you visit are running on Linux, so it's heavily used in that field as wel. I think Linux is used by the innovators, because you can change it. Some people say Google does innovation, they use Linux for pretty much everything.
Slashdot Mirror
"Finding a computer that will last a year or more without rebooting is hard."
Really ?
In our serverroom we have a few which don't get as many security updates (internal systems), they are doing fine, thank you.
That's what they do. Before they accept a patch and sent it higher up in the chain (eventually all the way up to Linus) they do check the code and sign off on that.
At some point the patchsets get so large that it might not be looked at all parts and just checked on those parts that are more likely to have problems.
That's like comparing apples to oranges. One is a language used to generate HTML, do database queries, talk to memcached, etc. The other is a webserver.
Because it's really easy to create memory leaks and similair bugs in C++.
It seems I was right about the license:
http://developers.facebook.com/news.php?blog=1&story=358
(details about what they have released)
Their are not sending business data.
Have a look at some of their presentations, then you know what I'm talking about.
The scale they are at, they have a lot of machines with memcached running. And PHP has to connect to them, it has to connect to many and just the overhead of TCP was even to much for them. So they switched to UDP.
The issue of packetloss was actually an other problem, it's because they are sending that much data in their internal network, they saturated it at some point. Yes, it might have meant that UDP-packets would be lost, but it doesn't really matter. Because TCP wasn't even able to cope before that, it was already to slow and with the packetloss would have been useless as well.
I think it will use the same license as regular PHP, as it's based on regular PHP. Of the projects they adapted they all used the same license.
Facebook added to memcache the ability to use UDP instead of TCP. They also changed MySQL so one replication-command from one datacenter to the next would also invalidate what is in memcache on that location.
At some point they have so much traffic from their webservers to their backendsystems, they saturated their internal network and were dropping UDP.
That's the kind of problems/scale they deal with, I'm surprised PHP wasn't their biggest bottleneck before (they did some work on PHP already, but not something like this).
After all Facebook is the second site after www.google.com-search page (which handles 'just' one task) and Google has pretty much a custom-build platform.
This one is almost up to date:
http://www.personal.psu.edu/dvm105/blogs/ipv6/2009/08/and-another-two-are-off.html
if you add these 4, then you'll be up to date:
http://www.personal.psu.edu/dvm105/blogs/ipv6/2009/09/two-more-gone.html
http://www.personal.psu.edu/dvm105/blogs/ipv6/2010/01/ipv4-free-pool-drops-below-10.html
Actually, it's not IE6, it's Windows XP, IE7 and IE8 on Windows XP don't understand SNI either,
[NAT] is a crappy hack/workaround, but it works right now.
Not for long though, we are almost running out of IPv4.
OK, this was just a quick write up, what I meant to say was: 98% of delivery attempt including deliveries which get tags as high-scoring spam are deleted or kept for a few months or not accepted at the SMTP-level or TCP-level. Yes, we also drop connections at the TCP-level, if an IP-address has to many concurrent connections. And we obviously use 4xx and 5xx codes.
OK, this was just a quick write up, what I meant to say was: 98% of delivery attempt including deliveries which get tags as high-scoring spam are deleted or kept for a few months or not accepted at the SMTP-level or TCP-level.
I work at an ISP, we drop a lot on the floor, mostly SMTP-connections, but everything gets checked and scored very carefully first. We've been operating these mailservers for years, but never had a user complaint. Some may complain, but that's just because it's stuck at the sending provider. To give you an idea: 98% of what we get is not delivered to mailboxes.
Why should they, this is a discussionboard, not a bookclub. ;-)
If I'm not mistaken, the extension is really outdated. :-(
I really wish we can get browser (and other client)-support for this soon, that would be such an improvement.
The only 'applications' we currently have that supports fingerprints in DNS are some implementaitions of IPSEC and SSH.
Even Dan Kaminsky would probably agree to that. Especially if it wasn't based on ASN.1 like current SSL-certs.
I really hate the the whole structure of how the whole CA-business work and how SSL-certs are constructed, it's a big mess.
StartSSL is OK, CACert would have been even better if they could get their processes and everything up to standard.
Because ISC is one of those companies that is pushing DNSSEC and a lof ot other DNS-companies are not, because they think it's a bad idea to implement something which is so complicated. Many security bugs arrise when things start to get complicated.
You have no idea. DNSSEC takes a lot of time, it's complicated, many things can go wrong. If just one thing goes wrong it completely fails. On top of that it needs to be updated regularly.
That's why DNSSEC hasn't been implemented by 80% of ISP in the world. Like the 'fix' for the Kaminsky-attack.
We need DNSSEC on the root, w00t, w00t! ;-)
No really, without DNSSEC on the root, I don't think we'll get proper verification process going on the resolver side.
And putting something in DNS which isn't verified is hardly useful. Maybe they will do verification within the government, that is a start.
Obviously adding a link to what you are talking about is always nice:
http://en.wikipedia.org/wiki/Backdoor_%28computing%29#Reflections_on_Trusting_Trust
Linux has: USB3 before any other OS, hotswap-memory, hotswap-cpu, hotswap-pci, hotswap-scsi, numa, scales to I don't know how many nodes in a cluster and cpu-configurations. Runs on the most possible hardware-archictures (NetBSD is not the top dog in this field anymore). Has the most build-in drivers of any OS. Thus runs on really small and really large. Is used for embedded from wallplugs to netbooks all the way up to smaller mainframes. Manufacturers of TV's, networking-devices like switches use it for the control-plane. It also has the broadest range of filesystem support, etc. most of the websites you visit are running on Linux, so it's heavily used in that field as wel. I think Linux is used by the innovators, because you can change it. Some people say Google does innovation, they use Linux for pretty much everything.
http://blogs.msdn.com/
I've seen it fail many times
I think someone should register: .cdn
I see a lot of domains now being registered twice, ytimg, yimg, fbcdn, etc.
English is not my mother-tongue, sorry if I occasionally make a mistake. I guess wasn't paying attention.
Let me add to the original discussion:
especially not some big corporation