Interestingly, the k root name server has been running Debian Linux for a year or two now and has not had any "creak". It gets about 1500 queries/second per machine (the root server is distributed geographically via anycasting, and at each site by load balancing), and receives all manner of ill-formed packets.
Other root servers seem to run Linux (use nmap if you're curious), but I don't know the people running them so I can't be sure.
Now admittedly this is a very specific type of service: it's a single application that all fits into memory.
We're going to be moving www.ripe.net and whois.ripe.net from Solaris to Linux in 2004. The WWW server gets about 20 hits/second as you can see here, and the whois server gets around 28 hits/second as you can see here. These have more complex usage, with disk I/O, new process creation, and so on. I wouldn't let these services migrate if I thought they would be unstable.
You've obviously never used FreeBSD... The most unstable and buggy version of FreeBSD is a dramatic step-up from any Linux distro.
This is no troll, it's a fact, and extremely hard to dispute ("Linux never crashed for me" does not count).
My experiences with FreeBSD have been universally bad.
From the fact that it didn't support the built-in network card on my laptop (worked fine in Linux and Windows) to the fact that no less than 3 versions of the FreeBSD boot CD *and* floppy hard-locked on my desktop on install (worked fine in Linux and Windows). Then there's the fact that the POSIX threading support was bad enough to make our core application unusable on all versions of FreeBSD (up to 4.9, and it works fine on Linux and Solaris).
I also find the whole CURRENT/STABLE/RELEASE naming a little confusing, but I could live with that if FreeBSD actually provided any real-world benefit. The only areas where I've seen a real, measurable benefit to FreeBSD is in high-volume UDP servers (which is to say: DNS, or possibly NFS) or the IPv6 stack (thanks to the KAME project).
The fact is the FreeBSD technology is playing catch-up to Linux, and even if the technology were great, the childish "my OS is better than your OS" attitude of most FreeBSD users that I've met is what really makes FreeBSD stand out.
Politicians, no matter which country they come from, are only concerned with their adgendas [sic].
As opposed to techies, who are concerned with... ???
I disagree with the common techy notion that having politicians run the Internet is a bad thing. I would find it a horrible breach of public trust if governments did NOT track what was going on with the Internet.
Elected officials, trying to make sure that the interests of the parties they represent are met. Shock!! Horror!!!
I know the little Libertarian in most geeks screams "Don't Tread on Me", but I think it is important for governments to be aware and possible control some Internet activity. Otherwise only the profit motive will control what is going on. Which is not necessarily best. In many cases yes, but not in all cases.
Consider the break up of AT&T. The US government broke up a company that was providing high-quality service to almost all Americans. End result? Extreme price reduction, and increased service. Not all government actions are evil. Letting markets and other forces run uncontrolled is not always a good idea.
It depends on the production, doesn't it? I mean, if you have a machine that collates addresses and prints mailing labels, then you can run with the test kernel and if it gives you better performance and works, who cares if it's "only for testing"? What's the problem?
Once a box is rooted, you take it of as SOON AS POSSIBLE and reinstall.
One problem with this is that simply reinstalling a r00ted machine is no guarantee that it won't immediately be r00ted again.
While being hacked sucks, it is the worst time to panic. Remember, when you suddenly notice something strange on the machine and realise you've been owned, it could have been compromised for weeks or even months.
While you should immediately prevent it from doing further harm, you should also attempt to do a bit of forensics. See what kind of traffic it's sending, and to where. Make sure it hasn't compromised other boxes on your network (or elsewhere). When you take it off-line, get a disk image so you can try to understand how the machine was entered in a safer, contained, environment.
OTOH, if you know you the person who set the box up was lazy and didn't patch appropriately, and you are reasonably sure you know which exploit got you, then just reinstalling can make sense. As can firing the pinhead who put your organisation at risk.
Another issue with Bolkenstein and many, many, many other politicians is that they believe that most issues are way too complex for the common people to understand.
I'm not familiar with Bolkenstein, but I assure you that it is neither desireable nor possible to know all of the details of every facet of every system that affects us. Spend some time working with standards making bodies (e.g. IETF), policy making groups (e.g. ARIN), or similiar organisations, and you will know that the raw volume of documentation you would have to consume (and produce!) makes this impossible.
Specialization is good. It's efficient! That's why we have doctors, engineers, hairdressers, etc. Most geeks (correctly) maintain that the average user doesn't have a clue about their computers or networks. While the geek community is tainted by an undercurrent of scorn about this, the general principle that the average person is below-average in most fields of endeavour is unavoidable.
My understanding is that this is SOP for scriptwriters, for instance. No matter what the sales are, the net profit magically ends up being zero, so they never get any royalties.
You're completely right. I have always considered us (europe) to be good allies of the US, but in these absurd times, where the US government is getting almost as bad and rotten as the USSR was in its worst times (Stalin) you can only be glad that we have nukes of our own.
What are you talking about? The USSR invaded countries that tried to implement a political system that it didn't like. Why, it would defend any Middle Eastern country that would ally with it, regardless of the brutality of it's government. And don't forget that they invaded Afghanistan!!!
Um. Never mind.
(To be fair, by most reports Stalin killed 10 million of his own people. He made a secret pact with Hitler to split Poland, and was a real bad guy. I hate George W. as much as the next expat, but let's not get carried away.)
There's no law requiring children be born in a hospital. It just seems that way, in America at least. (In Holland being pregnant isn't a disease, so most women give birth at home.)
You do need to have a SSN for your children in order to claim them as dependents on your taxes. When this change was introduced, there ended up being a lot less children, meaning a lot of people where cheating on their taxes.
Re:I downloaded Debian two days ago
on
Gentoo Linux 1.2
·
· Score: 2
I found the full information by going to the Debian site, clicking on "search" and typing in "upgrading". I found the Upgrading a distribution page which details it.
Running a root name server is nothing like running one of the gTLD servers. Believe me, my company runs one of the roots and provides support for another root. I got yelled at the last time I said the name of my company, so you'll have to trust me (not that I'm bitter or anything).
Running a root name server basically means running BIND for a few hundred NS records in one zone file. You set up a cluster of boxes that run some random Unix variant, although to be honest a dual-CPU Athlon MP box could easily handle the load we see here. That's it.
Any web hosting company could run a root name server.
Running a gTLD, however, probably means running your own version of BIND (at least, I think Verisign runs a tweaked version for their domains - not that Vixie would have any trouble tweaking BIND;)), on higher-end boxes (the COM domain hasn't fit in a 32-bit memory space for 4 or so years now, and I expect that ORG probably doesn't these days). It also means using some sort of registry-registrar protocol for the comptetive registrars, and most importantly setting up administration to deal with these registrars, various end users, ICANN, and the like - meaning ticketing systems, account management, help desks, etc, etc.
Not rocket science, but an entirely different ball of wax.
But the original cause of the problem was the first patch set that Sun provided, which broke the system. LESS patches per unit time would have been better.
The ZwXxx routines provide a set of system entry points parallel to some of the executive's system services. A call to a ZwXxx routine from kernel-mode code results in a call to the corresponding system service.
Now, as Microsoft do not document the executive services, only the public WIN32 calls and the kernel-mode DDK calls, one has to rely on the ZwXXX documentation for the actual powers of these executive services. The interface should be the same when called from user-space as when called from kernel-space.
I saw this on the User-Mode Linux mailing list this morning. A clear case of an API that only Microsoft is supposed to have access to.
B.S. Sun Microsystems releases patches for Solaris quite often, and we're a market leader for commercial Unix systems.
Lord knows why though. My most recent patch story with Sun was horrible.
In December our sysadmin foolishly applied the "Recommended Patch Set" from Sun, and our main application started leaking memory like a sieve. Since there were literally dozens of patches in the set, our sysadmin was very nervous about trying to track down which one was the problem and removing only it.
After a few painful days of debugging, I tracked it down to resolving a hostname from a multithreaded application. I produced a 30 line program to duplicate the result, and handed it our sysadmin, who contacted Sun.
It took Sun over a month to duplicate the result on their machines, even with the source code. When the finally did, they said "we duplicated the problem, and it's in Solaris 8 and the soon-to-be-released Solaris 9, and we're not going to fix it". My God.
So up the chain of command the request goes, and Sun finally agrees to fix it, because one of their large American customers asked them to. Translation: when one of our customers that we care about asks us to do something, we'll do it. The hundreds of thousands of Euros we've spent over the last few years on Sun's crappy slow boxes apparently don't mean a damn thing.
Sun is kind of the Jaba the Hut to Microsoft's Empire. They're no less evil, just less good at what they do.
From Solaris 2.5 to Solaris 8, POSIX threads on Solaris have been built on Sun threads. My understanding is that with Solaris 9, Sun has finally decided that POSIX threads are here to stay, and built their Sun threads on top of POSIX threads.
The idea of patent and copyright law is that if you allow someone a limited-time monopoly on inventions/publications then they will be able to make money on it. This encourages people to come up with wacky new ideas and thereby helps society in general.
This makes sense to some extent. However, I don't buy that preventing anyone from copying this comment for 99 years after my death is going to help society a whole lot. (Especially since I don't plan on dying for a long time.)
To prove my dedication, I hearby release this comment into the public domain.:)
The difference between Microsoft and everyone else is that Microsoft is arrogant, imposing, and rude towards its customers. Microsoft has lost the notion of working for the customers, which is why more and more people are turning away from Microsoft every day.
Actually, Sun is also arrogant, imposing, and rude towards its customers. If Sun destroyed Microsoft, we would be trading one dictator for another.
RIPE was one of the parties pressuring ICANN because they couldn't guarantee the root servers.
I don't think this is true. I worked at ARIN and now at the RIPE NCC, and frankly neither organization has ever really tried too hard to influence ICANN.
The reality is that ICANN wants for the Regional Internet Registries (RIR's - meaning APNIC, ARIN, and RIPE NCC, and soon LACNIC) to sign an agreement with them. Currently, only a Memorandium Of Understanding (MOU) has been signed, to the effect that the RIR's agree that in principle a contract with ICANN would be a good thing. ICANN would benefit from a contract in two ways.
First, they would get money. ICANN is always slavering for extra cash - something that should set off warning bells. This is a sticking point with me because the only thing the RIR's get from ICANN is allocations of big (/7 or/8) blocks of IP addresses, or blocks of AS numbers. This would take about 2 hours a month to administer. Nowhere near enough effort to justify the huge piles of cash ICANN wants from the RIR's, which are all not-for-profit companies.
Second, ICANN would get increased legitamacy. Having support from the RIR's, which are inherently bottom-up, would go a long way to making the top-down ICANN palatable to the ISP community.
There is a genuine place in the world for something like ICANN, but the lawyer-driven, power-hungry organization we have now is not the answer.
Slashdot Mirror
Interestingly, the k root name server has been running Debian Linux for a year or two now and has not had any "creak". It gets about 1500 queries/second per machine (the root server is distributed geographically via anycasting, and at each site by load balancing), and receives all manner of ill-formed packets.
Other root servers seem to run Linux (use nmap if you're curious), but I don't know the people running them so I can't be sure.
Now admittedly this is a very specific type of service: it's a single application that all fits into memory.
We're going to be moving www.ripe.net and whois.ripe.net from Solaris to Linux in 2004. The WWW server gets about 20 hits/second as you can see here, and the whois server gets around 28 hits/second as you can see here. These have more complex usage, with disk I/O, new process creation, and so on. I wouldn't let these services migrate if I thought they would be unstable.
You've obviously never used FreeBSD... The most unstable and buggy version of FreeBSD is a dramatic step-up from any Linux distro.
This is no troll, it's a fact, and extremely hard to dispute ("Linux never crashed for me" does not count).
My experiences with FreeBSD have been universally bad.
From the fact that it didn't support the built-in network card on my laptop (worked fine in Linux and Windows) to the fact that no less than 3 versions of the FreeBSD boot CD *and* floppy hard-locked on my desktop on install (worked fine in Linux and Windows). Then there's the fact that the POSIX threading support was bad enough to make our core application unusable on all versions of FreeBSD (up to 4.9, and it works fine on Linux and Solaris).
I also find the whole CURRENT/STABLE/RELEASE naming a little confusing, but I could live with that if FreeBSD actually provided any real-world benefit. The only areas where I've seen a real, measurable benefit to FreeBSD is in high-volume UDP servers (which is to say: DNS, or possibly NFS) or the IPv6 stack (thanks to the KAME project).
The fact is the FreeBSD technology is playing catch-up to Linux, and even if the technology were great, the childish "my OS is better than your OS" attitude of most FreeBSD users that I've met is what really makes FreeBSD stand out.
Politicians, no matter which country they come from, are only concerned with their adgendas [sic].
As opposed to techies, who are concerned with... ???
I disagree with the common techy notion that having politicians run the Internet is a bad thing. I would find it a horrible breach of public trust if governments did NOT track what was going on with the Internet.
Elected officials, trying to make sure that the interests of the parties they represent are met. Shock!! Horror!!!
I know the little Libertarian in most geeks screams "Don't Tread on Me", but I think it is important for governments to be aware and possible control some Internet activity. Otherwise only the profit motive will control what is going on. Which is not necessarily best. In many cases yes, but not in all cases.
Consider the break up of AT&T. The US government broke up a company that was providing high-quality service to almost all Americans. End result? Extreme price reduction, and increased service. Not all government actions are evil. Letting markets and other forces run uncontrolled is not always a good idea.
It depends on the production, doesn't it? I mean, if you have a machine that collates addresses and prints mailing labels, then you can run with the test kernel and if it gives you better performance and works, who cares if it's "only for testing"? What's the problem?
Once a box is rooted, you take it of as SOON AS POSSIBLE and reinstall.
One problem with this is that simply reinstalling a r00ted machine is no guarantee that it won't immediately be r00ted again.
While being hacked sucks, it is the worst time to panic. Remember, when you suddenly notice something strange on the machine and realise you've been owned, it could have been compromised for weeks or even months.
While you should immediately prevent it from doing further harm, you should also attempt to do a bit of forensics. See what kind of traffic it's sending, and to where. Make sure it hasn't compromised other boxes on your network (or elsewhere). When you take it off-line, get a disk image so you can try to understand how the machine was entered in a safer, contained, environment.
OTOH, if you know you the person who set the box up was lazy and didn't patch appropriately, and you are reasonably sure you know which exploit got you, then just reinstalling can make sense. As can firing the pinhead who put your organisation at risk.
Another issue with Bolkenstein and many, many, many other politicians is that they believe that most issues are way too complex for the common people to understand.
I'm not familiar with Bolkenstein, but I assure you that it is neither desireable nor possible to know all of the details of every facet of every system that affects us. Spend some time working with standards making bodies (e.g. IETF), policy making groups (e.g. ARIN), or similiar organisations, and you will know that the raw volume of documentation you would have to consume (and produce!) makes this impossible.
Specialization is good. It's efficient! That's why we have doctors, engineers, hairdressers, etc. Most geeks (correctly) maintain that the average user doesn't have a clue about their computers or networks. While the geek community is tainted by an undercurrent of scorn about this, the general principle that the average person is below-average in most fields of endeavour is unavoidable.
Right, because nobody filters IP addresses from ISP's that originate spam.
My understanding is that this is SOP for scriptwriters, for instance. No matter what the sales are, the net profit magically ends up being zero, so they never get any royalties.
You're completely right. I have always considered us (europe) to be good allies of the US, but in these absurd times, where the US government is getting almost as bad and rotten as the USSR was in its worst times (Stalin) you can only be glad that we have nukes of our own.
What are you talking about? The USSR invaded countries that tried to implement a political system that it didn't like. Why, it would defend any Middle Eastern country that would ally with it, regardless of the brutality of it's government. And don't forget that they invaded Afghanistan!!!
Um. Never mind.
(To be fair, by most reports Stalin killed 10 million of his own people. He made a secret pact with Hitler to split Poland, and was a real bad guy. I hate George W. as much as the next expat, but let's not get carried away.)
But maybe you don't consider Stanford an educational institution.
There's no law requiring children be born in a hospital. It just seems that way, in America at least. (In Holland being pregnant isn't a disease, so most women give birth at home.)
You do need to have a SSN for your children in order to claim them as dependents on your taxes. When this change was introduced, there ended up being a lot less children, meaning a lot of people where cheating on their taxes.
I found the full information by going to the Debian site, clicking on "search" and typing in "upgrading". I found the Upgrading a distribution page which details it.
Short answer: apt-get is your friend.
The response was not that the proposal was a bad idea, but rather that it had already been implemented. I didn't see any insults.
Running a root name server is nothing like running one of the gTLD servers. Believe me, my company runs one of the roots and provides support for another root. I got yelled at the last time I said the name of my company, so you'll have to trust me (not that I'm bitter or anything).
;)), on higher-end boxes (the COM domain hasn't fit in a 32-bit memory space for 4 or so years now, and I expect that ORG probably doesn't these days). It also means using some sort of registry-registrar protocol for the comptetive registrars, and most importantly setting up administration to deal with these registrars, various end users, ICANN, and the like - meaning ticketing systems, account management, help desks, etc, etc.
Running a root name server basically means running BIND for a few hundred NS records in one zone file. You set up a cluster of boxes that run some random Unix variant, although to be honest a dual-CPU Athlon MP box could easily handle the load we see here. That's it.
Any web hosting company could run a root name server.
Running a gTLD, however, probably means running your own version of BIND (at least, I think Verisign runs a tweaked version for their domains - not that Vixie would have any trouble tweaking BIND
Not rocket science, but an entirely different ball of wax.
The Vatican hires Swiss guards which, I assure you, are armed just like any security firm that is worried about people assassinating its clients.
But the original cause of the problem was the first patch set that Sun provided, which broke the system. LESS patches per unit time would have been better.
http://www.geocrawler.com/lists/3/SourceForge/709
I saw this on the User-Mode Linux mailing list this morning. A clear case of an API that only Microsoft is supposed to have access to.
B.S. Sun Microsystems releases patches for Solaris quite often, and we're a market leader for commercial Unix systems.
Lord knows why though. My most recent patch story with Sun was horrible.
In December our sysadmin foolishly applied the "Recommended Patch Set" from Sun, and our main application started leaking memory like a sieve. Since there were literally dozens of patches in the set, our sysadmin was very nervous about trying to track down which one was the problem and removing only it.
After a few painful days of debugging, I tracked it down to resolving a hostname from a multithreaded application. I produced a 30 line program to duplicate the result, and handed it our sysadmin, who contacted Sun.
It took Sun over a month to duplicate the result on their machines, even with the source code. When the finally did, they said "we duplicated the problem, and it's in Solaris 8 and the soon-to-be-released Solaris 9, and we're not going to fix it". My God.
So up the chain of command the request goes, and Sun finally agrees to fix it, because one of their large American customers asked them to. Translation: when one of our customers that we care about asks us to do something, we'll do it. The hundreds of thousands of Euros we've spent over the last few years on Sun's crappy slow boxes apparently don't mean a damn thing.
Sun is kind of the Jaba the Hut to Microsoft's Empire. They're no less evil, just less good at what they do.
From Solaris 2.5 to Solaris 8, POSIX threads on Solaris have been built on Sun threads. My understanding is that with Solaris 9, Sun has finally decided that POSIX threads are here to stay, and built their Sun threads on top of POSIX threads.
Funny, I consider my computing interesting, and I don't even need 20 Gbyte, much less 2 Tbyte. Huh.
Perhaps you mean solder then?
A little knowledge is a dangerous thing.
The idea of patent and copyright law is that if you allow someone a limited-time monopoly on inventions/publications then they will be able to make money on it. This encourages people to come up with wacky new ideas and thereby helps society in general.
:)
This makes sense to some extent. However, I don't buy that preventing anyone from copying this comment for 99 years after my death is going to help society a whole lot. (Especially since I don't plan on dying for a long time.)
To prove my dedication, I hearby release this comment into the public domain.
The difference between Microsoft and everyone else is that Microsoft is arrogant, imposing, and rude towards its customers. Microsoft has lost the notion of working for the customers, which is why more and more people are turning away from Microsoft every day.
;)
Actually, Sun is also arrogant, imposing, and rude towards its customers. If Sun destroyed Microsoft, we would be trading one dictator for another.
I like IBM though.
If I looked down and saw something I hadn't expected, I think I'd close my zipper.
RIPE was one of the parties pressuring ICANN because they couldn't guarantee the root servers.
/8) blocks of IP addresses, or blocks of AS numbers. This would take about 2 hours a month to administer. Nowhere near enough effort to justify the huge piles of cash ICANN wants from the RIR's, which are all not-for-profit companies.
I don't think this is true. I worked at ARIN and now at the RIPE NCC, and frankly neither organization has ever really tried too hard to influence ICANN.
The reality is that ICANN wants for the Regional Internet Registries (RIR's - meaning APNIC, ARIN, and RIPE NCC, and soon LACNIC) to sign an agreement with them. Currently, only a Memorandium Of Understanding (MOU) has been signed, to the effect that the RIR's agree that in principle a contract with ICANN would be a good thing. ICANN would benefit from a contract in two ways.
First, they would get money. ICANN is always slavering for extra cash - something that should set off warning bells. This is a sticking point with me because the only thing the RIR's get from ICANN is allocations of big (/7 or
Second, ICANN would get increased legitamacy. Having support from the RIR's, which are inherently bottom-up, would go a long way to making the top-down ICANN palatable to the ISP community.
There is a genuine place in the world for something like ICANN, but the lawyer-driven, power-hungry organization we have now is not the answer.