Carnegie Mellon University, where I used to work, has the following disclaimer at login:
This system is for the use of authorized users only. Unauthorized use may be monitored and recorded. In the course of such monitoring or through system maintenance, the activities of authorized users may be monitored.
By using this system you expressly consent to such monitoring.
I think this is for two reasons: one--to make any evidence they find against crackers more legally clear. two--to cover their asses in the case that they accidentally read someone's email (or the equivalent) doing system maintenance.
It's important to remember that if you're in any sort of shared environment, your sysadmin can very easily read every byte in the system, follow every bit thrown out the pipe, and etc. What's important is that ethical sysadmins don't use this power for evil.:)
No really--I'm serious. As a sysadmin, and a BBS sysop before that, I've had the power to do things like read users' email for a long time. I feel that I have an ethical responsibility akin to those a doctor or lawyer has with respect to confidentiality. I will not pry--but even if I do, I have no right to make public things that I learn. This is most important when doing routine things like backups or looking for files which are taking up too much space, or fixing mail spool files when there's a bad mail loop, or the like.
It's hard not to learn things about people that you shouldn't know in these cases. And as a result, I don't believe in sharing information learned in such ways with anyone at any time. I'm upset when I hear stories about sysadmins stumbling across somebody's private stash of kiddie porn and turning them in. It's true that kiddie porn is pretty damned foul--but in the interest of protecting everybody's right to "sysadmin confidentiality", I still don't think such things should be mentioned. At the very least, I'd probably say "please remove these files from the system, or I'll have to take steps against a potential DoS attack by law enforcement officials."
Anyway, my two cents. I think I'll go look up the CPSR and other like-minded groups now and see if anybody's got a sysadmin code of ethics.:)
The way IPv6 uses MAC addresses isn't actually what people seem to think it is. IPv6 *allows* MAC addresses to be used for a quick-n-dirty link-level IPv6 address. This allows a machine to use BOOTP and DHCP like services via IP, with a real IP address even from the start. Once DHCP or BOOTP or the like has provided a normal IPv6 address to the machine, life goes on as normal.
The whole purpose of the system is to allow configuration protocols to use IP, even when machines haven't yet been assigned an IP address.
Er. While IMAP as a protocol isn't as perfect as some people (*cough* Crispin *cough*) would like to believe, a good server can do quite well. As noted before, a number of places have big imap servers running.
Also note that you can use Cyrus, for example, as an efficient sealed POP3 server. It does quite well in this manner, too.
The thing I think is a big win about Cyrus in particular is that regardless of how the users see folders and their inboxes, there's good management stuff to handle it under the hood--nothing like, say, having to set up a symlink farm in/var/spool/mail so that different people are on different disks.
The Cyrus server from Carnegie Mellon does very very well at delivering POP3 and IMAP4--they designed it to be very very scalable. There's one server currently handling the entire campus right now (12000ish people? More? I forget), including an IMAP gatewayed set of usenet. And it still works quite well.
The machine they're using is big iron (a big Ultrasparc with raid and so on), but I don't expect you can handle this sort of load with anything but.
Also of note is that the Cyrus folks are working on ways to do good load-balancing with IMAP (for example, allowing clients to transparently find the right server for a given mailbox).
I doubt very much that any MS solution could scale this well without a lot of effort. Cyrus or some similar piece of IMAP4 software is probably what you should be aiming at.
Finally, if you're only planning on doing mail, and not shared mailboxes or usenet-via-imap sorts of things, and if you have the space not to need to migrate users from one server to another to balance, you should be able to do decent by-hand load balancing right now. (i.e. "your server is mail7.people-with-mail.org")
I believe this is exactly why parts of bison and flex were put under the LGPL (which RMS is crazy to deprecate). The parts of the code which are inserted into output are allowed to be linked to by non-GPL programs. This may not be legally the same, but it's certainly analogous.
Slashdot Mirror
Carnegie Mellon University, where I used to work, has the following disclaimer at login:
I think this is for two reasons: one--to make any evidence they find against crackers more legally clear. two--to cover their asses in the case that they accidentally read someone's email (or the equivalent) doing system maintenance.
It's important to remember that if you're in any sort of shared environment, your sysadmin can very easily read every byte in the system, follow every bit thrown out the pipe, and etc. What's important is that ethical sysadmins don't use this power for evil. :)
No really--I'm serious. As a sysadmin, and a BBS sysop before that, I've had the power to do things like read users' email for a long time. I feel that I have an ethical responsibility akin to those a doctor or lawyer has with respect to confidentiality. I will not pry--but even if I do, I have no right to make public things that I learn. This is most important when doing routine things like backups or looking for files which are taking up too much space, or fixing mail spool files when there's a bad mail loop, or the like.
It's hard not to learn things about people that you shouldn't know in these cases. And as a result, I don't believe in sharing information learned in such ways with anyone at any time. I'm upset when I hear stories about sysadmins stumbling across somebody's private stash of kiddie porn and turning them in. It's true that kiddie porn is pretty damned foul--but in the interest of protecting everybody's right to "sysadmin confidentiality", I still don't think such things should be mentioned. At the very least, I'd probably say "please remove these files from the system, or I'll have to take steps against a potential DoS attack by law enforcement officials."
Anyway, my two cents. I think I'll go look up the CPSR and other like-minded groups now and see if anybody's got a sysadmin code of ethics. :)
The way IPv6 uses MAC addresses isn't actually what people seem to think it is. IPv6 *allows* MAC addresses to be used for a quick-n-dirty link-level IPv6 address. This allows a machine to use BOOTP and DHCP like services via IP, with a real IP address even from the start. Once DHCP or BOOTP or the like has provided a normal IPv6 address to the machine, life goes on as normal.
The whole purpose of the system is to allow configuration protocols to use IP, even when machines haven't yet been assigned an IP address.
Er. While IMAP as a protocol isn't as perfect as some people (*cough* Crispin *cough*) would like to believe, a good server can do quite well. As noted before, a number of places have big imap servers running.
/var/spool/mail so that different people are on different disks.
Also note that you can use Cyrus, for example, as an efficient sealed POP3 server. It does quite well in this manner, too.
The thing I think is a big win about Cyrus in particular is that regardless of how the users see folders and their inboxes, there's good management stuff to handle it under the hood--nothing like, say, having to set up a symlink farm in
visigoth@unix9 ~$ hostname /etc/passwd /etc/passwd
unix9.andrew.cmu.edu
visigoth@unix9 ~$ wc -l
19517
Some of the accounts are probably defunct, but since the university prunes accounts pretty proactively, I expect the majority are active.
The majority of the above users get mail on the one big-iron Cyrus server I mentioned.
The Cyrus server from Carnegie Mellon does very very well at delivering POP3 and IMAP4--they designed it to be very very scalable. There's one server currently handling the entire campus right now (12000ish people? More? I forget), including an IMAP gatewayed set of usenet. And it still works quite well.
The machine they're using is big iron (a big Ultrasparc with raid and so on), but I don't expect you can handle this sort of load with anything but.
Also of note is that the Cyrus folks are working on ways to do good load-balancing with IMAP (for example, allowing clients to transparently find the right server for a given mailbox).
I doubt very much that any MS solution could scale this well without a lot of effort. Cyrus or some similar piece of IMAP4 software is probably what you should be aiming at.
Finally, if you're only planning on doing mail, and not shared mailboxes or usenet-via-imap sorts of things, and if you have the space not to need to migrate users from one server to another to balance, you should be able to do decent by-hand load balancing right now. (i.e. "your server is mail7.people-with-mail.org")
I believe this is exactly why parts of bison and flex were put under the LGPL (which RMS is crazy to deprecate). The parts of the code which are inserted into output are allowed to be linked to by non-GPL programs. This may not be legally the same, but it's certainly analogous.