It's not a control thing. It's a reliability thing.
Any downtime is not tolerated. For every minute my production machines are down, we're losing hundreds of thousands of dollars. Really.
Why should I let anyone except someone who doesn't know exactly what power they wield have it?
I'm not getting thrown anywhere. My systems, company-wide, had the best availability numbers for the first 11 months of this year. And all of last year.
That's because I coordinate with my development teams, and we're in sync on any projects going on.
And if you want to compare us against other customers, Sun came in and did an evaluation of our systems as per our Platinum support agreement. Our RAS profile score was better than *ANYONE* in the United States.
So yeah, maybe I don't let the developers have free reign, but we also have the best-performing, most available systems around.
Any of our systems with web serving needs, that's how we do it.
If you don't understand it, that's not my problem.
It depends on the requirements, yes, but for anything running Apache, Websphere, Tomcat, WebLogic, etc. this is how we've architected highly available solutions, that are (at least nominally) more secure.
If you're going to question what I've said, go look it up yourself. It's a great architecture, and doesn't require any other inbound access other than port 80.
(Port 80 --> CSS/SCA --> port 8000 to backend servers.)
The clients never know they're talking to anything other than 80.
Quite frankly, when people ask my what my objective is, it's a very simple one:
"Don't get paged."
My customer is the system, my objective is the availability of said system.
Like you said, most developers have no idea really what goes on behind the scenes. They don't understand why building a cluster is difficult, let alone what quorum is, failure fencing algorithms and the like.
They have no idea why it's perfectly OK for a cluster node to shut itself down, given the right circumstances...
But I digress...
The article sounds like a guy who's never worked in a real enterprise shop, and is upset because they didn't give him admin rights on his PC...:)
My developers tend to want to run their web servers on port 80. I won't let them.
Why not? Because then they have to have root privs to start/stop the app.
No dice.
What's my solution?
Run the webserver on a high port (I tend to use 8000, but that's arbitrary)
Put the systems (Yes, each app has to have at least two for redundancy) behind a pair of load balancers. Let the load balancer do the work. While we're at it, make sure the load balancers have SSL accelerators too, so we can offload that from the CPUs...
Much saner architecture than letting a developer download Apache from Sunfreeware and running it on port 80.
I'm not defending all the admins, because there ARE a lot of clueless ones out there, but have you ever stopped to think that we're here as subject matter experts?
I'm a UNIX system administrator. My responsibility is to ensure my systems perform well. This includes actual performance statistics (I/O, CPU, memory), security, reliability, scalability.
It also means I need to scale up the hardware as applications grow. I need to keep tabs on what my systems are doing, and why.
I'm the "guy who gets in your way" because my responsibility is to the system, not to you.
I don't work for you. I work for the systems. They are my "customers" if you will.
Sure, I slow you down when I tell you "No, your app can't run as root."
I slow you down when I make you diagram your database so we can lay out the I/O correctly.
I slow you down when I make you tell me what you're doing with shared memory so I can tune my kernel.
I slow you down when I ask for projections over the next year so I can plan the hardware and scale appropriately.
I slow you down when I shut off telnet, ftp, r services, and every other plaintext protocol. You b*tch and moan because your expect script from 1994 needs to be rewritten, but too bad.
I slow you down when I ask for a detailed list of which ports your application uses, who they communicate with, and what IP blocks I need to permit access from.
Yep, I'm in your way.
That's my job.
And if you don't like it, well, too bad. I *DON'T* ask you why you're using C instead of Java. That's not my business.
I'm a systems subject matter expert. I don't pretend to be a code expert.
Your a coding expert. Don't pretend to be a systems expert.
Let me do my job, and I'll let you do yours. We need to work *together* and understand the interactions between your code and my systems.
Systems are NOT simple. They're very complex; you need to understand all the interactions here, from the kernel through the disk management (whether it be VxVM, LVM, or whathaveyou), through the network drives, through the firmware, through the HBA drivers...
Let me do my job. Yep, it'll "slow you down" a bit, but in the end, we'll actually have a complete SYSTEM that functions. Code, OS, hardware.
So you can't roll things out in an hour anymore. At least it works now.
ATTWS did a software upgrade to their provisioning systems in the beginning of November which is *STILL* affecting their ability to activate.
Trust me, it's a PITA for our company (not ATTWS).... we've been getting a LOT of ATTWS customers (tens of thousands), and we'd get a lot more if their systems worked.:)
If I've ever met a group of people who understand the Spam Problem, it's them.
This is *fantastic* news! The guys at IronPort Systems make the best damned mail routers I've ever seen. Bar none.
Their SenderBase and Bonded Sender programs are really a lead into solving the SPAM problem.
Both products integrate directly into the IronPort C60 mail appliances and automatically apply what they call "reputation filters" which let you control SPAM. You can throttle based on the "reputation score" from SenderBase, as well as traditional methods.
The fact that BrightMail is integrated also is a major bonus.
Back to the original point, I'd definitely give IronPort a chance here. They're a GREAT group of people (I've met everyone from the CEO on down), understand e-mail, and really want to do the Right Thing.
Check them out at: http://www.ironport.com
Unfortunately, my company's rules won't let me give a public testimonial as a satisfied customer, but believe me, if I could, I would!!
At my company, we get annual "merit-based" bonuses in March. The bonus is based 25% on my evaluation (performance), 25% on my department's overall performance, and 50% on the company's performance as a whole.
Last year, my bonus was $9200. I suspect it will be higher this coming year (We're having an even better year!)
As a real sysadmin (I don't play one on TV, I do the real thing), let me just say that this is most definitely a Good Thing (tm) for SuSE.
There's no way, no how that they could write a volume manager or filesystem product that's even in the same league with VxFS and VxVM.
The clustering product is also very, very robust. It's a simple, clean design, yet very powerful if you know how to take advantage of it. A welcome breath of fresh air after Sun Cluster 2.x and even 3.x (What dogs!)
Does anyone else here know what Foundation Suite is? It provides a full volume management solution; no, this isn't so you can "mount your wind00z mp3z" or stuff like that. This is for real volume management, real disk replacement, real mirroring/striping/etc.
And VxFS is probably the most kick-ass filesystem I've ever used. The journaling alone is just fantastic, and the speed.... damn, it's fast. Even better, using Quick I/O....
Good for SuSE! About damned time Linux gained "real" volume management, filesystems & clustering.
Real businesses trust their data to real companies. Veritas is one of 'em.
Did you know that the TI-92's software is built around Derive?
http://education.ti.com/us/product/tech/92/featu re s/features.html
Wow, I just found out the TI-92 is discontinued. I remember when they were still in beta (I was in college at the time)... they were *SO* cool! Who knew a calculator could handle integrals?
If, during this period, further technical and operational evaluations of the changes made by VeriSign on 15 September indicate that those measures can be reinstated, or reinstated with modifications, without adverse effects, I will initiate the process to modify the.com and.net agreements to allow those changes to take place. We will use best efforts to complete these evaluations in a timely manner.
So, basically, if I read this right..
ICANN doesn't per se have a problem with the Sitefinder service, but rather, the manner in which VeriSign implemented it?
Ugh.
So basically, they're asking VeriSign to stop until they can take a look at it, give it a green light, and rubber-stamp it.....
Slashdot Mirror
Oops, that's a typo. I meant to say:
Why should I let anyone except someone who knows exactly what power they wield have it?
Sorry pal, it isn't like that.
Developers don't need root access. Simple.
For what? Give me one good reason why.
It's not a control thing. It's a reliability thing.
Any downtime is not tolerated. For every minute my production machines are down, we're losing hundreds of thousands of dollars. Really.
Why should I let anyone except someone who doesn't know exactly what power they wield have it?
I'm not getting thrown anywhere. My systems, company-wide, had the best availability numbers for the first 11 months of this year. And all of last year.
That's because I coordinate with my development teams, and we're in sync on any projects going on.
And if you want to compare us against other customers, Sun came in and did an evaluation of our systems as per our Platinum support agreement. Our RAS profile score was better than *ANYONE* in the United States.
So yeah, maybe I don't let the developers have free reign, but we also have the best-performing, most available systems around.
Bullshit.
That's *EXACTLY* how I *ARCHITECT* systems.
Any of our systems with web serving needs, that's how we do it.
If you don't understand it, that's not my problem.
It depends on the requirements, yes, but for anything running Apache, Websphere, Tomcat, WebLogic, etc. this is how we've architected highly available solutions, that are (at least nominally) more secure.
If you're going to question what I've said, go look it up yourself. It's a great architecture, and doesn't require any other inbound access other than port 80.
(Port 80 --> CSS/SCA --> port 8000 to backend servers.)
The clients never know they're talking to anything other than 80.
Quite frankly, when people ask my what my objective is, it's a very simple one:
...
...
... :)
"Don't get paged."
My customer is the system, my objective is the availability of said system.
Like you said, most developers have no idea really what goes on behind the scenes. They don't understand why building a cluster is difficult, let alone what quorum is, failure fencing algorithms and the like.
They have no idea why it's perfectly OK for a cluster node to shut itself down, given the right circumstances
But I digress
The article sounds like a guy who's never worked in a real enterprise shop, and is upset because they didn't give him admin rights on his PC
Well, there you go.
My developers tend to want to run their web servers on port 80. I won't let them.
Why not? Because then they have to have root privs to start/stop the app.
No dice.
What's my solution?
Run the webserver on a high port (I tend to use 8000, but that's arbitrary)
Put the systems (Yes, each app has to have at least two for redundancy) behind a pair of load balancers. Let the load balancer do the work. While we're at it, make sure the load balancers have SSL accelerators too, so we can offload that from the CPUs...
Much saner architecture than letting a developer download Apache from Sunfreeware and running it on port 80.
And then people wonder why we have sysadmins?
I'm not defending all the admins, because there ARE a lot of clueless ones out there, but have you ever stopped to think that we're here as subject matter experts?
I'm a UNIX system administrator. My responsibility is to ensure my systems perform well. This includes actual performance statistics (I/O, CPU, memory), security, reliability, scalability.
It also means I need to scale up the hardware as applications grow. I need to keep tabs on what my systems are doing, and why.
I'm the "guy who gets in your way" because my responsibility is to the system, not to you.
I don't work for you. I work for the systems. They are my "customers" if you will.
Sure, I slow you down when I tell you "No, your app can't run as root."
I slow you down when I make you diagram your database so we can lay out the I/O correctly.
I slow you down when I make you tell me what you're doing with shared memory so I can tune my kernel.
I slow you down when I ask for projections over the next year so I can plan the hardware and scale appropriately.
I slow you down when I shut off telnet, ftp, r services, and every other plaintext protocol. You b*tch and moan because your expect script from 1994 needs to be rewritten, but too bad.
I slow you down when I ask for a detailed list of which ports your application uses, who they communicate with, and what IP blocks I need to permit access from.
Yep, I'm in your way.
That's my job.
And if you don't like it, well, too bad. I *DON'T* ask you why you're using C instead of Java. That's not my business.
I'm a systems subject matter expert. I don't pretend to be a code expert.
Your a coding expert. Don't pretend to be a systems expert.
Let me do my job, and I'll let you do yours. We need to work *together* and understand the interactions between your code and my systems.
Systems are NOT simple. They're very complex; you need to understand all the interactions here, from the kernel through the disk management (whether it be VxVM, LVM, or whathaveyou), through the network drives, through the firmware, through the HBA drivers...
Let me do my job. Yep, it'll "slow you down" a bit, but in the end, we'll actually have a complete SYSTEM that functions. Code, OS, hardware.
So you can't roll things out in an hour anymore. At least it works now.
Mirsky's Worst of the Web.
Yes, yes they do.
:)
ATTWS did a software upgrade to their provisioning systems in the beginning of November which is *STILL* affecting their ability to activate.
Trust me, it's a PITA for our company (not ATTWS).... we've been getting a LOT of ATTWS customers (tens of thousands), and we'd get a lot more if their systems worked.
It's only $5 more/mo.
:)
For CATV customers, it's $44.95/mo, for non-CATV customers, it's $49.95/mo.
$49.95/mo is *so* well worth it for 10mbit down/1mbit up it's not funny.
That's prolly because Hoboken smells like pee.
........
Only in Hoboken would yuppies pay $1m to live in abandoned coffee factories
No sir, sorry.
I'm just a very satisfied customer, 'tis all.
We're one of the "World-Class Customers" on IronPort's web page though; you guess which one.
No way, the guys at IronPort are fantastic.
If I've ever met a group of people who understand the Spam Problem, it's them.
This is *fantastic* news! The guys at IronPort Systems make the best damned mail routers I've ever seen. Bar none.
Their SenderBase and Bonded Sender programs are really a lead into solving the SPAM problem.
Both products integrate directly into the IronPort C60 mail appliances and automatically apply what they call "reputation filters" which let you control SPAM. You can throttle based on the "reputation score" from SenderBase, as well as traditional methods.
The fact that BrightMail is integrated also is a major bonus.
Back to the original point, I'd definitely give IronPort a chance here. They're a GREAT group of people (I've met everyone from the CEO on down), understand e-mail, and really want to do the Right Thing.
Check them out at: http://www.ironport.com
Unfortunately, my company's rules won't let me give a public testimonial as a satisfied customer, but believe me, if I could, I would!!
Heh, this sounds like the OS/2 problem:
We make a better DOS than DOS, and a better Windows than Windows!
So who'd bother writing for OS/2 when I can just write for Win or DOS?
http://www.sun.com/2003-1118/feature/
Uhm, David BOIES has been mentioned here before ....... :)
2 20 4&mode=nested&tid=109
2 29 &mode=nested&tid=141
1 25 6&mode=nested&tid=141
http://slashdot.org/article.pl?sid=99/02/19/164
http://slashdot.org/article.pl?sid=00/06/17/237
http://slashdot.org/article.pl?sid=00/07/04/004
At my company, we get annual "merit-based" bonuses in March. The bonus is based 25% on my evaluation (performance), 25% on my department's overall performance, and 50% on the company's performance as a whole.
:)
Last year, my bonus was $9200. I suspect it will be higher this coming year (We're having an even better year!)
And no, we're not a repo company.
RAID != Backups.
If you don't understand why, just put your Packard Bell back in the box and ship it back.
Tell them you're too stupid to own a computer.
As a real sysadmin (I don't play one on TV, I do the real thing), let me just say that this is most definitely a Good Thing (tm) for SuSE.
There's no way, no how that they could write a volume manager or filesystem product that's even in the same league with VxFS and VxVM.
The clustering product is also very, very robust. It's a simple, clean design, yet very powerful if you know how to take advantage of it. A welcome breath of fresh air after Sun Cluster 2.x and even 3.x (What dogs!)
Does anyone else here know what Foundation Suite is? It provides a full volume management solution; no, this isn't so you can "mount your wind00z mp3z" or stuff like that. This is for real volume management, real disk replacement, real mirroring/striping/etc.
And VxFS is probably the most kick-ass filesystem I've ever used. The journaling alone is just fantastic, and the speed.... damn, it's fast. Even better, using Quick I/O....
Good for SuSE! About damned time Linux gained "real" volume management, filesystems & clustering.
Real businesses trust their data to real companies. Veritas is one of 'em.
Patch man, patch!
....................
d .z ip
That is one dirt-old kernel ya got there
ftp://sunsolve.sun.com/pub/patches/7_Recommende
Let's not forget our friends over at IronPort Systems (www.ironport.com). Great product, great team...
..
Amazing, first real dot-com I've dealt with that has a real solid shot of being the Big Dog in what they do
How so?
...
It also syncs with Rio players, among others
You know, this is amazing......
:)
There are absolutely *NO* "Alpha is dying" trolls in this topic.
Now *that* is a sign of the coming apocalypse.
Great piece of software, Derive is!
u re s/features.html
Did you know that the TI-92's software is built around Derive?
http://education.ti.com/us/product/tech/92/feat
Wow, I just found out the TI-92 is discontinued. I remember when they were still in beta (I was in college at the time)... they were *SO* cool! Who knew a calculator could handle integrals?
So, basically, if I read this right
ICANN doesn't per se have a problem with the Sitefinder service, but rather, the manner in which VeriSign implemented it?
Ugh.
So basically, they're asking VeriSign to stop until they can take a look at it, give it a green light, and rubber-stamp it
Actually, it was just plain "FILES=x".
Default was 8, not 3.
--DM