I can't agree more with you. What would it cost to Dell to supply hardware for the OpenBSD CVS server? Nothing.
A few month ago, I was looking for Opteron-based server racks. I saw on the Transtec home page a press release like "Transtec gave hardware to KDE developpers". I thought "hey, these guys are cool". And because of that, the company I'm working for ordered an Opteron server (2500 L) at Transtec. And since the server was performing well, we ordered for $ 300,000 of similar servers afterwards.
Maybe we would have bought the server at Transtec's without this little press release, who knows. But maybe not. It was the little thing that made me immediately think that Transtec was a nice company.
So the KDE fundation gets hardware, the vendor gets free ad and end users think the vendor is nice. Everyone wins.
Another thing is that if vendors help free operating systems by giving hardware, these operating systems will probably be fully compatible with that hardware. Which means that end-users will buy the hardware because they know that OpenBSD/Linux/DragonFlyBSD/etc. will probably work on it. And it does because the vendor helped these projects at the first place, and for these vendors, giving a few servers is cheap. It can only be a win for them.
Indeed, for ethernet adapters, Realtek sucks and Intel e1000 are way better (although Syskonnect cards are not only even better, they are also cheaper).
But Realtek Wi-Fi adapters work well. I have a cheap one, but I never had any issue with it. On the other hand, my previous Netgear MA301/311 pair (Prism 2.5) was unreliable although it was only 11 Mb/s.
I'm really not convinced that they wouldn't have listened, or that waiting 2 or 3 months helps to have them listen.
Maybe posting your early ideas on crypto-related newsgroups would have helped in order to quickly get a paper about cache timings attacks so that people can protect their servers as soon as possible.
If you like FreeBSD 4.x, there's a better upgrade path: DragonFlyBSD.
You will probably get better performance out of it and as long as you stick with the RELEASE or PREVIEW tags, DragonFlyBSD is extremely stable.
When the Google name servers didn't work, web browsers tried to add ".com" and ".net" to the URL. And http://www.google.com.net/ is Sogosearch, because the "com.net" domain exists and it is owned by Sogosearch.
Just like the "net.com" domain that is also registered by another company.
Culprits are: - registrar who allows registration of.tld.tld domain names, - web browsers that are trying to add suffixes even though the domain name of the URL already has a known suffix.
Of course the TLD namespace is a moving target, but that rule could at least be enforced with.com/.net/.org/.biz/.edu/.mil.
Re:4.0.0 broke backward compatibility big time
on
A Review of GCC 4.0
·
· Score: 4, Insightful
gcc 4.0 just tries to follows standards. If something doesn't compile with gcc 4, don't blame the compiler. The source code was broken at the first place.
I work as a webmaster (among other things). And Internet Explorer is a very bogus piece of software.
Everything I design a web page, I do it under Firefox because the DOM inspector and the developer toolbar are very useful for developpers. Under Opera, Konqueror and Safari, the page always looks as expected. But with Internet Explorer, there are *always* unexpected behaviors. Half of my time is spent in adding IE-specific workarounds because of its bugs.
IE has also severe limitations: no alpha PNG support, no:hover except for links, no:before/:after, no position:fixed, etc. Other browser implement this for age.
This is why I'm dreaming of a world without such a product as a market leader. And this is why I encourage people to use Firefox.
I'm working for Skyblog, a popular french blog service.
The service is totally "free", as users don't need to pay anything in order to create their blogs.
But our web site is crippled with ads. Popup, pop-unders, megabanners, skyscrappers, Overture contextual ads, flash ads (with sound) and other annoyances...
To be fair, the user experience without an ad blocker is horrible. Maybe not for Internet Exploder users that never saw recent web pages without ads. But when you are using alternative browsers and ad blockers for ages, you really get a shock if you see the site without any shield.
However, these ads is what is paying my salary, my colleagues' salaries, the hardware and the bandwidth. Nothing else. Only these ads. The business model fully depends on ads. Without these ads, we would have to charge for every blog.
I think the best thing to do is to go the Slashdot way. You want to use the service free of charge? You get the ads.
You don't want any ad? Pay a tiny fee. This fee is enough to keep the service up and running, you don't see ads any more, and you don't violate any contract.
The Slashdot subscribtion mechanism is really a clever idea.
Ad blocking is not fair. Because some people don't know how to install software, they have to watch more ads to balance other people who know how to install ad blockers.
On the other hand, I can't imagine going to web site without Adblock any more. Ads are really too intrusive nowadays.
But if every web site could accept cheap subscriptions in order to remove ads, I would definitely subscribe.
Re:Perhaps the SCM Solution is not the problem
on
Linus Drops BitKeeper
·
· Score: 1
Yes, critical parts of the Linux kernel have been redesigned and rewritten several times. Is it just for fun or to break things? No. It was always to rewrite things in a cleaner and more modular way.
Yes, iptables has obsoleted ipchains and ipfwadm. But the older interfaces are still there is you need them.
And yes, the VM system is being constantly tweaked. Linux targets a wide range of hardware, from embedded devices to 1024-ways NUMA supercomputers, and it tries to be optimal for all kind of applications. This is not a trivial task. Do you really think that it is humanly possible to design the perfect VM that you can stick with for years? Definitely not.
Rewritting things (in a better way) may introduce breakage but it is the best thing to do for the long term.
FreeBSD tends to be conservative. In order to fix bugs or to implement new things, hacks over hacks over the old code are added. This is a safe bet, but this "stability" hides the fact that parts of the code have just become unmaintainable.
This is why the DragonFlyBSD project is slowly rewritting major parts of the kernel, in a modern, simple and maintainable way.
Also maybe the reason why the Linux and DragonFlyBSD codes are changing so much is because people prefer coding over trolling.
I wouldn't recommended DragonFlyBSD for beginners. Although the installer is easy to use, things can be a bit more complicated once the beast has been installed. Using cvsup and ports, while straightforward for experienced Unix users, is difficult for newbies, even with good documentation.
But since you're already familiar with Linux, you won't get lost with DragonFlyBSD. And the mailing-lists are very cool. People can really help you instead of just trolling like on other *BSD lists.
CVS was nice. But it has some very lousy limitations. Working with branches is a pain, and global revision numbers are really better than per-file revision numbers.
Software like Arch or Subversion are not just "alternative". They really solve issues that CVS had and will always have because of its design.
It doesn't mean that CVS doesn't work. It works. Even very well and even for very large projects. But people who tried alternatives usually never switched back to CVS.
I work both as a programmer and as a sysadmin. I work from 8am to 1am 7/7day, so it's about 120 hours a week (+ some full nights).
Yes, the lack of sleep is critical, and yes, I'm doing tons of typos and basic mistakes because of this. When it comes to coding, I'd probably be way more productive with a normal life schedule. I feel like it takes me hours or days to code something that took me a few minutes some years back.
But the sysadmin tasks can't easy be rescheduled. Every task has to be made at the right time (almost always during the night). Supervision and consolidation of the web sites have to be done when there is a high load of them, ie. from 7pm to 0am. Preparing the work for the next day is made from 0am to 1 or 2 am. And from 8am to 7pm, colleagues need someone for the daily tasks and issues.
I have some experience with administration of web sites with very high traffic. My previous experience was with p0rn sites (lots of sites, lots of concurrent accesses). My current job is at Skyrock / Skyblog, that serves about 25 million pages every day.
In both jobs, the infrastructure was extremely similar.
The entry point is one (or more) load balancer. A load balancer will not only blindly allow you to have multiple backends. It will also accept client connections, buffer the request, get the data from already established (keepalive) sessions, buffer it, and transmit it though large chunks to the client. This, alone, really helps to reduce the number of Apache processes that are taking resources (especially memory) for nothing.
The load balancer can also do other things, like protecting the servers against some attacks, plotting the current workload of every backend, compress HTML pages, etc.
At my previous job, we were using Foundry Serverirons. Now, we are using Zeus ZXTM http://www.zeus.co.uk/ with great success. Although it's very expensive software, it's way cheaper than Foundries, way more configurable, way more user-friendly and we are very pleased with it so far. A single PC handle 300 Mb/s (Linux 2.6 is needed for epoll).
The load balancer can also be configured to send the requests to this or that server according to the request.
Thus, servers are dedicated to specific tasks.
We have a bunch of static servers for static HTML, CSS, images, etc. They run minimal Apache servers, designed for speed, with NPTL and the worker MPM. Non-forking servers like thttpd or lighttpd is also an option. The static servers are mainly old P3 machines, with only 512 Mb RAM.
Then, we have servers for PHP. The Apache they are running is huge (our web sites need a lot of modules), the hosts are dual 3 Ghz Xeon with 2 Gb RAM and there are some other specific tweaks.
Content differentiation is important. It's a waste to spawn huge Apache process to serve static stuff, just because the same host should also be able to serve PHP. Also, tuning (esp. NFS) is very different for static and dynamic content. And as a specialized server often serves the same files, caching is more efficient.
We run Gentoo Linux on all web servers, plus one DragonFlyBSD (mostly for testing).
The same content differentiation is made for SQL server. One SQL server serves one sort of thing, so that caching is efficient. Also don't forget that on x86, Linux and MySQL can hardly use more than 2 Gb of RAM. So with big tables, this is really annoying. We are switching SQL servers to Transtec Opteron-based servers for that.
On high traffic infrastructures, the I/O is often the bottleneck especially if you serve a lot of different content.
For our blog service, we had to buy a Storagetek disk array with 56 disks (fiber channel, 15k) in RAID 10. As NFS would introduce too much delay, we directly plugged two web servers to the controller of the disk array. These web servers are the NFS servers for the PHP servers, but they also directly serve the static content.
The access time of hard disk is really annoying. For shared data, but also for databases. We found that RAID 5 was way too slow (even with the high-end Storagetek/LSI controller) since we have about 1 write for 5 reads. So we had to switch everything to RAID 10. It really performs better, but it's obviously more expensive.
Another bottleneck was the share of PHP sessions between all load-balanced PHP server. We first used a MySQL/InnoDB-based solution, but it poorly scaled. That's why I had to write specific software : Sharedance http://sharedance.pureftpd.org/
In a high-traffic infrastructure, my hint would be to use many modest, but specialized servers over one huge mega-fast server that does everything. This is way more scalable. And easier to manage, even from a financial point of view. You can b
Slashdot Mirror
Apache 2 is not in ports, but it can probably be compiled from source.
However, if you are looking for a real alternative to Apache 1, I'd suggest you try lighttpd (which is in ports).
I'm using BSD every day for 4 years (OpenBSD, DragonFlyBSD, NetBSD and Darwin), and I've never ever seen any "ERROR 1".
So your post is probably an useless troll about an imaginary error. Or if you think you hit a real bug, please fill a bug report.
Some days, I really think that maybe there is a "Troll on forums" step in the FreeBSD installation HOWTO.
I can't agree more with you. What would it cost to Dell to supply hardware for the OpenBSD CVS server? Nothing.
A few month ago, I was looking for Opteron-based server racks. I saw on the Transtec home page a press release like "Transtec gave hardware to KDE developpers".
I thought "hey, these guys are cool". And because of that, the company I'm working for ordered an Opteron server (2500 L) at Transtec. And since the server was performing well, we ordered for $ 300,000 of similar servers afterwards.
Maybe we would have bought the server at Transtec's without this little press release, who knows. But maybe not. It was the little thing that made me immediately think that Transtec was a nice company.
So the KDE fundation gets hardware, the vendor gets free ad and end users think the vendor is nice. Everyone wins.
Another thing is that if vendors help free operating systems by giving hardware, these operating systems will probably be fully compatible with that hardware. Which means that end-users will buy the hardware because they know that OpenBSD/Linux/DragonFlyBSD/etc. will probably work on it. And it does because the vendor helped these projects at the first place, and for these vendors, giving a few servers is cheap. It can only be a win for them.
Indeed, for ethernet adapters, Realtek sucks and Intel e1000 are way better (although Syskonnect cards are not only even better, they are also cheaper).
But Realtek Wi-Fi adapters work well. I have a cheap one, but I never had any issue with it. On the other hand, my previous Netgear MA301/311 pair (Prism 2.5) was unreliable although it was only 11 Mb/s.
I'm really not convinced that they wouldn't have listened, or that waiting 2 or 3 months helps to have them listen.
Maybe posting your early ideas on crypto-related newsgroups would have helped in order to quickly get a paper about cache timings attacks so that people can protect their servers as soon as possible.
December 31, 2004: FreeBSD Security Officer Team notified.
February 27, 2005 - March 18, 2005: Other security teams contacted.
Why notify FreeBSD and then wait 2 or 3 months before notifying other possibly affected vendors (at least other BSDs)?
This is really not a mature attitude.
If you like FreeBSD 4.x, there's a better upgrade path: DragonFlyBSD. You will probably get better performance out of it and as long as you stick with the RELEASE or PREVIEW tags, DragonFlyBSD is extremely stable.
When the Google name servers didn't work, web browsers tried to add ".com" and ".net" to the URL. And http://www.google.com.net/ is Sogosearch, because the "com.net" domain exists and it is owned by Sogosearch.
.tld.tld domain names,
.com/.net/.org/.biz/.edu/.mil.
Just like the "net.com" domain that is also registered by another company.
Culprits are:
- registrar who allows registration of
- web browsers that are trying to add suffixes even though the domain name of the URL already has a known suffix.
Of course the TLD namespace is a moving target, but that rule could at least be enforced with
gcc 4.0 just tries to follows standards. If something doesn't compile with gcc 4, don't blame the compiler. The source code was broken at the first place.
You can compile and run Konqueror without KDE, it's called Konqueror-embedded.
I work as a webmaster (among other things). And Internet Explorer is a very bogus piece of software.
:hover except for links, no :before/:after, no position:fixed, etc. Other browser implement this for age.
Everything I design a web page, I do it under Firefox because the DOM inspector and the developer toolbar are very useful for developpers. Under Opera, Konqueror and Safari, the page always looks as expected. But with Internet Explorer, there are *always* unexpected behaviors. Half of my time is spent in adding IE-specific workarounds because of its bugs.
IE has also severe limitations: no alpha PNG support, no
This is why I'm dreaming of a world without such a product as a market leader. And this is why I encourage people to use Firefox.
ipfw is obsolete and I wouldn't qualify it as "competent" in year 2005.
Darwin is a very good operating system, but the firewall is a weakness.
I really whish Apple will merge pf, just like all other *BSD flavors.
I'm working for Skyblog, a popular french blog service.
The service is totally "free", as users don't need to pay anything in order to create their blogs.
But our web site is crippled with ads. Popup, pop-unders, megabanners, skyscrappers, Overture contextual ads, flash ads (with sound) and other annoyances...
To be fair, the user experience without an ad blocker is horrible. Maybe not for Internet Exploder users that never saw recent web pages without ads. But when you are using alternative browsers and ad blockers for ages, you really get a shock if you see the site without any shield.
However, these ads is what is paying my salary, my colleagues' salaries, the hardware and the bandwidth. Nothing else. Only these ads. The business model fully depends on ads. Without these ads, we would have to charge for every blog.
I think the best thing to do is to go the Slashdot way. You want to use the service free of charge? You get the ads.
You don't want any ad? Pay a tiny fee. This fee is enough to keep the service up and running, you don't see ads any more, and you don't violate any contract.
The Slashdot subscribtion mechanism is really a clever idea.
Ad blocking is not fair. Because some people don't know how to install software, they have to watch more ads to balance other people who know how to install ad blockers.
On the other hand, I can't imagine going to web site without Adblock any more. Ads are really too intrusive nowadays.
But if every web site could accept cheap subscriptions in order to remove ads, I would definitely subscribe.
Yes, critical parts of the Linux kernel have been redesigned and rewritten several times. Is it just for fun or to break things? No. It was always to rewrite things in a cleaner and more modular way.
Yes, iptables has obsoleted ipchains and ipfwadm. But the older interfaces are still there is you need them.
And yes, the VM system is being constantly tweaked. Linux targets a wide range of hardware, from embedded devices to 1024-ways NUMA supercomputers, and it tries to be optimal for all kind of applications. This is not a trivial task. Do you really think that it is humanly possible to design the perfect VM that you can stick with for years? Definitely not.
Rewritting things (in a better way) may introduce breakage but it is the best thing to do for the long term.
FreeBSD tends to be conservative. In order to fix bugs or to implement new things, hacks over hacks over the old code are added. This is a safe bet, but this "stability" hides the fact that parts of the code have just become unmaintainable.
This is why the DragonFlyBSD project is slowly rewritting major parts of the kernel, in a modern, simple and maintainable way.
Also maybe the reason why the Linux and DragonFlyBSD codes are changing so much is because people prefer coding over trolling.
Bullshit.
We use MyISAM databases that are over 20 gigs with no issue so far (except myisamchk time...).
This is why the DragonFlyBSD project does exist.
I wouldn't recommended DragonFlyBSD for beginners. Although the installer is easy to use, things can be a bit more complicated once the beast has been installed. Using cvsup and ports, while straightforward for experienced Unix users, is difficult for newbies, even with good documentation.
But since you're already familiar with Linux, you won't get lost with DragonFlyBSD. And the mailing-lists are very cool. People can really help you instead of just trolling like on other *BSD lists.
It's a pity that DragonFlyBSD wasn't benchmarked in place of FreeBSD.
I really don't see any reason to stick with FreeBSD, especially FreeBSD 4, instead of switching to DragonFlyBSD.
Well, Subversion is 5 years old, it's not really "too new".
I don't see the point.
CVS was nice. But it has some very lousy limitations. Working with branches is a pain, and global revision numbers are really better than per-file revision numbers.
Software like Arch or Subversion are not just "alternative". They really solve issues that CVS had and will always have because of its design.
It doesn't mean that CVS doesn't work. It works. Even very well and even for very large projects.
But people who tried alternatives usually never switched back to CVS.
I work both as a programmer and as a sysadmin. I work from 8am to 1am 7/7day, so it's about 120 hours a week (+ some full nights).
Yes, the lack of sleep is critical, and yes, I'm doing tons of typos and basic mistakes because of this. When it comes to coding, I'd probably be way more productive with a normal life schedule. I feel like it takes me hours or days to code something that took me a few minutes some years back.
But the sysadmin tasks can't easy be rescheduled. Every task has to be made at the right time (almost always during the night). Supervision and consolidation of the web sites have to be done when there is a high load of them, ie. from 7pm to 0am. Preparing the work for the next day is made from 0am to 1 or 2 am. And from 8am to 7pm, colleagues need someone for the daily tasks and issues.
Falk AG is not the only advertising provider that has been compromized.
K-otik reported that Realmedia (OpenAdStream, those oas.* hosts) where compromized as well.
The main issue with memcached is that everything needs to fit in the process memory.
This is not an option when sessions are very large (our scripts use them a lot for caching).
This is also not an option if you need redundancy, or at least if you don't want to lose all sessions if a server is rebooted.
But Sharedance can be used exactly like memcached, with everything in ram. Just assign a tmpfs volume as the storage area.
I have some experience with administration of web sites with very high traffic. My previous experience was with p0rn sites (lots of sites, lots of concurrent accesses). My current job is at Skyrock / Skyblog, that serves about 25 million pages every day.
In both jobs, the infrastructure was extremely similar.
The entry point is one (or more) load balancer.
A load balancer will not only blindly allow you to have multiple backends. It will also accept client connections, buffer the request, get the data from already established (keepalive) sessions, buffer it, and transmit it though large chunks to the client. This, alone, really helps to reduce the number of Apache processes that are taking resources (especially memory) for nothing.
The load balancer can also do other things, like protecting the servers against some attacks, plotting the current workload of every backend, compress HTML pages, etc.
At my previous job, we were using Foundry Serverirons. Now, we are using Zeus ZXTM http://www.zeus.co.uk/ with great success. Although it's very expensive software, it's way cheaper than Foundries, way more configurable, way more user-friendly and we are very pleased with it so far. A single PC handle 300 Mb/s (Linux 2.6 is needed for epoll).
The load balancer can also be configured to send the requests to this or that server according to the request.
Thus, servers are dedicated to specific tasks.
We have a bunch of static servers for static HTML, CSS, images, etc. They run minimal Apache servers, designed for speed, with NPTL and the worker MPM. Non-forking servers like thttpd or lighttpd is also an option. The static servers are mainly old P3 machines, with only 512 Mb RAM.
Then, we have servers for PHP. The Apache they are running is huge (our web sites need a lot of modules), the hosts are dual 3 Ghz Xeon with 2 Gb RAM and there are some other specific tweaks.
Content differentiation is important. It's a waste to spawn huge Apache process to serve static stuff, just because the same host should also be able to serve PHP. Also, tuning (esp. NFS) is very different for static and dynamic content. And as a specialized server often serves the same files, caching is more efficient.
We run Gentoo Linux on all web servers, plus one DragonFlyBSD (mostly for testing).
The same content differentiation is made for SQL server. One SQL server serves one sort of thing, so that caching is efficient. Also don't forget that on x86, Linux and MySQL can hardly use more than 2 Gb of RAM. So with big tables, this is really annoying. We are switching SQL servers to Transtec Opteron-based servers for that.
On high traffic infrastructures, the I/O is often the bottleneck especially if you serve a lot of different content.
For our blog service, we had to buy a Storagetek disk array with 56 disks (fiber channel, 15k) in RAID 10. As NFS would introduce too much delay, we directly plugged two web servers to the controller of the disk array. These web servers are the NFS servers for the PHP servers, but they also directly serve the static content.
The access time of hard disk is really annoying. For shared data, but also for databases. We found that RAID 5 was way too slow (even with the high-end Storagetek/LSI controller) since we have about 1 write for 5 reads. So we had to switch everything to RAID 10. It really performs better, but it's obviously more expensive.
Another bottleneck was the share of PHP sessions between all load-balanced PHP server. We first used a MySQL/InnoDB-based solution, but it poorly scaled. That's why I had to write specific software : Sharedance http://sharedance.pureftpd.org/
In a high-traffic infrastructure, my hint would be to use many modest, but specialized servers over one huge mega-fast server that does everything. This is way more scalable. And easier to manage, even from a financial point of view. You can b