At my last gig I was responsible for ~30 Linux servers, all running Red Hat. There were about 5 of them running RHAS 2.1 and the rest were running 7.x
I spent a couple of days with the Oracle DBA benchmarking our applications and found it interesting that 7.3 was a tad faster than RHAS 2.1. Hardware was IBM x345, dual 2.4GHz Xeons, 2.5GB RAM, ~200GB RAID 0+1. Yes, hyperthreading was disabled.
I find it odd that Red Hat's "Enterprise Linux" is missing some key enterprise features that can be found in its consumer distribution (such as Logical Volume Management). BTW, LVM is broken in Red Hat unless you compile your own kernel, otherwise you can't mount snapshots.
In any case, Red Hat's new pricing scheme is flat out extortion. I had enterprise support on my servers and ever single time I reported a problem, I was either delayed until I found the solution for myself online or flat out told "That's not supported." You might wonder what's not supported. How about LDAP authentication? The automounter?
There are some things about Red Hat that are wonderful. And some that are pretty good. In the wonderful category, their installer is just the bees knees. Especially if you're kickstarting your servers. RHN is a nice tool but fundamentally flawed in that you must use Red Hat's repository; imagine 30 servers downloading the same 45MB of RPM's over a T1 at the same time over https (which can't be cached). yum goes a long way towards fixing this.
Debian has some nice points but IMHO has a lousy installer and zero enterprise management tools (such as RHN for Red Hat). People have been bitching about the installer forever and nothing seems to be getting overhauled there.
If I were doing this from the ground up right now, I'd go with RH 9. Keep your eyes open and keep track of major releases by RH and evaluate for yourself when an upgrade is necessary. RHEL is made up of many components that have been deprecated in the mainstream release (such as CUPS, I think Sendmail may also be deprecated). For LVM features you need >8.0 anyway. Use yum for your package management, build your own local package repository, and spend a little time learning about the guts of RPM.
Actually I think that a mainframe may fit better, considering (from IBM paradigm) that the mainframes are more vertically oriented and the AS/400's more horizontal.
Think of a mainframe as a refrigerator form factor (at least the late model ones) and the AS/400 as a very tall coffee table.
The black thing in the foreground of this picture is a late model IBM mainframe. It basically takes up as much room as any 19" equipment rack (or, like I said, a refrigerator).
The downside to an AS/400 or a mainframe no matter which way you go is the exotic (for residential) power hookup requirements. Many local governments preclude residential zoned lots from having three phase power, which could really screw you if you want to bring home the big iron.
With drivers for the 802.11g adapter, more people would look at providing alternative firmwares. I've recently started working on such a project for the Dell TrueMobile 1184 because Dell actually provided source code when asked, and all the hardware support is there with open source drivers.
The RAID 5 configuration is going to be terribly slow for writing operations. Best to spend money on fast disks (15,000 RPM) and a RAID 0+1 or RAID 10 configuration. You lose 50% of your disk to the RAID but it will be much faster and much more resilient.
Do use squid to save on internet bandwidth (and make sure to peer with other caches).
I have some ideas on how to stretch your dollars and do this in a very efficient & resilient manner. Drop me an email if you would like to engage in more direct dialogue about this (see my site for contact info).
Try the Dell TrueMobile 1184 wireless router. It has five ethernet ports on it, a prism2 wireless adapter, oh and did I mention it runs Linux and Dell is happy to give you the source for the GPL components?
Spin your own firmware and have a Linux router with several 100Mbps and one 802.11b interface all for less than $75.
X11 is nice and all, but I'm going to risk losing some karma here and say that it is not going to be useful to me for day to day use because of simple little things like lack of system clipboard integration (X11 apps have their own clipboard). When/if OOo runs natively as an aqua app I'll be glad to switch.
FWIW, Dell has an access point / router that runs Linux called the Dell TrueMobile 1184. The difference is, when you contact Dell, they give you the source code.
I have set up a <a href="http://trilug.org/~chrish/">page</a> ; on <a href="http://trilug.org/~chrish/">my web site</a> that deals with this wireless router, how to take it apart, what features are there to exploit, etc.
I realize this is a late response but the search engines should hopefully pick up on this for those that are interested.
What you're proposing is getting off the ground in the Philadelphia area already (being lead mostly by the Philadelphia Linux Users Group right now), and is already in various stages of deployment in other major cities. I think the first trick is to get free wireless broadband to the last mile, and sort out the wide area connectivity later. Note I'm not implying free Internet here, but rather free high speed services to local or regional content.
What I want is something more than this. I would love to be able to tweak the code to this box to enable IPv6, add OSPF, and have a really really cheap node for my community wireless network. As it stands now I gotta build custom gear with a Soekris system board, flash disk, blah blah blah and it is going to cost many hundreds of dollars. Being able to use a purpose build Linksys box would be awesome. If they aren't going to enable IPv6 and routing protocols, then I wouldn't mind doing it myself.
...and they shrugged it off, claiming it wasn't their problem. Hotmail actually pointed the finger at MSN, and MSN wasn't responsive when I included them in the loop.
Here's an example of the kind of brush-off I got when reporting this to Hotmail. Note that I've reported the issue several times, tried to have it escalated as I suspected it was a hole in their DAV implementation. Here's what I would get back from them:
Hello warthog,
Thank you for writing to MSN Hotmail.
This is Alvin and I'm writing in response to your complaint.
I have checked the mail including the headers and it appears that the mail passed through a Hotmail server. However, kindly note that this does not mean such e-mail originated from our domain.
Sometimes, e-mail delivery between different domains are relayed through other servers. This is the reason why a Hotmail server appears in the mail header. It is possible that your ISP or e-mail provider employs such method.
I understand how it feels when an illegal activity has not been given proper attention. However, we're only allowed to investigate Hotmail members. In this case, I strongly suggest that you contact the Help program or the Abuse section of the domain from which the unwanted e-mail originated.
Predatory fish live long happy lives. The ubiquitous Oscar, for example, has no problem living beyong 15 years in captivity (from first hand experience). Piranhas can exceed 20 years happily in captivity. Don't believe me? Check out the piranhas at the Baltimore Aquarium.
Most predatory fish, BTW, are more sedentary than the fish that they feed on. The food fish are the ones that live fast and die young. The longest I've been able to get them to live is about 10 years (black tetras, three of 'em).
Your friend with the barracudas is a bad example of a fish keeper. You should not form opinions of fish longevity from his inability to keep anything alive.
I have been kicking around the idea of an 802.16 WMAN for the city of Philadelphia and surrounding counties, with the idea that it would be a private network address space with the option for local ISP's to provide Internet gateway services to paying customers. On the upside, local folks could set up their own ftp mirrors, p2p services, etc. without having to pay the high bandwidth costs associated with the wired Internet.
This would of course require volunteer management of the address space, DNS, etc. but there could be great benefits to a free high speed WMAN with commercial (and maybe free?) options for Internet connectivity from there.
Well when the file is copied and redistributed, there is no credit given to the musicians or to the OpenBSD project itself. It seems pretty pointless and lazy to not spend the 1 minute to fill in the ID3 tags before distributing the MP3's.
If Apple does make the buy, as rumoured, I wonder how that will play out with regards to their infamous lawsuit brought by Apple Corps (the music holding company that handles The Beatles properties). My understanding is that the settlement was only good as long as Apple Computer stayed out of the music business.
Unlike most sites, where I am assaulted with an offensive animated GIF banner ad (I don't see pop-ups anymore... thanks to Mozilla), Google has very intelligently targetted ads. I was doing a search on LED flashlights just to learn more and ended up buying one from one of Google's advertisers. The advertiser was someone that I had never heard of before, and wouldn't have come up high in the search results on its own, but they had a nice non-offensive placement right where I needed to see it (and I did see & click it). The combination of less offensive ads and better targetting is actually of great value to me and I am more likely to click those ads.
When will/. go to a similar system? I was blocking/. ads until they put the images on the same server as the regular web art and now I just ignore them. Please go to something less intrusive like Google so I can help pay the bills.
Re:So can someone explain these things?
on
OpenPGP Meetup
·
· Score: 1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
High level overview here.
E-mail sent via SMTP is the electronic equivilant of a postcard. Anyone handling the message en-route can read it in clear text. But because it is digital, the likelihood of it being read by at *least* a 'bot (like Carnivore) is quite high.
The other major problem with e-mail is accountability; how do I know who this message *really* came from?
OpenPGP implementations like PGP and GnuPG address both of these issues.
You can encrypt a message to make sure only the intended recipient can open it. If regular email is a post card, encrypted email is more like a courier delivered parcel with a lock on it that only the recipient has a key for.
These programs also allow a sender to digitally sign messages in such a way that you can authenticate that a message is from the person that they claim to be.
But how do you know that the signature is valid? The Internet is a global community, and the people you get email from are from all over the world. I have never personally met the guy that maintains security patches for my favorite Linux distro, but a lot of other people have. They went through the trouble of looking at his drivers license or passport and then signing his key to vouch for his identity with their own key. There is a chain, or rather a web, of trust extending from me to the guy that signs those security updates. The more direct the link between me and the other guy, the more likely I can trust the message is legit. Or the more people that *I* trust that trust someone else, the more I can trust that third party.
Your own messages become more trustworthy if lots of people sign your key. Likewise, you're going to have more direct paths to other people around the Internet if you cross-sign with other OpenPGP users often.
It's especially important to do this when you travel, as the web of trust tends to have concentrated regional pockets and really needs links between regional webs to tie them together.
That said, I'm often available to sign keys in the suburbs of Philadelphia. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin)
Were this a different economy, I'd probably push the issue knowing that if I lost the fight I'd be able to go somewhere that had fair compensation policies.
Preliminary research shows that IT managers can choose to compensate excessive overtime via flat fee bonuses or comp time, but probably should not be paid on an hourly basis. The dilemma for employers who really want to do right by their employees is that overtime compensation for exempt employees can threaten the employee's exempt status, and trigger a retroactive compensation for all overtime worked over the last three years. Though, the threat is usually blown out of proportion by companies who want to hide behind these gotchas in order to get lots of free labor.
Though I haven't been keeping track of my hours worked to date, it might be appropriate considering that the number of weekends that I'm expected to sacrafice to my employer is extending well into the spring, and conflicting badly with my more important responsibility of being a good husband and father.
I think the only way one can reasonably expect to confront their management and seriously expect compensation is if the entirety of the IT department goes in together and acts *gasp* almost like a labor union. This is a very dangerous move, and will definitely trigger threats by the employer and maybe a few token dismissals to drive the point home. But they cannot afford to lose their whole IT department at once and if everyone sticks to their guns, real change can happen.
I need to take my Palm Pilot out of mothballs; I used to have an application on there to break down billing hours for all of my clients, and it did a great job of reporting my hours over a given period of time. That way if anyone gives me crap for going home early on a sunny friday afternoon I have something to point back to. Better yet, I'd rather have official comp time or straight time compensation.
I bought the LightWave 2100 flashlight a couple of months back to keep in my 72 hour emergency kit. In a nutshell, I'm disappointed.
Here are some of the things that bug me about it:
* Light is blue, not white. I was expecting a crisp white light, not a dull blue one. * No reflector. The LED's are nested in a black plastic dish. * No lense. Not only can you not focus the beam, but the LED's themselves have no protection.
Ultimately I didn't do my homework when I bought this thing. I hope there are some better ones out there that address some of the shortcomings that I mentioned.
Well I hope I am not jinking things but thus far deadly.org seems to be holding up well to the/. effect. It's on my normal rounds anyway and I went there before I came here. Was surprised to see a deadly.org headline without the site being crushed.
Google for information on Monolithic Dome construction. When your modern tract houses are starting to fall apart, the concrete in a dome house will just be hitting its prime. They are also remarkably resilient against fire & adverse weather conditions (hurricanes/tornadoes).
Monolithic domes are the castles of the 21st century.
Slashdot Mirror
At my last gig I was responsible for ~30 Linux servers, all running Red Hat. There were about 5 of them running RHAS 2.1 and the rest were running 7.x
I spent a couple of days with the Oracle DBA benchmarking our applications and found it interesting that 7.3 was a tad faster than RHAS 2.1. Hardware was IBM x345, dual 2.4GHz Xeons, 2.5GB RAM, ~200GB RAID 0+1. Yes, hyperthreading was disabled.
I find it odd that Red Hat's "Enterprise Linux" is missing some key enterprise features that can be found in its consumer distribution (such as Logical Volume Management). BTW, LVM is broken in Red Hat unless you compile your own kernel, otherwise you can't mount snapshots.
In any case, Red Hat's new pricing scheme is flat out extortion. I had enterprise support on my servers and ever single time I reported a problem, I was either delayed until I found the solution for myself online or flat out told "That's not supported." You might wonder what's not supported. How about LDAP authentication? The automounter?
There are some things about Red Hat that are wonderful. And some that are pretty good. In the wonderful category, their installer is just the bees knees. Especially if you're kickstarting your servers. RHN is a nice tool but fundamentally flawed in that you must use Red Hat's repository; imagine 30 servers downloading the same 45MB of RPM's over a T1 at the same time over https (which can't be cached). yum goes a long way towards fixing this.
Debian has some nice points but IMHO has a lousy installer and zero enterprise management tools (such as RHN for Red Hat). People have been bitching about the installer forever and nothing seems to be getting overhauled there.
If I were doing this from the ground up right now, I'd go with RH 9. Keep your eyes open and keep track of major releases by RH and evaluate for yourself when an upgrade is necessary. RHEL is made up of many components that have been deprecated in the mainstream release (such as CUPS, I think Sendmail may also be deprecated). For LVM features you need >8.0 anyway. Use yum for your package management, build your own local package repository, and spend a little time learning about the guts of RPM.
Actually I think that a mainframe may fit better, considering (from IBM paradigm) that the mainframes are more vertically oriented and the AS/400's more horizontal.
Think of a mainframe as a refrigerator form factor (at least the late model ones) and the AS/400 as a very tall coffee table.
The black thing in the foreground of this picture is a late model IBM mainframe. It basically takes up as much room as any 19" equipment rack (or, like I said, a refrigerator).
The downside to an AS/400 or a mainframe no matter which way you go is the exotic (for residential) power hookup requirements. Many local governments preclude residential zoned lots from having three phase power, which could really screw you if you want to bring home the big iron.
With drivers for the 802.11g adapter, more people would look at providing alternative firmwares. I've recently started working on such a project for the Dell TrueMobile 1184 because Dell actually provided source code when asked, and all the hardware support is there with open source drivers.
First of all the CPU horsepower is overkill.
The RAID 5 configuration is going to be terribly slow for writing operations. Best to spend money on fast disks (15,000 RPM) and a RAID 0+1 or RAID 10 configuration. You lose 50% of your disk to the RAID but it will be much faster and much more resilient.
Do use squid to save on internet bandwidth (and make sure to peer with other caches).
I have some ideas on how to stretch your dollars and do this in a very efficient & resilient manner. Drop me an email if you would like to engage in more direct dialogue about this (see my site for contact info).
Try the Dell TrueMobile 1184 wireless router. It has five ethernet ports on it, a prism2 wireless adapter, oh and did I mention it runs Linux and Dell is happy to give you the source for the GPL components?
Spin your own firmware and have a Linux router with several 100Mbps and one 802.11b interface all for less than $75.
X11 is nice and all, but I'm going to risk losing some karma here and say that it is not going to be useful to me for day to day use because of simple little things like lack of system clipboard integration (X11 apps have their own clipboard). When/if OOo runs natively as an aqua app I'll be glad to switch.
FWIW, Dell has an access point / router that runs Linux called the Dell TrueMobile 1184. The difference is, when you contact Dell, they give you the source code.
I have set up a <a href="http://trilug.org/~chrish/">page</a> ; on <a href="http://trilug.org/~chrish/">my web site</a> that deals with this wireless router, how to take it apart, what features are there to exploit, etc.
I realize this is a late response but the search engines should hopefully pick up on this for those that are interested.
What you're proposing is getting off the ground in the Philadelphia area already (being lead mostly by the Philadelphia Linux Users Group right now), and is already in various stages of deployment in other major cities. I think the first trick is to get free wireless broadband to the last mile, and sort out the wide area connectivity later. Note I'm not implying free Internet here, but rather free high speed services to local or regional content.
What I want is something more than this. I would love to be able to tweak the code to this box to enable IPv6, add OSPF, and have a really really cheap node for my community wireless network. As it stands now I gotta build custom gear with a Soekris system board, flash disk, blah blah blah and it is going to cost many hundreds of dollars. Being able to use a purpose build Linksys box would be awesome. If they aren't going to enable IPv6 and routing protocols, then I wouldn't mind doing it myself.
Happystink said:
I think they mean it passed through the hotmail server on the way to this guy's hotmail account?
Negative. I am neither an MSN nor a Hotmail user. Come on, give me some credit for good taste.
...and they shrugged it off, claiming it wasn't their problem. Hotmail actually pointed the finger at MSN, and MSN wasn't responsive when I included them in the loop.
.
Here's an example of the kind of brush-off I got when reporting this to Hotmail. Note that I've reported the issue several times, tried to have it escalated as I suspected it was a hole in their DAV implementation. Here's what I would get back from them:
Hello warthog,
Thank you for writing to MSN Hotmail.
This is Alvin and I'm writing in response to your complaint.
I have checked the mail including the headers and it appears that the
mail passed through a Hotmail server. However, kindly note that this
does not mean such e-mail originated from our domain.
Sometimes, e-mail delivery between different domains are relayed
through other servers. This is the reason why a Hotmail server appears
in the mail header. It is possible that your ISP or e-mail provider
employs such method.
I understand how it feels when an illegal activity has not been given
proper attention. However, we're only allowed to investigate Hotmail
members. In this case, I strongly suggest that you contact the Help
program or the Abuse section of the domain from which the unwanted
e-mail originated
Sincerely,
Alvin F.
MSN Hotmail Customer Support
Predatory fish live long happy lives. The ubiquitous Oscar, for example, has no problem living beyong 15 years in captivity (from first hand experience). Piranhas can exceed 20 years happily in captivity. Don't believe me? Check out the piranhas at the Baltimore Aquarium.
Most predatory fish, BTW, are more sedentary than the fish that they feed on. The food fish are the ones that live fast and die young. The longest I've been able to get them to live is about 10 years (black tetras, three of 'em).
Your friend with the barracudas is a bad example of a fish keeper. You should not form opinions of fish longevity from his inability to keep anything alive.
I have been kicking around the idea of an 802.16 WMAN for the city of Philadelphia and surrounding counties, with the idea that it would be a private network address space with the option for local ISP's to provide Internet gateway services to paying customers. On the upside, local folks could set up their own ftp mirrors, p2p services, etc. without having to pay the high bandwidth costs associated with the wired Internet.
This would of course require volunteer management of the address space, DNS, etc. but there could be great benefits to a free high speed WMAN with commercial (and maybe free?) options for Internet connectivity from there.
Well when the file is copied and redistributed, there is no credit given to the musicians or to the OpenBSD project itself. It seems pretty pointless and lazy to not spend the 1 minute to fill in the ID3 tags before distributing the MP3's.
Anyone else find it annoying that the OpenBSD songs don't have ID3 tags giving proper attribution?
I thought the whole point of using a BSD license over public domain was that BSD license gives credit.
If Apple does make the buy, as rumoured, I wonder how that will play out with regards to their infamous lawsuit brought by Apple Corps (the music holding company that handles The Beatles properties). My understanding is that the settlement was only good as long as Apple Computer stayed out of the music business.
Unlike most sites, where I am assaulted with an offensive animated GIF banner ad (I don't see pop-ups anymore... thanks to Mozilla), Google has very intelligently targetted ads. I was doing a search on LED flashlights just to learn more and ended up buying one from one of Google's advertisers. The advertiser was someone that I had never heard of before, and wouldn't have come up high in the search results on its own, but they had a nice non-offensive placement right where I needed to see it (and I did see & click it). The combination of less offensive ads and better targetting is actually of great value to me and I am more likely to click those ads.
/. go to a similar system? I was blocking /. ads until they put the images on the same server as the regular web art and now I just ignore them. Please go to something less intrusive like Google so I can help pay the bills.
When will
-----BEGIN PGP SIGNED MESSAGE-----
u Kx 8pTaFKi2VkxRnW
=0gkI
Hash: SHA1
High level overview here.
E-mail sent via SMTP is the electronic equivilant of a postcard. Anyone handling the message en-route can read it in clear text. But because it is digital, the likelihood of it being read by at *least* a 'bot (like Carnivore) is quite high.
The other major problem with e-mail is accountability; how do I know who this message *really* came from?
OpenPGP implementations like PGP and GnuPG address both of these issues.
You can encrypt a message to make sure only the intended recipient can open it. If regular email is a post card, encrypted email is more like a courier delivered parcel with a lock on it that only the recipient has a key for.
These programs also allow a sender to digitally sign messages in such a way that you can authenticate that a message is from the person that they claim to be.
But how do you know that the signature is valid? The Internet is a global community, and the people you get email from are from all over the world. I have never personally met the guy that maintains security patches for my favorite Linux distro, but a lot of other people have. They went through the trouble of looking at his drivers license or passport and then signing his key to vouch for his identity with their own key. There is a chain, or rather a web, of trust extending from me to the guy that signs those security updates. The more direct the link between me and the other guy, the more likely I can trust the message is legit. Or the more people that *I* trust that trust someone else, the more I can trust that third party.
Your own messages become more trustworthy if lots of people sign your key. Likewise, you're going to have more direct paths to other people around the Internet if you cross-sign with other OpenPGP users often.
It's especially important to do this when you travel, as the web of trust tends to have concentrated regional pockets and really needs links between regional webs to tie them together.
That said, I'm often available to sign keys in the suburbs of Philadelphia.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
iEYEARECAAYFAj6XU5YACgkQYPuF4Zq9lvZDBACdE8Yew9A
lrMAoLykn6/e/XnmpYIyKAwK9u7/o8wP
-----END PGP SIGNATURE-----
I'm in the same boat.
Were this a different economy, I'd probably push the issue knowing that if I lost the fight I'd be able to go somewhere that had fair compensation policies.
Preliminary research shows that IT managers can choose to compensate excessive overtime via flat fee bonuses or comp time, but probably should not be paid on an hourly basis. The dilemma for employers who really want to do right by their employees is that overtime compensation for exempt employees can threaten the employee's exempt status, and trigger a retroactive compensation for all overtime worked over the last three years. Though, the threat is usually blown out of proportion by companies who want to hide behind these gotchas in order to get lots of free labor.
Though I haven't been keeping track of my hours worked to date, it might be appropriate considering that the number of weekends that I'm expected to sacrafice to my employer is extending well into the spring, and conflicting badly with my more important responsibility of being a good husband and father.
I think the only way one can reasonably expect to confront their management and seriously expect compensation is if the entirety of the IT department goes in together and acts *gasp* almost like a labor union. This is a very dangerous move, and will definitely trigger threats by the employer and maybe a few token dismissals to drive the point home. But they cannot afford to lose their whole IT department at once and if everyone sticks to their guns, real change can happen.
I need to take my Palm Pilot out of mothballs; I used to have an application on there to break down billing hours for all of my clients, and it did a great job of reporting my hours over a given period of time. That way if anyone gives me crap for going home early on a sunny friday afternoon I have something to point back to. Better yet, I'd rather have official comp time or straight time compensation.
I bought the LightWave 2100 flashlight a couple of months back to keep in my 72 hour emergency kit. In a nutshell, I'm disappointed.
Here are some of the things that bug me about it:
* Light is blue, not white. I was expecting a crisp white light, not a dull blue one.
* No reflector. The LED's are nested in a black plastic dish.
* No lense. Not only can you not focus the beam, but the LED's themselves have no protection.
Ultimately I didn't do my homework when I bought this thing. I hope there are some better ones out there that address some of the shortcomings that I mentioned.
Your average fluorescent bulb has less mercury than your average thermometer.
Your average compact fluorescent has far less mercury than your average fluorescent.
So for God's sake, please stop taking your temperature before you die!
I wasn't looking at the BSD page; I was looking at the MAIN page.
Well I hope I am not jinking things but thus far deadly.org seems to be holding up well to the /. effect. It's on my normal rounds anyway and I went there before I came here. Was surprised to see a deadly.org headline without the site being crushed.
Amanda comes up a lot. They can't span tapes.
Veritas also comes up a lot. Aside from cost, did you know Veritas can't back up single files larger than 2GB in size on Linux clients?
On paper, BRU looks pretty darned good. I haven't yet put that theory into practice.
Google for information on Monolithic Dome construction. When your modern tract houses are starting to fall apart, the concrete in a dome house will just be hitting its prime. They are also remarkably resilient against fire & adverse weather conditions (hurricanes/tornadoes).
Monolithic domes are the castles of the 21st century.