Make sure the mechanism used to distribute the
mail directories to the pop/imap/whatever servers
is not NFS.
Over my objections, a colleague tried to have
the mail directories on on machine and the pop
servers on four others. At light loads he got
acceptable performance, and so put it in
production. With several thousand accounts, 30-minute (not seconds, minutes!)
delays between messages were common.
NFS (v2 and 3) is pessimal for constantly-updated files with ad-hoc locking
mechanisms.
As suggested in the parent, distribute the mail
files for a given user to a machine which
provides the pop and imap services from local disk.
I'm pleased to see this change in the release progress, as it tends to drive more stability. Called the "train" model, it means that the
release leaves the station the same time every
year (day, week (;-)). The "Bus" model has
the release happening whenn the bus (Linus's brain) is full and can't hold any more.
..and saith "This begs the question" really means
"you're lying".
Begging a question is
asking a question that implicitly assumes something is true that
the author is trying to get you to believe.
See also http://www.wsu.edu/~brians/errors/begs.html
That would make the sentence mean you are responsible for what your users choose to do with it, which is arguably false.
The old tkined program can put up a very big, very detailed connectivity map via a cheap LCD projector.
That's both visually attractive, and useful, as it spots blown machines and links relatively quickly, as longas you keep the tests low-cost (ping, SNMP gets, etc)
As I and others have said,
this could be used to make
a "prison" to lock out malefactors,
much like a safety-deposit box in a bank.
The bank owns the safe the
box is in, and credibly promises to
safeguard it, and I own the contents
of the box. And promise not to store
dead fish in it (;-))
I posted a three-paragaph response, but
it vaporized... let's see if this shows up.
--dave
Hmmn, If it gives me MAC it might be cool.
on
Sun Spearheads Open DRM
·
· Score: 2, Insightful
A digital rights management system depends
on a system of mandatory access controls (MAC),
and a means by which I grant an untrusted
remote sender certain limited rights, those needed to
turn on and off access to a device.
This could be used to grant strictly
controlled untrusted access to downloaded
content in general, included downloaded
content
ranging from cookies to SETI at Home.
The OS that supports that will need
to be somewhere arround B2 security,
something I know Linux, BSD and
the commercial Unixes can and have
acheieved, but
which I strongly
suspect VMS and Windows can't reach.
It's technically about Oracle, but it's
a good introduction to DBMS performance and
how use good science instead of urban
legends to tune a database:
Optimizing Oracle Performance by Cary Millsap with Jeff Holt
A company I consulted for (and a whole country,
but that's a different story) has been
through the offshoring process and is
now onshoring.
My former employer succeeded in outsourcing their
operations to EDS, and are still a happy EDS
customer.
They then tried a second cost-reduction
step, offshoring their development to
a well-respected firm on the opposite
side of the planet. The timezone problem
was a nuisance, but not a serious problem
except when doing maintenance, so they
offshored maintenance to the same company.
This seemed to work, but on looking
at the financial results a few quarters later,
they realized they'd done a very brave thing:
they'd inadvertently offshored their
software budgeting decisions. With both
maintenance and new development in the
hands of a supplier, the supplier was the
only person who could make credible decisions
about how much to spend. And the spending was growing.
So they turned around and started
onshoring, hiring some of the folks who had been
the offshoring team and moving them back to
Canada, co-locating them with the user
groups and the budgeting managers, and
go control of their own budget back.
They're now genuinely reluctant to allow anything
to be done remotely, including having me dial in from
home. They want my body withing shouting
distance of my manager!
Losing cost control can make you a little nervous
if you're a big company, because it can
rapidly make you a small company(;-))
Consider just the Unix companies who
sprang into existance in Silicon Valley. First they downloaded BSD 4.1c and developed an OS for their new hardware, then they donated the fixes back
to Berkeley for 4.2. When their hardware shipped they went to Western Electric and ought a 32V license.
And this is just one example,and not even a particularly recent one...
No, that costs money and introduces risk.
These companies are managing their business
as fourth-quadrant entities ("cash cows"),
where investment is highly undesirable.
spectecjr wrote:I feel the same way whenever I look at the SMTP spec, [...]At the very least people could prefix strings they're transmitting with the # of bytes in them, so that memory access is efficient.
Actually you only have to fetch one word (4 bytes)
in SMTP to get the four-character command and the
three-plus-one-character response code. This makes the
switch code for the DFA easy.
These were ARPA standards, by the way, from
the mainframe era. All the protocols worked that way, and reading records was assumed
to be length-counted at what we now call
the "presentation" layer on machines where
I/O was done in records.
If you look at the complexity that was proposed before Grace Hopper joined the project, you'll see why the relativey simple COBOL was occasionally called "the accountant's assembler"
May I suggest you approach this as a network problem, and create a switch/router policy that says - may connect http, https to internet - may connect to local smb server - may connect to local email server - may connect http, https to company servers - may NOT connect to other services on
random PCs or servers.
The last line is **surprisingly** effective, but you need to list all the exceptions first to keep it from being too effective (;-))
Steinfiend wrote:Personally, I do run Linux as my primary OS, with an install of Windows 2000
May I suggest you run MS apps within
Windows under an emulator, so that you only
run the Windows OS as long as it takes to run one
application? I personally use Win4Lin,
as it's faster than VMWare, but both
work..
And both avoid encouraging or
requiring you run other Windows apps
the way dual-boot does.
(US def'n) The practice of instituting groundless judicial proceedings - a crime in a number of jurisdictions.
In old law French barat, baraterie, signifying robbery, deceit, fraud. In modern usage it may be defined as the habitual moving, exciting and maintaining suits and quarrels, either at law or otherwise.
There are numerous limitations, to protect the the attorneys of the honestly litigatious.
It takes three steps, to avoid order(N^2) or N! problems. Asking every machine on your
network about every service in existence takes a bit too long to be practical (:-))
Discover just the machines "interesting" to you,
via something like ping or snmp queries initially, then discard those which do not meet your standard of intrestingness, such as those which aren't talking on a port of interest. Order N.
Then build a topology with a gui that allows a human to organize the machines into a visual layout that is of use to them. The old TKINED is a simple example. Order 1.
Finally, inventory the interesting machines, optionally by running the various vendors' tools against them, and capture the information into
something that can be used with the topology tool. Order N)
You now have a diagram for humans to lok at and
a table for programs to grep through. Hopefully connected together in some loose way.
Slashdot Mirror
Over my objections, a colleague tried to have the mail directories on on machine and the pop servers on four others. At light loads he got acceptable performance, and so put it in production. With several thousand accounts, 30-minute (not seconds, minutes!) delays between messages were common.
NFS (v2 and 3) is pessimal for constantly-updated files with ad-hoc locking mechanisms.
As suggested in the parent, distribute the mail files for a given user to a machine which provides the pop and imap services from local disk.
--dave
--dave
--dave
Begging a question is asking a question that implicitly assumes something is true that the author is trying to get you to believe. See also http://www.wsu.edu/~brians/errors/begs.html
That would make the sentence mean you are responsible for what your users choose to do with it, which is arguably false.
--dave
The old tkined program can put up a very big,
very detailed connectivity map via a cheap
LCD projector.
That's both visually attractive, and useful,
as it spots blown machines and links
relatively quickly, as longas you keep
the tests low-cost (ping, SNMP gets, etc)
--dave
The bank owns the safe the box is in, and credibly promises to safeguard it, and I own the contents of the box. And promise not to store dead fish in it (;-))
--dave
Cool, thanks!
--dave
--dave
This could be used to grant strictly controlled untrusted access to downloaded content in general, included downloaded content ranging from cookies to SETI at Home.
The OS that supports that will need to be somewhere arround B2 security, something I know Linux, BSD and the commercial Unixes can and have acheieved, but which I strongly suspect VMS and Windows can't reach.
--dave (biased former securitroid) c-b
It's technically about Oracle, but it's a good introduction to DBMS performance and how use good science instead of urban legends to tune a database:
Optimizing Oracle Performance by Cary Millsap with Jeff Holt
Previously cars were expensive enough that the rich bought them. Now with Fords, anyone could buy them, and the number sold skyrocketed.
--dave
My former employer succeeded in outsourcing their operations to EDS, and are still a happy EDS customer.
They then tried a second cost-reduction step, offshoring their development to a well-respected firm on the opposite side of the planet. The timezone problem was a nuisance, but not a serious problem except when doing maintenance, so they offshored maintenance to the same company.
This seemed to work, but on looking at the financial results a few quarters later, they realized they'd done a very brave thing: they'd inadvertently offshored their software budgeting decisions. With both maintenance and new development in the hands of a supplier, the supplier was the only person who could make credible decisions about how much to spend. And the spending was growing.
So they turned around and started onshoring, hiring some of the folks who had been the offshoring team and moving them back to Canada, co-locating them with the user groups and the budgeting managers, and go control of their own budget back.
They're now genuinely reluctant to allow anything to be done remotely, including having me dial in from home. They want my body withing shouting distance of my manager!
Losing cost control can make you a little nervous if you're a big company, because it can rapidly make you a small company(;-))
It will report variations from POSIX in standard error-message format, so editor features like ^[-x next-error will work (;-))
Congratulations, you're now a Linx porting expert!
--dave
So what happened to the non-kludge, reusable lifting vehicle? Isn't it about time to build a new one, using existing designs and componet parts?
--dave
Consider just the Unix companies who sprang into existance in Silicon Valley. First they downloaded BSD 4.1c and developed an OS for their new hardware, then they donated the fixes back to Berkeley for 4.2. When their hardware shipped they went to Western Electric and ought a 32V license.
And this is just one example,and not even a particularly recent one...
--dave
Think IBM 360.
--dave
In those days it was a IBM 360 (;-))
Actually you only have to fetch one word (4 bytes) in SMTP to get the four-character command and the three-plus-one-character response code. This makes the switch code for the DFA easy.
These were ARPA standards, by the way, from the mainframe era. All the protocols worked that way, and reading records was assumed to be length-counted at what we now call the "presentation" layer on machines where I/O was done in records.
--dave
My friend Fred set his father-in-law up with Red Hat, because they're 10 hours drive away. So he uses ssh instead and saves the travel time.
--dave
Indeed, my wife's four-year-old Canon has separate print heads and ink cartridges. That was nothing new...
If you look at the complexity that was
proposed before Grace Hopper joined the
project, you'll see why the relativey
simple COBOL was occasionally called
"the accountant's assembler"
perform a until done
add b to c giving d
May I suggest you approach this as a network
problem, and create a switch/router policy
that says
- may connect http, https to internet
- may connect to local smb server
- may connect to local email server
- may connect http, https to company servers
- may NOT connect to other services on
random PCs or servers.
The last line is **surprisingly** effective,
but you need to list all the exceptions first
to keep it from being too effective (;-))
--dave
May I suggest you run MS apps within Windows under an emulator, so that you only run the Windows OS as long as it takes to run one application? I personally use Win4Lin, as it's faster than VMWare, but both work ..
And both avoid encouraging or requiring you run other Windows apps the way dual-boot does.
--dave/ 10/win4lin.html
[Longer discussion at http://www.linuxdevcenter.com/pub/a/linux/2004/06
(US def'n) The practice of instituting groundless judicial proceedings - a crime in a number of jurisdictions. In old law French barat, baraterie, signifying robbery, deceit, fraud. In modern usage it may be defined as the habitual moving, exciting and maintaining suits and quarrels, either at law or otherwise.
There are numerous limitations, to protect the the attorneys of the honestly litigatious.
--dave
- Discover just the machines "interesting" to you,
via something like ping or snmp queries initially, then discard those which do not meet your standard of intrestingness, such as those which aren't talking on a port of interest. Order N.
- Then build a topology with a gui that allows a human to organize the machines into a visual layout that is of use to them. The old TKINED is a simple example. Order 1.
- Finally, inventory the interesting machines, optionally by running the various vendors' tools against them, and capture the information into
something that can be used with the topology tool. Order N)
You now have a diagram for humans to lok at and a table for programs to grep through. Hopefully connected together in some loose way.--dave