in your response, you indicated that 3rd party components were chosen purely based on their market position. i'm not sure who you were working with, but as a consultant, i've never seen a competent CTO/CIO make a decision based on market position. what they have done, on the other hand, is pick the right tool for the job - namely, evaluated the quality of the software, the features, the technical support *and*, most importantly, its support for the platform they were going to run it on.
in my experience, in the real world, a component requiring such hoops (installing unsupported versions of software, upgrading glibc etc) to be jumped through would never even make it to the evaluation stage.
with all of that said, it is highly debatable that the 'no custom code' approach is even worth looking at - it does not reflect real life. and this is coming from someone who's worked with some of the top 100 ecommerce sites in several european countries and the US.
i find puritan jesusfreaks offensive. can we possibly restrict them, along with 737 club (or whatever it's called) and the rest of their propaganda, to certain ports, times and channels? if they can ask for legislation restricting that which offends *them*, i'd like to see that which offends me legislated away as well.
ideally, you would want all of your config files sitting on a partition using a log sructured fs - it would be the equivalent of keeping your config files in cvs (a lot of folks do that actually), but with every write resulting in a checkin, if you will, in realtime. i've wanted this for the longest time on linux, since it can be invaluable in case a junior admin fat fingers a config or a piece of software fubars one.
additionally, the performance tradeoff (fast sequential+appendative writes vs slower random access) is incredibly useful for things like logging.
unfortunately, the previous attempt at implementing a log structured fs for linux called linlogfs got started and then promptly deserted twice. i definitely look forward to seeing a usable implementation.
but wait, you might ask, this is a 1.0 release - isn't it usable yet? heck no, and quite honestly i'm a bit surprised (to put it politely) that it was released as 1.0. first off, it does not support mmap and O_DIRECT. the former especially is absolutely critical - you are likely not going to be able to edit things in a sane manner without this. there's no fsck or other management tools either. what's worse, it still has not cleared the feature ceiling that the previous abandoned implementations have set. specifically, the cleaner is not a feature - it is an absolutely integral part of a log structured filesystem. this is where you take the performance hit and it is actually the hardest to implement correctly and efficiently - the functionality that is there right now is not hard from an engineering persepective (although it does take effort obviously) and without having implemented the cleaner you can't even be sure that the fs will end up being performant enough to be usable.
moreover, hanging on fsstress and under heavy load indicates that there are as yet undiscovered concurrency related bugs. you can not release a filesystem as a 1.0 if fsstress hangs, period.
in short, if/when this is finished and production ready, it is going to be extremely useful. it is also incredibly encouraging that someone is working on it full time at ntt. however, at this point it should be considered a work in progress and the release a heads up, if you will, that someone has started on an implementation. there's still a ways left to go and i am keeping my fingers crossed that it gets finished this time.
ps: in response to one of the comments, this doesn't need to be 'better' than log structured fs implementations for one of the bsds, it's an effort to implement one for linux.
i don't find babies cute and adorable, yet i believe killing them is morally wrong. i don't find abortion, as practiced in medicine, and contraceptives to be morally wrong. i consider the death penalty, as administered, to be morally wrong. it's about individuals' rights, really. here's how i figure:
an embryo becomes an individual when it develops the sense of self. until that is true, and my guess is it happens in the latter stage of pregnancy, the right of an individual (the mother and/or the father) is overriding. please note that i include the father as well.
the death penalty is perpetrated by the government in my name. whether i am opposed to that because i don't believe i have the moral authority to take someone's life or whether i am opposed to it because i don't have sufficient confidence in the procedures used to determine guilt or the laws of the land, the government has no business infringing on my right to not be part of a taking of a life. i do, however, believe the state should provide the means for the criminal to take his own life if he so wishes. yes, i would extend that to euthanasia.
the clear differences here are: * an embryo is not an individual * abortion is not carried out in my name
let's analyze what you wrote, although it is hardly worth the time given that you haven't taken the time to think about the issue.
> Let's say that I monitor incoming SPAM for a > while.
'SPAM' is the food, 'spam' is what you probably meant.
> I pick up a pattern for
and how would you pick up anything about didtheyreadit from spam, considering that none is sent through it? (too expensive for spammers to use).
> the DidTheyReadIt relays (that's all they are)
any MTA that accepts mail for non-local delivery is a relay. your statement was superfluous.quite obviously, custom processing is involved; as such, it is hardly *just* a relay.
i'll give you the benefit of the doubt and presume that you meant '*open* relay'. open relay is defined as a relay that does not perform authorization on relayed messages, allowing anyone to send non-local mail through them. obviously, didtheyreadit performs authorization and processes mail sent from an account holder's e-mail address only. this is hardly 'open'. this is just another form of authentication, just as pop-before-smtp is a form of authenticationn commonly used on general purpose mail servers.
clearly, this form of authentication is not suitable for general purpose mail servers where the sender's domain is a known value. this is not the case with didtheyreadit.
> by looking at headers or monitoring inbound > traffic on my POP server.
you will be monitoring for a long time - the only incoming traffic received by your pop3 server is going to be commands from the MUA dealing with message retrieval. please go ahead though, perhaps it will improve the signal to noise ratio on/.
> Then I take one (or many) of those email > addresses I've identified as coming through > "DidTheyReadIt" and forge it/them in the from:
right. given the penetration of didtheyreadit, you are not very darn likely to get even one address. how many spammers control servers with a high-volume of real incoming mail?
> This thing is as doomed to fail as the basically > flawed SendMail structure
sendmail is an MTA. are you referring to smtp perhaps? noone argues it is ideal; a lot of the ietf protocols have problems.
i'm sure you have a great idea for a new messaging protocol. i'm equally certain it will be just as successful as ipv6.
> that fails to certify the sender and got us in > this mess in the first place.
you are welcome to go back to X.400. i'm pretty sure you have no idea what that is, but feel free to google.
> I could have some fun with this sending email > from known spammers back to other known spammers > and put it on their tab for a change.
if you find a spammer willing to pay what didtheyreadit charges to send millions upon millions of messages that they regularly send, you have just made a fortune. just don't go spending it all in one place.
> Email is dead as a useful form of communication > - let's just face it and find something new!
i'm sure you have an issue with TDM too. you don't? interesting.
please go ahead and use something else. have fun talking to the other kiddies on IM or the folks in siberia still running X.400. i think i'll still be replying to all of our customers' emails, thanks.
if i am bruteforcing (common) email addresses at *known* domains, i have one unknown (with a bounded set of possible values), an acceptable chance of success and the reward is getting the message to a set of eyeballs. this reward apparently can not be achieved otherwise for this specific spammer, hence the use of bruteforcing.
bruteforcing, by the way, is a proportionately uncommon technique among spammers and is usually used against domains with high namespace population density.
if i am bruteforcing someone's didtheyreadit.com account, i have two uknowns (email address and domain, with a very large range of possible values), hence a reasonably low chance of success and the reward is being able to send 5 to 750 messages. the spammer must obviously be able to send spam *already* and wherever he sends spam from must be able to handle abuse reports, since you can be darn sure such abuse would be loudly reported.
spammers know their math - they are all about numbers. this is simply not financially advantageous in any way.
this is all *assuming* that they would be able to engage in said bruteforcing and having bruteforced the source e-mail address, would be able to send a large number of messages in a short amount of time.
without going into much detail, i would assure you that a successful bruteforcing attack would not be possible.
given that they would have to *know* the e-mail address of a registered user and would be limited to the number of e-mails said user paid for, they hardly have anything to worry about. spammers are not going to go bruteforcing e-mail addresses to send 50-100 messages when they have real open relays , botnets and chinese servers galore.
in case my previous comment where i mentioned this gets modded down, here it goes:
we are the managed hosting company that engineered the load-balanced high availability cluster which powers didtheyreadit.com. specifically, i am the engineer who led the development and implementation. i am not including the company name - my comments are *not* meant to advertise the company, just shed some light on the technical issues involved.
we wanted to load balance the mail servers. had we added 3 mx records with priorities designating order, we would have no control over directing traffic to a less loaded box; in essence, it would just be a failover (high-availability), not a load-balanced solution.
we do extensive weighting of results returned by the nameserver based on several load parameters; this level of control was easier to achieve within the same framework we used for http traffic for this application.
as you can see, the cluster is doing well with the traffic our client got from slashdot, especially since they are simultaneously getting hit by traffic generated from all of the other press they are getting. as the engineer who did the bulk of the coding, i can say i am quite satisfied with the result =]
we are the managed hosting company that engineered the high availability load balanced cluster that powers didtheyreadit.com. specifically, i am the engineer that is responsible for the project. please note that i am not including the company name; this is on purpose since all i want is to clear up your erroneous statement, not advertise our services.
using `which host` (at least if you don't know about A records and round robin) for dns diagnostics is a Bad Idea (tm). had you used dig or, alternatively, had you had a clue, you would have seen the following:
;; QUESTION SECTION: ;someone\@aol.com.didtheyreadit.com. IN MX
;; ANSWER SECTION: someone\@aol.com.didtheyreadit.com. 1 IN MX 10 mail.cluster1.didtheyreadit.c om.
;; AUTHORITY SECTION: didtheyreadit.com. 145812 IN NS ns2.dnscluster.didtheyreadit.com . didtheyre adit.com. 145812 IN NS ns3.dnscluster.didtheyreadit.com . didtheyre adit.com. 145812 IN NS ns1.dnscluster.didtheyreadit.com .
;; ADDITIONAL SECTION: mail.cluster1.didtheyreadit.com. 1 IN A 69.90.152.225 mail.cluster1.didtheyreadit.c om. 1 IN A 69.90.152.226 mail.cluster1.didtheyreadit.c om. 1 IN A 69.90.152.224
pay attention to the additional section. what this means is that the mail server resolves to three different ip addresses, which in this case are multiple separate servers.
we have a proprietary weighted round robin solution that introduces no single points of failure, which makes it more redundant and resilient than a hardware load balancer for applications which maintain session affinity internally.
i am not surprised that you didn't catch this - a hobbyist running a server on his home cable connection is not likely to have clustering expertise. i do not fault you for that, i just wish you hadn't spoken with an air of authority on something you know nothing about.
;; QUESTION SECTION: ;mail.cluster1.didtheyreadit.com. IN A
;; ANSWER SECTION: mail.cluster1.didtheyreadit.com. 1 IN A 69.90.152.226 mail.cluster1.didtheyreadit.c om. 1 IN A 69.90.152.224 mail.cluster1.didtheyreadit.c om. 1 IN A 69.90.152.225
;; AUTHORITY SECTION: didtheyreadit.com. 144249 IN NS ns1.dnscluster.didtheyreadit.com. didtheyreadit.c om. 144249 IN NS ns2.dnscluster.didtheyreadit.com. didtheyreadit.c om. 144249 IN NS ns3.dnscluster.didtheyreadit.com.
if you are running a low power server, the performance advantages attributed to fbsd hardly matter, do they? the only single cpu servers we run are used for dns and rwhois. oh, and some clients run hosting companies off their single cpu dedicateds, but that cant be our fault =]
interesting how we are arguing the same point, really =]
i should qualify at this point that it has been a while since i looked at fbsd code. i remember liking it back then. it is quite possible they have mucked with it since then, though i would have expected it not to deteriorate but rather stagnate.
*most* of the code *is* cleaner. granted, the fbsd people dont have much of a clue when it comes to locking. hopefully, they will pick it up as time goes on.
> Overall 5.2-RELEASE is disappointing from a > desktop perspective, but it's still more > advanced than any community GNU/Linux > distribution that you'll find, especially in the > area of AMD64 support.
say what? they *just* started working on using fine-grained locking in kernelspace. i cant grasp how people could claim it works well for servers when you cant run it on smp boxen without handicapping them to death.
suse has good amd64 support. gentoo is decent as well.
fbsd is not more advanced. in fact, it lacks quite a few features i cant live without in kernelspace. the code *is* cleaner and better engineered than linux, but that helps me zilch if i cant run it in production on my dual xeon boxes.
make no mistake, i like fbsd. i wish i could use it on my servers. alas, that is not possible right now. if you want to toot the fbsd horn, point out the areas it is strong in, dont make things up!
that, my friend, is the key. we are not talking gadgets as in 'novelty items', we are talking gadgets as in, say, a network appliance that solves problems X, Y and Z. the problems were not solvable previously, hence no market for the appliance existed before company X came up with its solution. they invest time and a lot of money into building a market, informing the consumers (sme consumers in this case) and building awareness. if company Z can then come and compete on equal footing, there is no point for company X to have gone to all the trouble.
speaking from experience, the situation is alerady pretty bad. the only chance for a startup X in such a scenario is to get bought out by one of the big guys who want a piece of said market and find it cheaper and faster to buy the startup out than to roll their own product in-house. if such does not happen, startup X has to rely on a very slim chance that they will grow fast enough to be able to compete with the new entrants. and this is *without* having to make their source code public.
'dumping' (ie selling at an artificially low price in order to kill competitors with less cash reserves) is illegal for the same reason. im going to use gpled code because the other guy will, even though i will probably kill myself in the process because some other guys will build on my code, but this at least gives me a bit of time to live. it is *very* hard to compete against companies that do not exist with the goal of becoming successful.
it *is* anti-business, specifically anti-software business. lets think of an example, shall we:
two companies decide to develop an innovative product, gadget X, that requires some sort of OS. in the old days, when no Fre Software was available, they would both develop something proprietary (or license it) to build upon. nowadays, they have GPL'ed stuff available to them. company A decides that it will build on GPL'ed code and to heck with the consequences, while company B decides to stand their ground. company A is first to market, with a much lower development cost. company B is still developing their proprietary thinger, spending a lot of moolah. meanwhile, company A sells some gadgets and enjoys some temporary success, but finds that a bajillion other companies now sell the same or equivalent thing, because they could build on their source. company B is screwed, because they have just lost a ton of money on developing their own solution. company A is likewise screwed, because they either didnt sell enough gadgets to cover their development cost or, in the best case scenario, did not reap the benefits of being the leader/one of the first in coming up with the idea.
this is *bad* for the same reason that lack of patents is bad. while this does, in the short term, offer the consumer lower prices, more freedom and more choice, it disincentivizes the companies from investing into r&d and creating new stuff. so until altruistic spirits start developing dvd players and charging their cost for them, this will be anti-business.
with that said, im writing this on a linux box, which i enjoy using.
this is not 'picking a side'. it is called competing. sun being in a position it is in right now will take any clients it can get by (almost) any means available. i cant blame them - this is how you do business in the big leagues.
i still like sun, their hardware and solaris - that is some solid engineering right there. i just wish they hadnt unleashed java on the world =]
not sure if you are comparing apples to apples here. while linux is definitely easier to maintain server-side, in my experience maintaining desktop linux machines for users who have little ability to fix things on their own (and ample ability to break them on their own) is quite a headache. this is spoken from a pragmatic point of view - i knew i was going to get flamed for saying something against linux on slash and i am getting exactly what i expected.
there is no need whatsoever to get personal - i am a software engineer and code on linux for a living, so your insinuation does not apply. we have had several people join our linux team that had only windows experience prior to that and although they picked up the coding aspect pretty fast, they still managed to break their boxes regularly on the user side of things.
also, keep in mind that the city already has windows admins on staff, while linux admin duties will have to be outsourced before they build up a cadre of linux admins. regardless of the merties and ease of administration of linux, this is going to be a major expense.
also, factor in the fact that they are not going to download isos off the internet - they are going to buy boxed versions from companies like suse or rh, which (a guesstimate here), will cost as much as the windows licenses (with the 90% discount factored in).
paul
if you are a governmental organization, you are not going to hire 'linux geeks', you are going to go to a consultancy company (which was mentioned in the article). the company, in turn, will indeed hire linux geeks for almost no money, however they will also put a large markup on their labor in order to build up some cash reserves that would cover their butts in case those linux geeks mess up the systems.
it costs nike very little to have 3 year olds make their sneakers in 3rd world countries, but did you check out what they sell them for?
if you disagree with me, feel free to reply, modding it away is not fair though.
paul
at that rate, they should have taken windows. i lub linux and all, but the maintenance costs are going to go through the roof on that one.
with that said, munich is not known to be the 'technology capital' of germany as they claim, but rather as the 'white beer capital' =]
all the same, im glad it went the way it did. although the discounted deal on bloze is imho better, i feel they decided on principle this time, recognizing that although a deep discount may have been advantageous short-term, they would end up paying out of their ass for it long-term because of verndor lock-in.
we just moved into their former office a few months ago. last week their logos have been replaced on all surfaces which have born them in the past =] they are all but gone (from there at least).
apparently, they were in such financial need that they ripped out patch panels, cat5 cabling and power outlet plates to take with them. this is what happens if you act like pricks about pseudo patents.
you are correct, only 4 wires are used. however, regular fone wiring is not graded to carry a signal that far afaik. they may need repeaters in there somewhere =]
or perhaps deciding that the feature will introduce unnecessary complexity, outlining it to your boss and getting it scrapped in favor of something useful =]
Slashdot Mirror
in your response, you indicated that 3rd party components were chosen purely based on their market position. i'm not sure who you were working with, but as a consultant, i've never seen a competent CTO/CIO make a decision based on market position. what they have done, on the other hand, is pick the right tool for the job - namely, evaluated the quality of the software, the features, the technical support *and*, most importantly, its support for the platform they were going to run it on. in my experience, in the real world, a component requiring such hoops (installing unsupported versions of software, upgrading glibc etc) to be jumped through would never even make it to the evaluation stage. with all of that said, it is highly debatable that the 'no custom code' approach is even worth looking at - it does not reflect real life. and this is coming from someone who's worked with some of the top 100 ecommerce sites in several european countries and the US.
i find puritan jesusfreaks offensive. can we possibly restrict them, along with 737 club (or whatever it's called) and the rest of their propaganda, to certain ports, times and channels? if they can ask for legislation restricting that which offends *them*, i'd like to see that which offends me legislated away as well.
log structured filesystems are incredibly useful.
ideally, you would want all of your config files sitting on a partition using a log sructured fs - it would be the equivalent of keeping your config files in cvs (a lot of folks do that actually), but with every write resulting in a checkin, if you will, in realtime. i've wanted this for the longest time on linux, since it can be invaluable in case a junior admin fat fingers a config or a piece of software fubars one.
additionally, the performance tradeoff (fast sequential+appendative writes vs slower random access) is incredibly useful for things like logging.
unfortunately, the previous attempt at implementing a log structured fs for linux called linlogfs got started and then promptly deserted twice. i definitely look forward to seeing a usable implementation.
but wait, you might ask, this is a 1.0 release - isn't it usable yet? heck no, and quite honestly i'm a bit surprised (to put it politely) that it was released as 1.0. first off, it does not support mmap and O_DIRECT. the former especially is absolutely critical - you are likely not going to be able to edit things in a sane manner without this. there's no fsck or other management tools either. what's worse, it still has not cleared the feature ceiling that the previous abandoned implementations have set. specifically, the cleaner is not a feature - it is an absolutely integral part of a log structured filesystem. this is where you take the performance hit and it is actually the hardest to implement correctly and efficiently - the functionality that is there right now is not hard from an engineering persepective (although it does take effort obviously) and without having implemented the cleaner you can't even be sure that the fs will end up being performant enough to be usable.
moreover, hanging on fsstress and under heavy load indicates that there are as yet undiscovered concurrency related bugs. you can not release a filesystem as a 1.0 if fsstress hangs, period.
in short, if/when this is finished and production ready, it is going to be extremely useful. it is also incredibly encouraging that someone is working on it full time at ntt. however, at this point it should be considered a work in progress and the release a heads up, if you will, that someone has started on an implementation. there's still a ways left to go and i am keeping my fingers crossed that it gets finished this time.
ps: in response to one of the comments, this doesn't need to be 'better' than log structured fs implementations for one of the bsds, it's an effort to implement one for linux.
-p
PC users say Suns are relics. Go figure.
i don't find babies cute and adorable, yet i believe killing them is morally wrong. i don't find abortion, as practiced in medicine, and contraceptives to be morally wrong. i consider the death penalty, as administered, to be morally wrong. it's about individuals' rights, really. here's how i figure:
an embryo becomes an individual when it develops the sense of self. until that is true, and my guess is it happens in the latter stage of pregnancy, the right of an individual (the mother and/or the father) is overriding. please note that i include the father as well.
the death penalty is perpetrated by the government in my name. whether i am opposed to that because i don't believe i have the moral authority to take someone's life or whether i am opposed to it because i don't have sufficient confidence in the procedures used to determine guilt or the laws of the land, the government has no business infringing on my right to not be part of a taking of a life. i do, however, believe the state should provide the means for the criminal to take his own life if he so wishes. yes, i would extend that to euthanasia.
the clear differences here are:
* an embryo is not an individual
* abortion is not carried out in my name
paul
let's analyze what you wrote, although it is hardly worth the time given that you haven't taken the time to think about the issue.
/.
> Let's say that I monitor incoming SPAM for a
> while.
'SPAM' is the food, 'spam' is what you probably meant.
> I pick up a pattern for
and how would you pick up anything about didtheyreadit from spam, considering that none is sent through it? (too expensive for spammers to use).
> the DidTheyReadIt relays (that's all they are)
any MTA that accepts mail for non-local delivery is a relay. your statement was superfluous.quite obviously, custom processing is involved; as such, it is hardly *just* a relay.
i'll give you the benefit of the doubt and presume that you meant '*open* relay'. open relay is defined as a relay that does not perform authorization on relayed messages, allowing anyone to send non-local mail through them. obviously, didtheyreadit performs authorization and processes mail sent from an account holder's e-mail address only. this is hardly 'open'. this is just another form of authentication, just as pop-before-smtp is a form of authenticationn commonly used on general purpose mail servers.
clearly, this form of authentication is not suitable for general purpose mail servers where the sender's domain is a known value. this is not the case with didtheyreadit.
> by looking at headers or monitoring inbound
> traffic on my POP server.
you will be monitoring for a long time - the only incoming traffic received by your pop3 server is going to be commands from the MUA dealing with message retrieval. please go ahead though, perhaps it will improve the signal to noise ratio on
> Then I take one (or many) of those email
> addresses I've identified as coming through
> "DidTheyReadIt" and forge it/them in the from:
right. given the penetration of didtheyreadit, you are not very darn likely to get even one address. how many spammers control servers with a high-volume of real incoming mail?
> This thing is as doomed to fail as the basically > flawed SendMail structure
sendmail is an MTA. are you referring to smtp perhaps? noone argues it is ideal; a lot of the ietf protocols have problems.
i'm sure you have a great idea for a new messaging protocol. i'm equally certain it will be just as successful as ipv6.
> that fails to certify the sender and got us in
> this mess in the first place.
you are welcome to go back to X.400. i'm pretty sure you have no idea what that is, but feel free to google.
> I could have some fun with this sending email
> from known spammers back to other known spammers > and put it on their tab for a change.
if you find a spammer willing to pay what didtheyreadit charges to send millions upon millions of messages that they regularly send, you have just made a fortune. just don't go spending it all in one place.
> Email is dead as a useful form of communication > - let's just face it and find something new!
i'm sure you have an issue with TDM too. you don't? interesting.
please go ahead and use something else. have fun talking to the other kiddies on IM or the folks in siberia still running X.400. i think i'll still be replying to all of our customers' emails, thanks.
cheers,
paul
please think before you hit that submit button.
if i am bruteforcing (common) email addresses at *known* domains, i have one unknown (with a bounded set of possible values), an acceptable chance of success and the reward is getting the message to a set of eyeballs. this reward apparently can not be achieved otherwise for this specific spammer, hence the use of bruteforcing.
bruteforcing, by the way, is a proportionately uncommon technique among spammers and is usually used against domains with high namespace population density.
if i am bruteforcing someone's didtheyreadit.com account, i have two uknowns (email address and domain, with a very large range of possible values), hence a reasonably low chance of success and the reward is being able to send 5 to 750 messages. the spammer must obviously be able to send spam *already* and wherever he sends spam from must be able to handle abuse reports, since you can be darn sure such abuse would be loudly reported.
spammers know their math - they are all about numbers. this is simply not financially advantageous in any way.
this is all *assuming* that they would be able to engage in said bruteforcing and having bruteforced the source e-mail address, would be able to send a large number of messages in a short amount of time.
without going into much detail, i would assure you that a successful bruteforcing attack would not be possible.
paul
given that they would have to *know* the e-mail address of a registered user and would be limited to the number of e-mails said user paid for, they hardly have anything to worry about. spammers are not going to go bruteforcing e-mail addresses to send 50-100 messages when they have real open relays , botnets and chinese servers galore.
paul
thank you for being clueful.
in case my previous comment where i mentioned this gets modded down, here it goes:
we are the managed hosting company that engineered the load-balanced high availability cluster which powers didtheyreadit.com. specifically, i am the engineer who led the development and implementation. i am not including the company name - my comments are *not* meant to advertise the company, just shed some light on the technical issues involved.
we wanted to load balance the mail servers. had we added 3 mx records with priorities designating order, we would have no control over directing traffic to a less loaded box; in essence, it would just be a failover (high-availability), not a load-balanced solution.
we do extensive weighting of results returned by the nameserver based on several load parameters; this level of control was easier to achieve within the same framework we used for http traffic for this application.
as you can see, the cluster is doing well with the traffic our client got from slashdot, especially since they are simultaneously getting hit by traffic generated from all of the other press they are getting. as the engineer who did the bulk of the coding, i can say i am quite satisfied with the result =]
cheers,
paul
you, my friend, have 0 clue.
we are the managed hosting company that engineered the high availability load balanced cluster that powers didtheyreadit.com. specifically, i am the engineer that is responsible for the project. please note that i am not including the company name; this is on purpose since all i want is to clear up your erroneous statement, not advertise our services.
using `which host` (at least if you don't know about A records and round robin) for dns diagnostics is a Bad Idea (tm). had you used dig or, alternatively, had you had a clue, you would have seen the following:
---
root@chopin [~]# dig someone@aol.com.didtheyreadit.com mx
; <<>> DiG 9.2.1 <<>> someone@aol.com.didtheyreadit.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29846
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;someone\@aol.com.didtheyreadit.com. IN MX
;; ANSWER SECTION:
someone\@aol.com.didtheyreadit.com. 1 IN MX 10
mail.cluster1.didtheyreadit.c
om.
;; AUTHORITY SECTION:
didtheyreadit.com. 145812 IN NS
ns2.dnscluster.didtheyreadit.com
.
didtheyre adit.com. 145812 IN NS
ns3.dnscluster.didtheyreadit.com
.
didtheyre adit.com. 145812 IN NS
ns1.dnscluster.didtheyreadit.com
.
;; ADDITIONAL SECTION:
mail.cluster1.didtheyreadit.com. 1 IN A 69.90.152.225
mail.cluster1.didtheyreadit.c om. 1 IN A 69.90.152.226
mail.cluster1.didtheyreadit.c om. 1 IN A 69.90.152.224
;; Query time: 16 msec
;; SERVER: 207.99.0.6#53(207.99.0.6)
;; WHEN: Sun May 23 22:09:44 2004
;; MSG SIZE rcvd: 194
---
pay attention to the additional section. what this means is that the mail server resolves to three different ip addresses, which in this case are multiple separate servers.
we have a proprietary weighted round robin solution that introduces no single points of failure, which makes it more redundant and resilient than a hardware load balancer for applications which maintain session affinity internally.
i am not surprised that you didn't catch this - a hobbyist running a server on his home cable connection is not likely to have clustering expertise. i do not fault you for that, i just wish you hadn't spoken with an air of authority on something you know nothing about.
see:
---
root@chopin [~]# dig mail.cluster1.didtheyreadit.com
; <<>> DiG 9.2.1 <<>> mail.cluster1.didtheyreadit.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35034
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 3, ADDITIONAL: 0
;; QUESTION SECTION:
;mail.cluster1.didtheyreadit.com. IN A
;; ANSWER SECTION:
mail.cluster1.didtheyreadit.com. 1 IN A 69.90.152.226
mail.cluster1.didtheyreadit.c om. 1 IN A 69.90.152.224
mail.cluster1.didtheyreadit.c om. 1 IN A 69.90.152.225
;; AUTHORITY SECTION:
didtheyreadit.com. 144249 IN NS ns1.dnscluster.didtheyreadit.com.
didtheyreadit.c om. 144249 IN NS ns2.dnscluster.didtheyreadit.com.
didtheyreadit.c om. 144249 IN NS ns3.dnscluster.didtheyreadit.com.
;; Query time: 48 msec
;; SERVER: 207.99.0.6#53(207.99.0.6)
;; WHEN: Sun May 23 22:35:47 2004
;; MSG SIZE rcvd: 162
---
satisfied?
we now return you to your regular trolling and microsoft-bashing programming.
paul
if you are running a low power server, the performance advantages attributed to fbsd hardly matter, do they? the only single cpu servers we run are used for dns and rwhois. oh, and some clients run hosting companies off their single cpu dedicateds, but that cant be our fault =]
paul
interesting how we are arguing the same point, really =]
i should qualify at this point that it has been a while since i looked at fbsd code. i remember liking it back then. it is quite possible they have mucked with it since then, though i would have expected it not to deteriorate but rather stagnate.
paul
*most* of the code *is* cleaner. granted, the fbsd people dont have much of a clue when it comes to locking. hopefully, they will pick it up as time goes on.
paul
> Overall 5.2-RELEASE is disappointing from a
> desktop perspective, but it's still more
> advanced than any community GNU/Linux
> distribution that you'll find, especially in the > area of AMD64 support.
say what? they *just* started working on using fine-grained locking in kernelspace. i cant grasp how people could claim it works well for servers when you cant run it on smp boxen without handicapping them to death.
suse has good amd64 support. gentoo is decent as well.
fbsd is not more advanced. in fact, it lacks quite a few features i cant live without in kernelspace. the code *is* cleaner and better engineered than linux, but that helps me zilch if i cant run it in production on my dual xeon boxes.
make no mistake, i like fbsd. i wish i could use it on my servers. alas, that is not possible right now. if you want to toot the fbsd horn, point out the areas it is strong in, dont make things up!
paul
[monopoly time is shorter]
that, my friend, is the key. we are not talking gadgets as in 'novelty items', we are talking gadgets as in, say, a network appliance that solves problems X, Y and Z. the problems were not solvable previously, hence no market for the appliance existed before company X came up with its solution. they invest time and a lot of money into building a market, informing the consumers (sme consumers in this case) and building awareness. if company Z can then come and compete on equal footing, there is no point for company X to have gone to all the trouble.
speaking from experience, the situation is alerady pretty bad. the only chance for a startup X in such a scenario is to get bought out by one of the big guys who want a piece of said market and find it cheaper and faster to buy the startup out than to roll their own product in-house. if such does not happen, startup X has to rely on a very slim chance that they will grow fast enough to be able to compete with the new entrants. and this is *without* having to make their source code public.
'dumping' (ie selling at an artificially low price in order to kill competitors with less cash reserves) is illegal for the same reason. im going to use gpled code because the other guy will, even though i will probably kill myself in the process because some other guys will build on my code, but this at least gives me a bit of time to live. it is *very* hard to compete against companies that do not exist with the goal of becoming successful.
paul
it *is* anti-business, specifically anti-software business. lets think of an example, shall we:
two companies decide to develop an innovative product, gadget X, that requires some sort of OS. in the old days, when no Fre Software was available, they would both develop something proprietary (or license it) to build upon. nowadays, they have GPL'ed stuff available to them. company A decides that it will build on GPL'ed code and to heck with the consequences, while company B decides to stand their ground. company A is first to market, with a much lower development cost. company B is still developing their proprietary thinger, spending a lot of moolah. meanwhile, company A sells some gadgets and enjoys some temporary success, but finds that a bajillion other companies now sell the same or equivalent thing, because they could build on their source. company B is screwed, because they have just lost a ton of money on developing their own solution. company A is likewise screwed, because they either didnt sell enough gadgets to cover their development cost or, in the best case scenario, did not reap the benefits of being the leader/one of the first in coming up with the idea.
this is *bad* for the same reason that lack of patents is bad. while this does, in the short term, offer the consumer lower prices, more freedom and more choice, it disincentivizes the companies from investing into r&d and creating new stuff. so until altruistic spirits start developing dvd players and charging their cost for them, this will be anti-business.
with that said, im writing this on a linux box, which i enjoy using.
paul
this is not 'picking a side'. it is called competing. sun being in a position it is in right now will take any clients it can get by (almost) any means available. i cant blame them - this is how you do business in the big leagues.
i still like sun, their hardware and solaris - that is some solid engineering right there. i just wish they hadnt unleashed java on the world =]
paul
yes, they make the biggest, baddest and hardest to debug (grin) rdbms. if you don't know why they are so rich, give them a call and ask for a quote =]
paul
not sure if you are comparing apples to apples here. while linux is definitely easier to maintain server-side, in my experience maintaining desktop linux machines for users who have little ability to fix things on their own (and ample ability to break them on their own) is quite a headache. this is spoken from a pragmatic point of view - i knew i was going to get flamed for saying something against linux on slash and i am getting exactly what i expected. there is no need whatsoever to get personal - i am a software engineer and code on linux for a living, so your insinuation does not apply. we have had several people join our linux team that had only windows experience prior to that and although they picked up the coding aspect pretty fast, they still managed to break their boxes regularly on the user side of things. also, keep in mind that the city already has windows admins on staff, while linux admin duties will have to be outsourced before they build up a cadre of linux admins. regardless of the merties and ease of administration of linux, this is going to be a major expense. also, factor in the fact that they are not going to download isos off the internet - they are going to buy boxed versions from companies like suse or rh, which (a guesstimate here), will cost as much as the windows licenses (with the 90% discount factored in). paul
if you are a governmental organization, you are not going to hire 'linux geeks', you are going to go to a consultancy company (which was mentioned in the article). the company, in turn, will indeed hire linux geeks for almost no money, however they will also put a large markup on their labor in order to build up some cash reserves that would cover their butts in case those linux geeks mess up the systems. it costs nike very little to have 3 year olds make their sneakers in 3rd world countries, but did you check out what they sell them for? if you disagree with me, feel free to reply, modding it away is not fair though. paul
at that rate, they should have taken windows. i lub linux and all, but the maintenance costs are going to go through the roof on that one.
with that said, munich is not known to be the 'technology capital' of germany as they claim, but rather as the 'white beer capital' =]
all the same, im glad it went the way it did. although the discounted deal on bloze is imho better, i feel they decided on principle this time, recognizing that although a deep discount may have been advantageous short-term, they would end up paying out of their ass for it long-term because of verndor lock-in.
paul
it is not a 'disk checker' screen, the dean still uses ms-dos and edit, because his 386 cant pull win 3.1
paul
> Where is UNISYS today?
we just moved into their former office a few months ago. last week their logos have been replaced on all surfaces which have born them in the past =] they are all but gone (from there at least).
apparently, they were in such financial need that they ripped out patch panels, cat5 cabling and power outlet plates to take with them. this is what happens if you act like pricks about pseudo patents.
paul
you are correct, only 4 wires are used. however, regular fone wiring is not graded to carry a signal that far afaik. they may need repeaters in there somewhere =]
paul
or perhaps deciding that the feature will introduce unnecessary complexity, outlining it to your boss and getting it scrapped in favor of something useful =]
paul