Work out how to build the servers as cheaply as possible. If peak load starts to get troublesome, add some more servers.
This is exactly wrong. The acquisition costs of servers is the smallest portion of operating a reliable online service. Redundant bandwidth, generator power, cooling infrastructure, and staff time are much costlier problems to solve, and represent the vast majority of expense over 3+ years. Not to mention developing the software infrastructure needed to manage high-availability scale-out applications (especially at the database tier).
We just built a new datacenter, and server hardware was less than 6% of the total project budget. The OP should probably be looking at two or more virutal colocation providers, prefereably built on the same virtual machine platform to make failover and redundancy easier. Leave the details of supporting server hardware to the colocation provider.
If the OP is actually going to build two or more datacenters and host his own servers (not advisable for a startup), paying Dell/HP/whomever a bit extra for 4-hour warranty service will be much cheaper in the long run than managing a bunch of white-box frankenservers whose parts become unavailable after 6 months.
Look - almost everyone I work with for VMware installations insist on Opteron. Benchmarks are one thing, but real-world performance is entirely different.
All of our internally hosted ESX cluster machines are dual-socket, 8-core Xeons with 64 GB of RAM. Not because we love Intel, but because that configuration gives you the best bang for your server buck. The same is true for our (large) external hosting provider, who is heavily into VMware and hosts thousands of VMs. All on dual-socket Xeons as far as I can tell. Operton-based VMware soltions are not mentioned by their salespeople.
Two-socket servers dominate the market, for good price/performance reasons. In my experience with our own clusters and those of clients, Vmware cluster workloads tend to be IO bound, not CPU or memory bound. An 8-socket server doesn't help when you're waiting more for network or SAN IO. This makes sense: scaling CPU and memory is cheap, scaling at the SAN layer is extremely expensive. So disk should be your bottleneck. If you have a bunch of CPU-bound VMs, your workload is very different from those I've encountered.
All three servers in the VMMark page that top the 32 core, 24 core, and 16 core are ALL Opteron. And if you think 16 core is not normal, think again. That's a 4 socket quad core Opteron, which is pretty common these days for VMware hosts.
No, the 24-core machines are Intel-based. So Intel dominates both the two-socket and four-socket VMmark benchmarks, as I stated originally. You can say "That's not fair, they have six cores per socket!", and I say that makes them an even better value. Those four-socket machines are within 13% of the much more expensive (and larger and more power hungry) 8-socket Operton that leads the 32-core benchmark.
Look, I would love for AMD to catch up to Intel again... I bought quite a few Opteron servers 4-5 years back. But they just don't make sense for the majority of use cases I see now.
If you're going to do anything that uses both RAM and CPU (aka VMware hosts, which is what most big servers are used for these days) you'd better off with an Opteron.
HyperTransport may indeed be better design than a shared high-speed bus, but that design advantage is negated by Intel's process and manufacturing excellence. Almost all benchmarks bear this out, SPEC, TPC, VMmark, whatever. Except perhaps at the extreme high end (>=8 sockets, which is less than 5% of the server market by revenue). I don't think Intel even offers an 8-socket Xeon platform.
But consider that most people run operating systems where executables are not signed at all.
No, most people run Windows, where most binaries are signed. Microsoft signs all of its executables with authenticode signatures.
You can even configure Windows to run *only* executables signed by certain keys. Not many people even know it can do that, or do it in practice. We have use that feature for locking down web kiosks at conferences.
I assume you're talking about the Windows registry. It is easy to get and edit a registry dump in a textual format using regedit (that's how we maintain configuration state for servers).
As for some registry entries being obscure or unintelligible (either deliberately or accidentally), I would have to say I agree for some software. Other software has a very intuitive registry layout, even MS Office programs. Config files can suck, too: Apache and JBoss configuration files are certainly no picnic to decipher and maintain.
A critical system should NEVER depend on an operating system that does not have a proper batch language. That should be a compact and powerful script language, using TEXT files for configuration that can be hand edited if needed, that can be stored and archived in a version control system, so that bugs can be tracked.
You realize you just described Windows Script Host, don't you? Included with every version of Windows since 2000...
Actually, in a Windows NT4 or active directory domain, all newly-created users are have restricted rights by default. It's been that way since NT4 in 1996 at least. They are members of the "domain users" group only, which is by default a member of the local users group (not administrators or power users) on each machine in the domain.
The problem is Windows systems that are stand-alone or members of Windows workgroups, where local users are created with admin rights during initial setup on XP, 2000, and older. The Server versions of MSFT operating systems always default to unpriviliged users I believe.
Microsoft etc get round that by copyrighting the "font software"
Microsoft does NOT make fonts. They license them from companies like Adobe, ITC, Linotype, Monotype, etc. It is those type foundries companies that make all the fonts you see in magazines, newspapers, etc. And they are the ones demanding DRM to protect their revenue stream.
In the graphic design world, font libraries are a non-trivial cost. When I was IT director for a small newspaper in the 1990s, our font library cost about $25,000, and was licensed per output device.
So, you say, just use "open source" fonts. Well, compare the quality and diversity of the Adobe Type Library with the very small, poorly made, poorly kerned, and disorganized collection of open source fonts available on the web. Good typographers cost money, and Adobe (and others) actually pay those typographers.
There are a large number of financials packages that will run on Linux servers (Oracle for example). But they typically require at least one Windows server for reporting services (Crystal/Business Objects/whatever), and the clients are often WIndows-only as well. And many of the BI tools plug in to Excel - and only Excel.
The major problem is that open source programmers code for "fun" mostly, but coding back-office applications like financials and ERP is not fun and generally not interesting. So there will never be a viable open-source competitor to SAP or the Oracle application stack unless a major vendor goes under and open-sources their stuff before closing the doors.
This is a shame really, because these back-office apps are the very applications that almost every business must customize to some degree to make it fit. Open source would be great for this market segment. An open source desktop office suite is nice, but the "free as in beer" part is the only thing that makes it nice. The fact that the code is open has no real benefit to 99.99% of the users.
The same can be said of most "business infrastructure" software besides financials: HR systems, payroll, compliance packages, BI suites, marketing, medical systems, insurance systems... these will likely always be closed source, commercial offerings.
Nuclear is solar power too. All heavy elements were forged in the bowels of a star billions of years ago, and ejected throughout the galaxy by supernovae.
When you think about it, everything is "big bang powered", even our sun.
This is NOT a vulnerability in MSSQL Server. It is a vulnerability in a lot of web applications (written in various languages) that use MSSQL as a back-end. If the attackers chose to use mySQL syntax instead of MSSQL syntax, then a bunch of Linux admins running poorly coded PSP/JSP/Perl web apps would be in trouble. The same is true of every other database. I would expect variants attacking those platforms soon.
Becuse - as mentioned twice now - the guy is given stock options.
You're about 5 years late. Stock options have fallen out of favor as a compensation tool. They now generally have to be expensed, and represent little benefit to either the employer ot employee froma tax perspective. These days, large stock option grants are a nothing but a huge "audit me" signal.
That said, the employee must be REALLY well compensated (with regular taxable stock grants for example), as the market value of what he has is enormous. Such amounts should raise the concerns of any competent auditor.
Perfect data protection can be achieved by FREE disk/partition and file encryption.
If you think that is true, you really know nothing about cryptography or security in general. Trojan bootloaders or gnupg software can steal your keys; keys can be retrieved from RAM even after a laptop is powered off; a roootkit which runs after you've unlocked the drive (as most would) can get at any of your data once you have powered on and provided the key.
Disk encyryption protects against most cases of physically lost or stolen media or files, and that is about it. It is by no means a universal data protection solution, and does nothing to protect against many remote software-based attacks.
So you need one guy with moderate IT skills, read access to just about everything, and a questionable moral compass. That sounds like an enormous insider security threat to me. Why wouldn't this guy just sell the data to competitors?
So, you advocate a strategy where the IT guys are forced to lie under oath about what discoverable data exists in company archives? Not smart.
If I were tasked with implementing such a buck-passing and potentially illegal policy, I'd head straight for the Board of Directors to try to fix the obvious defects in C-level management. If the board didn't see things my way, well, I'd take a walk and if applicable contact the SEC or other regulatory agency. There are laws which govern records retention for most companies - even privately held firms.
No, the Discrete Cosine Transform is just one mathematical operation used by MPEG video encoders. It (and its inverse) are generally available as efficient vector-oriented hardware instructions in recent CPUs.
Much of the CPU time used during an MPEG2 or 4 encode is spent on motion estimation (essentially finding similar blocks of pixels in the current frame from other frames). Motion estimation is trivially parallelizable if you have shared read access to all the frames in memory. One thread searches for matches in frame 1, another searches in frame #2, etc.
Your point being? That tool detects some of the more popular rootkits directly, and also some of the more popular techniques used by rootkits. It is by no means an infallible rootkit condom.
Executing an known-shady "crack" executable on a system is about the stupidest thing a slashdotter could ever do. Geeks are supposed to be teaching people not to do that sort of thing.
One of the first things I do when I buy a game is download the CD crack so I don't have to keep track of where the install disks are.
And I would imagine your machine has been root-kitted for years. What sort of idiot downlaods and installs a random exectuable from an openly criminal source? I mean, really, what could go wrong?
Now that mysql has things like PL/SQL and Foreign Keys the differences between it and postgres have dwindled.
The fact that DRI ("foreign keys") is a noteworthy feature in MySQL speaks volumes about its quality. Every commercial datase has had that feature at introduction, going back to the 1970s. It is simply a requirement for a relational database, not a feature.
I haven't used it in about a year, but thank you for saving me some research this year: MySQL has always been - and will always be - a fucking toy.
Based on what? The presence or absence of a name amongst the text is not going to affect spam scoring.
Oh, yes it will affect scoring, at least using a statistical (Bayesian) spam filter. In my Spambayes scoring database, my first and last names have high non-spam correlation number, while the string that is the first part of my email address (intials + lastname) has a distictly "spammy" correlation. These numbers are based on actual email received and used to train the filter. Which makes sense: lots of spam I get has a subject like "jsmith get y0ur r0lex here!", but few say "John Smith, your Google account has been suspended"
Umm... typically, the CXOs ARE "the investors", or at least major investors. C-level execs typically receive quite a bit of stock as compensation, and often invest their own money to a degree when they come on board. This is usually a good thing, as the C-level execs seek to maximize shareholder value out of self-interest.
Note my qualifier: "probably". There are exceptions. I've had one guy in the last 10 years who was an excellent sysadmin and an above-average developer.
That said, from your one-paragraph description, you sound like a developer with a smattering of sysadmin skills to me.
What size datacenter did you manage? Was it heterogenous? How many DR plans have you built and tested? Have you designed and deployed a multi-site driectory service? What about networking? Have you set up a multi-homed BGP site?
Developers are terrible sysadmins, and sysadmins are terrible developers. I hire both, and believe me, the hard and especially soft skills required for one to succeed in one position are not found with those required for the other.
If you think you're a good sysadmin AND a good developer, well, you're probably mediocre in both areas.
Slashdot Mirror
This is exactly wrong. The acquisition costs of servers is the smallest portion of operating a reliable online service. Redundant bandwidth, generator power, cooling infrastructure, and staff time are much costlier problems to solve, and represent the vast majority of expense over 3+ years. Not to mention developing the software infrastructure needed to manage high-availability scale-out applications (especially at the database tier).
We just built a new datacenter, and server hardware was less than 6% of the total project budget. The OP should probably be looking at two or more virutal colocation providers, prefereably built on the same virtual machine platform to make failover and redundancy easier. Leave the details of supporting server hardware to the colocation provider.
If the OP is actually going to build two or more datacenters and host his own servers (not advisable for a startup), paying Dell/HP/whomever a bit extra for 4-hour warranty service will be much cheaper in the long run than managing a bunch of white-box frankenservers whose parts become unavailable after 6 months.
All of our internally hosted ESX cluster machines are dual-socket, 8-core Xeons with 64 GB of RAM. Not because we love Intel, but because that configuration gives you the best bang for your server buck. The same is true for our (large) external hosting provider, who is heavily into VMware and hosts thousands of VMs. All on dual-socket Xeons as far as I can tell. Operton-based VMware soltions are not mentioned by their salespeople.
Two-socket servers dominate the market, for good price/performance reasons. In my experience with our own clusters and those of clients, Vmware cluster workloads tend to be IO bound, not CPU or memory bound. An 8-socket server doesn't help when you're waiting more for network or SAN IO. This makes sense: scaling CPU and memory is cheap, scaling at the SAN layer is extremely expensive. So disk should be your bottleneck. If you have a bunch of CPU-bound VMs, your workload is very different from those I've encountered.
No, the 24-core machines are Intel-based. So Intel dominates both the two-socket and four-socket VMmark benchmarks, as I stated originally. You can say "That's not fair, they have six cores per socket!", and I say that makes them an even better value. Those four-socket machines are within 13% of the much more expensive (and larger and more power hungry) 8-socket Operton that leads the 32-core benchmark.
Look, I would love for AMD to catch up to Intel again... I bought quite a few Opteron servers 4-5 years back. But they just don't make sense for the majority of use cases I see now.
You could not be more wrong. Xeons dominate the VMmark benchmarks. Go home, fanboi.
HyperTransport may indeed be better design than a shared high-speed bus, but that design advantage is negated by Intel's process and manufacturing excellence. Almost all benchmarks bear this out, SPEC, TPC, VMmark, whatever. Except perhaps at the extreme high end (>=8 sockets, which is less than 5% of the server market by revenue). I don't think Intel even offers an 8-socket Xeon platform.
No, most people run Windows, where most binaries are signed. Microsoft signs all of its executables with authenticode signatures.
You can even configure Windows to run *only* executables signed by certain keys. Not many people even know it can do that, or do it in practice. We have use that feature for locking down web kiosks at conferences.
I assume you're talking about the Windows registry. It is easy to get and edit a registry dump in a textual format using regedit (that's how we maintain configuration state for servers).
As for some registry entries being obscure or unintelligible (either deliberately or accidentally), I would have to say I agree for some software. Other software has a very intuitive registry layout, even MS Office programs. Config files can suck, too: Apache and JBoss configuration files are certainly no picnic to decipher and maintain.
You realize you just described Windows Script Host, don't you? Included with every version of Windows since 2000...
Actually, in a Windows NT4 or active directory domain, all newly-created users are have restricted rights by default. It's been that way since NT4 in 1996 at least. They are members of the "domain users" group only, which is by default a member of the local users group (not administrators or power users) on each machine in the domain.
The problem is Windows systems that are stand-alone or members of Windows workgroups, where local users are created with admin rights during initial setup on XP, 2000, and older. The Server versions of MSFT operating systems always default to unpriviliged users I believe.
Microsoft does NOT make fonts. They license them from companies like Adobe, ITC, Linotype, Monotype, etc. It is those type foundries companies that make all the fonts you see in magazines, newspapers, etc. And they are the ones demanding DRM to protect their revenue stream.
In the graphic design world, font libraries are a non-trivial cost. When I was IT director for a small newspaper in the 1990s, our font library cost about $25,000, and was licensed per output device.
So, you say, just use "open source" fonts. Well, compare the quality and diversity of the Adobe Type Library with the very small, poorly made, poorly kerned, and disorganized collection of open source fonts available on the web. Good typographers cost money, and Adobe (and others) actually pay those typographers.
There are a large number of financials packages that will run on Linux servers (Oracle for example). But they typically require at least one Windows server for reporting services (Crystal/Business Objects/whatever), and the clients are often WIndows-only as well. And many of the BI tools plug in to Excel - and only Excel.
The major problem is that open source programmers code for "fun" mostly, but coding back-office applications like financials and ERP is not fun and generally not interesting. So there will never be a viable open-source competitor to SAP or the Oracle application stack unless a major vendor goes under and open-sources their stuff before closing the doors.
This is a shame really, because these back-office apps are the very applications that almost every business must customize to some degree to make it fit. Open source would be great for this market segment. An open source desktop office suite is nice, but the "free as in beer" part is the only thing that makes it nice. The fact that the code is open has no real benefit to 99.99% of the users.
The same can be said of most "business infrastructure" software besides financials: HR systems, payroll, compliance packages, BI suites, marketing, medical systems, insurance systems... these will likely always be closed source, commercial offerings.
No, you're not.
2.5*Pi in/rev * 20K rev/min * 60 min/hr * (1/12) ft/in * (1/5280) miles/ft = 149 miles/hr = 239 km/h
Still fast enough to injure if the thing shatters, but not supersonic.
Nuclear is solar power too. All heavy elements were forged in the bowels of a star billions of years ago, and ejected throughout the galaxy by supernovae.
When you think about it, everything is "big bang powered", even our sun.
This is NOT a vulnerability in MSSQL Server. It is a vulnerability in a lot of web applications (written in various languages) that use MSSQL as a back-end. If the attackers chose to use mySQL syntax instead of MSSQL syntax, then a bunch of Linux admins running poorly coded PSP/JSP/Perl web apps would be in trouble. The same is true of every other database. I would expect variants attacking those platforms soon.
You're about 5 years late. Stock options have fallen out of favor as a compensation tool. They now generally have to be expensed, and represent little benefit to either the employer ot employee froma tax perspective. These days, large stock option grants are a nothing but a huge "audit me" signal.
That said, the employee must be REALLY well compensated (with regular taxable stock grants for example), as the market value of what he has is enormous. Such amounts should raise the concerns of any competent auditor.
If you think that is true, you really know nothing about cryptography or security in general. Trojan bootloaders or gnupg software can steal your keys; keys can be retrieved from RAM even after a laptop is powered off; a roootkit which runs after you've unlocked the drive (as most would) can get at any of your data once you have powered on and provided the key.
Disk encyryption protects against most cases of physically lost or stolen media or files, and that is about it. It is by no means a universal data protection solution, and does nothing to protect against many remote software-based attacks.
So you need one guy with moderate IT skills, read access to just about everything, and a questionable moral compass. That sounds like an enormous insider security threat to me. Why wouldn't this guy just sell the data to competitors?
So, you advocate a strategy where the IT guys are forced to lie under oath about what discoverable data exists in company archives? Not smart.
If I were tasked with implementing such a buck-passing and potentially illegal policy, I'd head straight for the Board of Directors to try to fix the obvious defects in C-level management. If the board didn't see things my way, well, I'd take a walk and if applicable contact the SEC or other regulatory agency. There are laws which govern records retention for most companies - even privately held firms.
No, the Discrete Cosine Transform is just one mathematical operation used by MPEG video encoders. It (and its inverse) are generally available as efficient vector-oriented hardware instructions in recent CPUs.
Much of the CPU time used during an MPEG2 or 4 encode is spent on motion estimation (essentially finding similar blocks of pixels in the current frame from other frames). Motion estimation is trivially parallelizable if you have shared read access to all the frames in memory. One thread searches for matches in frame 1, another searches in frame #2, etc.
Your point being? That tool detects some of the more popular rootkits directly, and also some of the more popular techniques used by rootkits. It is by no means an infallible rootkit condom.
Executing an known-shady "crack" executable on a system is about the stupidest thing a slashdotter could ever do. Geeks are supposed to be teaching people not to do that sort of thing.
And I would imagine your machine has been root-kitted for years. What sort of idiot downlaods and installs a random exectuable from an openly criminal source? I mean, really, what could go wrong?
It's Dirk Diggler, not Dirk Meyer...
The fact that DRI ("foreign keys") is a noteworthy feature in MySQL speaks volumes about its quality. Every commercial datase has had that feature at introduction, going back to the 1970s. It is simply a requirement for a relational database, not a feature.
I haven't used it in about a year, but thank you for saving me some research this year: MySQL has always been - and will always be - a fucking toy.
Oh, yes it will affect scoring, at least using a statistical (Bayesian) spam filter. In my Spambayes scoring database, my first and last names have high non-spam correlation number, while the string that is the first part of my email address (intials + lastname) has a distictly "spammy" correlation. These numbers are based on actual email received and used to train the filter. Which makes sense: lots of spam I get has a subject like "jsmith get y0ur r0lex here!", but few say "John Smith, your Google account has been suspended"
Umm... typically, the CXOs ARE "the investors", or at least major investors. C-level execs typically receive quite a bit of stock as compensation, and often invest their own money to a degree when they come on board. This is usually a good thing, as the C-level execs seek to maximize shareholder value out of self-interest.
Note my qualifier: "probably". There are exceptions. I've had one guy in the last 10 years who was an excellent sysadmin and an above-average developer.
That said, from your one-paragraph description, you sound like a developer with a smattering of sysadmin skills to me.
What size datacenter did you manage? Was it heterogenous? How many DR plans have you built and tested? Have you designed and deployed a multi-site driectory service? What about networking? Have you set up a multi-homed BGP site?
Developers are terrible sysadmins, and sysadmins are terrible developers. I hire both, and believe me, the hard and especially soft skills required for one to succeed in one position are not found with those required for the other.
If you think you're a good sysadmin AND a good developer, well, you're probably mediocre in both areas.