Based on stuff I heard in another life, Google used to get transit contracts with the fastest connection they could get, but the lowest commited rate. The syncs used to take place in the proverbial top 5% of the 95th percentile.
As in: they used provider A for 36 hours, provider B for the next 36h, provider C for the next 36h, etc... (bear in mind it was not surfer facing transit, just used to sync up the DCs.)
They've probably reached the level where they've got too much data to get away with that scheme. So they've got a pretty simple choice:
- Pay for the commited rate they really need.
- Link the 2 Data Centers with dark fiber lit with 10GigE.
Based on the over provisionning most fiber companies did when they built their networks, there's a lot of room for negociation when you're shopping for fiber, especially when you can hang the promise of a huge internationnal network in the balance.
The second option is pretty much guaranted to turn out to be much more affordable.
24 hours in the Grey does seem like an awfully long time. I've got my servers set to 2 minutes and it seems to work just as well as longer periods.
In most cases, the MTA tries within 30 minutes, and the triplet (sending domain, receiving domain, netblock of the sending MTA) is saved, so the next email matching the triplet will go through instantly.
90% of the connections attempts I see look like they are from zombies. Regarless of the period you greylist for, zombies seem utterly confused by the fact you tell them to try again, so I'm pretty sure you'd get good results with the shortest period your software can handle.
Btw, I use 'gld' which covers most of the shortcomings you mentions.
It comes with a whitelist of servers known to be broken (ebay, amazon, and stuff like that), and is able to work based on fuzzy stuff (domain names and/24s instead of IP addresses).
I'll back the parent post. MXLogic is definitely worth considering for small to medium companies. The administration can be delegated to the least clueless of the users. Unless you charge for the time spent fine-tuning their system it's hard to beat.
I've set it up for a couple of domains for which setting up something internally just wasn't worth my time. Between setting things up, testing everything and the recurring admin, doing it myself with Open Source Software would have cost more in time than over a year worth of service.
Granted it's not the solution for everybody, but for a small to medium company with fairly standard needs (reduce spam and have easy access to the quarantined mail), it's a pretty compelling option.
I read it like a hint that when you're trying to conceal criminal activities behind a VPN, you'd better make sure the endpoint of the VPN has not been owned by the USSS.
The same goes for encrypted emails and the likes... There's little point in encrypting something if the recipient has had to surrender the key to a law enforcement agency.
I'm not a US citizen, so I may well be mistaken, but the USSS is part of the Department of Treasury. One of their better known mission is to deal with couterfeit money (beside of protecting the POTUS).
Since ID theft has the potential of screwing up the financial system in a rather major way, I'm not too surprised they got involved on that case.
Anyway, the idea of "defacing" the site was bloddy brilliant. It gives the strong message that the Law can get to the frauders level in order to catch them. I'm pretty sure the message got through to a few people in a much stronger way than a simple press release would have.
You missed a pretty big point:
Declaring that the war was over when it clearly wasn't.
That was just seen as the ultimate provocation to anyone in Baghdad.
Nothing keeps you from stopping on the hard shoulder, switching your hazard lights on, getting out of the car through the passenger side, going over the safety barrier and spending 30 minutes sitting in the grass trying to collect yourself.
If the police was to pass by, they'd most definitely stop and check what's going on. Unless the cop is braindead, he'll see you've taken all the steps to make the situation as safe as you possibly could and should not give you too much hassle. No idea how he'll handle the situation once you tell him you're not in a condition that makes it safes to drive. I guess he'd probably insist on escorting you to the next exit.
Staying in the car for a quick nap is definitely not an option. Not only it's dangerous, but you're likely to get the bollocking of your life if the cops catch you sleeping in your car.
I remember seeing a documentary on TV a few years ago, can't remember if it was in the UK or in France.
They had taken a dozen of drivers fitting a particular set of criteria. They had to be used to driving at night, and drive a certain mileage every week.
They rigged them up with monitoring equipment, set a couple of night vision cameras in the car and sent them on their way.
They had to drive a distance that was estimated to take about 4h.
Once at the destination a team of boffins would ask them to fill in a questionaire about how they felt about the drive, whether they felt tired, etc.
The results were simply scary:
None of them had bothered to take a break.
None of them declared having felt tired enough to feel they had to take a break.
Yet their brain activity was showing numerous periods that looked like deep sleep for less than 5 seconds.
On average these periods amounted to a whooping 6 minutes over the 4h of driving.
On the videos you could just see the drivers blinking for a unusually long time.
Having a system that detects that I'm blinking in a suspicious way, gets the driver seat to vibrate, and then sound an alarm if I don't open my eyes immediately would certainly not annoy me. I'd take the hint that I need to take the next exit and try to grab 1/2h of sleep.
My sister fell asleep at the wheel once while on the motorway and told us that she had only blinked, only to open her eyes after feeling what she described as a bump.
She took the next exit because she was feeling seriously tired and slightly puzzled about the "bump". Turned out she had hit the safety rail after drifting all the way over the fast lane.
Based on what I've seen in a few years of using FreeBSD, ports and packages do not mix. You've got to make your mind up once and for all and stick to one way of doing things.
I've also had my fair share of grief from using CPAN to install packages, and then having a portupgrade fail on me because of broken dependencies when the same Perl packages is in the ports.
I'm sure the only person who can be blamed is good old me, since I tend to overlook the documentation, stupidly safe in the feeling that I've used FreeBSD for long enough not to bother.
One thing that's been bothering me lately is the fact that some rather major changes in the ports (PHP and it's various extensions for example), and the heads up is not in an obvious place.
Again, I shouldn't be complaining since things were probably covered in various mailing lists. Blame me if you feel so inclinded, but while I don't subscribe to the mailing lists, I'd sure would have appreciated to have the PHP port give a warning at make time, pointing to a URL giving the lowdown on what changed.
I agree with the previous poster saying that the FreeBSD updating tools are amongst the nicest, but there sure are a few ways they could be improved even more.
Not sure they're not useful in Raid Arrays, having small, energy efficient, drives allows you to cram a lot more drives in the same space.
This allows for more parallel channels into which the data is flowing at any one time, with the array spending less time waiting for the drives to finish writing.
Sure, you'll probably find an array that reaches the same perfs using 3.5' drives, but it'll probably take 3x more Us.
When you're renting colo space, it can make the difference between renting half a rack and renting 2 full racks.
They may also open the possibility for vendors to build "storage blades", which I reckon would fit a niche very nicely.
Not everyone wants to have a blade chassis with a couple of active blades, and an external (mostly empty) disk array. Sure they'd have to be fairly creative to build a blade which still allows for hot swapping (2-3 slots large maybe?).
The real advantage of having your storage inside the blade beeing that your storage is directly connected to the backplane, instead of being on the other side of a SCSI cable which might slow things down.
A few years down the line, we may well be able to buy blade chassis where you have a storage blade (or storage area), a storage array management blade (to allow servers to boot from the Raid Array), and space for quite a few, now diskless, servers.
If SeaLand was proved to be harbouring terrorists (or anything more serious than the couple of casinos they're probably hosting), I bet the French would show little hesitation before sending a couple of divers with enough Semtex to turn the whole "country" into nothing more than a bad memory, Rainbow Warrior style.
Slashdot Mirror
Based on stuff I heard in another life, Google used to get transit contracts with the fastest connection they could get, but the lowest commited rate. The syncs used to take place in the proverbial top 5% of the 95th percentile.
As in: they used provider A for 36 hours, provider B for the next 36h, provider C for the next 36h, etc... (bear in mind it was not surfer facing transit, just used to sync up the DCs.)
They've probably reached the level where they've got too much data to get away with that scheme. So they've got a pretty simple choice:
- Pay for the commited rate they really need.
- Link the 2 Data Centers with dark fiber lit with 10GigE.
Based on the over provisionning most fiber companies did when they built their networks, there's a lot of room for negociation when you're shopping for fiber, especially when you can hang the promise of a huge internationnal network in the balance.
The second option is pretty much guaranted to turn out to be much more affordable.
not much of a pocket rocket though... :-)
24 hours in the Grey does seem like an awfully long time.
/24s instead of IP addresses).
I've got my servers set to 2 minutes and it seems to work just as well as longer periods.
In most cases, the MTA tries within 30 minutes, and the triplet (sending domain, receiving domain, netblock of the sending MTA) is saved, so the next email matching the triplet will go through instantly.
90% of the connections attempts I see look like they are from zombies. Regarless of the period you greylist for, zombies seem utterly confused by the fact you tell them to try again, so I'm pretty sure you'd get good results with the shortest period your software can handle.
Btw, I use 'gld' which covers most of the shortcomings you mentions.
It comes with a whitelist of servers known to be broken (ebay, amazon, and stuff like that), and is able to work based on fuzzy stuff (domain names and
I'll back the parent post.
MXLogic is definitely worth considering for small to medium companies.
The administration can be delegated to the least clueless of the users.
Unless you charge for the time spent fine-tuning their system it's hard to beat.
I've set it up for a couple of domains for which setting up something internally just wasn't worth my time. Between setting things up, testing everything and the recurring admin, doing it myself with Open Source Software would have cost more in time than over a year worth of service.
Granted it's not the solution for everybody, but for a small to medium company with fairly standard needs (reduce spam and have easy access to the quarantined mail), it's a pretty compelling option.
I read it like a hint that when you're trying to conceal criminal activities behind a VPN, you'd better make sure the endpoint of the VPN has not been owned by the USSS.
The same goes for encrypted emails and the likes... There's little point in encrypting something if the recipient has had to surrender the key to a law enforcement agency.
I'm not a US citizen, so I may well be mistaken, but the USSS is part of the Department of Treasury. One of their better known mission is to deal with couterfeit money (beside of protecting the POTUS).
Since ID theft has the potential of screwing up the financial system in a rather major way, I'm not too surprised they got involved on that case.
Anyway, the idea of "defacing" the site was bloddy brilliant. It gives the strong message that the Law can get to the frauders level in order to catch them. I'm pretty sure the message got through to a few people in a much stronger way than a simple press release would have.
You missed a pretty big point: Declaring that the war was over when it clearly wasn't. That was just seen as the ultimate provocation to anyone in Baghdad.
Nothing keeps you from stopping on the hard shoulder, switching your hazard lights on, getting out of the car through the passenger side, going over the safety barrier and spending 30 minutes sitting in the grass trying to collect yourself.
If the police was to pass by, they'd most definitely stop and check what's going on. Unless the cop is braindead, he'll see you've taken all the steps to make the situation as safe as you possibly could and should not give you too much hassle. No idea how he'll handle the situation once you tell him you're not in a condition that makes it safes to drive. I guess he'd probably insist on escorting you to the next exit.
Staying in the car for a quick nap is definitely not an option. Not only it's dangerous, but you're likely to get the bollocking of your life if the cops catch you sleeping in your car.
Great concept: Technology Assisted Darwinism :-)
I remember seeing a documentary on TV a few years ago, can't remember if it was in the UK or in France.
They had taken a dozen of drivers fitting a particular set of criteria. They had to be used to driving at night, and drive a certain mileage every week.
They rigged them up with monitoring equipment, set a couple of night vision cameras in the car and sent them on their way.
They had to drive a distance that was estimated to take about 4h.
Once at the destination a team of boffins would ask them to fill in a questionaire about how they felt about the drive, whether they felt tired, etc.
The results were simply scary:
None of them had bothered to take a break.
None of them declared having felt tired enough to feel they had to take a break.
Yet their brain activity was showing numerous periods that looked like deep sleep for less than 5 seconds.
On average these periods amounted to a whooping 6 minutes over the 4h of driving.
On the videos you could just see the drivers blinking for a unusually long time.
Having a system that detects that I'm blinking in a suspicious way, gets the driver seat to vibrate, and then sound an alarm if I don't open my eyes immediately would certainly not annoy me. I'd take the hint that I need to take the next exit and try to grab 1/2h of sleep.
My sister fell asleep at the wheel once while on the motorway and told us that she had only blinked, only to open her eyes after feeling what she described as a bump.
She took the next exit because she was feeling seriously tired and slightly puzzled about the "bump". Turned out she had hit the safety rail after drifting all the way over the fast lane.
I usually do, but I overlook it once in a while.
Again, I'm not complaining, just pointing a way things could be made even better.
I'd have seriously appreciated if the Makefile had been made to look for the ~/php4-options files and had refused to update unless I remove that file.
Tools like portupdate simplify things to the point where you get a false sense of security and end up with mud on your face.
Based on what I've seen in a few years of using FreeBSD, ports and packages do not mix. You've got to make your mind up once and for all and stick to one way of doing things.
I've also had my fair share of grief from using CPAN to install packages, and then having a portupgrade fail on me because of broken dependencies when the same Perl packages is in the ports.
I'm sure the only person who can be blamed is good old me, since I tend to overlook the documentation, stupidly safe in the feeling that I've used FreeBSD for long enough not to bother.
One thing that's been bothering me lately is the fact that some rather major changes in the ports (PHP and it's various extensions for example), and the heads up is not in an obvious place.
Again, I shouldn't be complaining since things were probably covered in various mailing lists. Blame me if you feel so inclinded, but while I don't subscribe to the mailing lists, I'd sure would have appreciated to have the PHP port give a warning at make time, pointing to a URL giving the lowdown on what changed.
I agree with the previous poster saying that the FreeBSD updating tools are amongst the nicest, but there sure are a few ways they could be improved even more.
Not sure they're not useful in Raid Arrays, having small, energy efficient, drives allows you to cram a lot more drives in the same space.
This allows for more parallel channels into which the data is flowing at any one time, with the array spending less time waiting for the drives to finish writing.
Sure, you'll probably find an array that reaches the same perfs using 3.5' drives, but it'll probably take 3x more Us.
When you're renting colo space, it can make the difference between renting half a rack and renting 2 full racks.
They may also open the possibility for vendors to build "storage blades", which I reckon would fit a niche very nicely.
Not everyone wants to have a blade chassis with a couple of active blades, and an external (mostly empty) disk array. Sure they'd have to be fairly creative to build a blade which still allows for hot swapping (2-3 slots large maybe?).
The real advantage of having your storage inside the blade beeing that your storage is directly connected to the backplane, instead of being on the other side of a SCSI cable which might slow things down.
A few years down the line, we may well be able to buy blade chassis where you have a storage blade (or storage area), a storage array management blade (to allow servers to boot from the Raid Array), and space for quite a few, now diskless, servers.
30 disks in what looks like 3Us of space for 4Gb/s of throughput.
If SeaLand was proved to be harbouring terrorists (or anything more serious than the couple of casinos they're probably hosting), I bet the French would show little hesitation before sending a couple of divers with enough Semtex to turn the whole "country" into nothing more than a bad memory, Rainbow Warrior style.