We are talking about a short, almost personal comment on the developer's mailing list of Ubuntu:
i personally wouldn't do online banking with it;)
Compare this with the Slashdot article title:
Canonical Developer Warns About Banking With Linux Mint
Whether he is technically right, or not, I find it disgusting that such a side note becomes news on Slashdot.
By the way, the subject was another new distribution based on Ubuntu, similar to Mint, therefore the Ubuntu developer actually encouraged an Ubuntu derivative.
My mistake, I wrote "script", but it is not, it is a job configuration file. The exec line defines the executable and its arguments. The example is a Minecraft server, which is written in Java, so the executable is java in our case.
The Upstart reference documentation is http://upstart.ubuntu.com/cookbook. If you want man, then man 5 init describes the job configuration format.
Upstart was already in a good shape when SystemD started. So if you consider this fragmentisation because of this, then please note that in this case it is not Ubuntu who fragments Linux distros, quite the opposite...
Personally I find writing Upstart configuration files trivial. On the other hand I have never been able to write a perfect System V script. I hadn't found comprehensive documentation about it (especially about the various helper scripts and config files frequently used in init scripts). On the other hand, if you read the Upstart doc, which is a single long HTML page, at most 1 hour to read, your will know everything about it, much more than what you will ever use. I have not tried SystemD, so I have no opinion on that.
I have two, the first one displays system monitoring data. The diagrams are produced by Graphite on a real server, RPi displays them in a browser. That was not easy at first, because both Chromium and Midori are plagued with memory leaks which does not work well with Javascipt running in 24*7. My son wrote a script which reloads the tabs every hour, since that it works without issues. It only stops when there is a power outage.
I use the other one as a certificate authority, it is not connected to the internet.
Amazon does a favor with their Alexa service for the whole internet. That is the only third party global site statistics tool which provides information for free. At least I do not know any other.
Of course they should fix the vulnerability. The real issue is that the current authorization systems only give half of the necessary information, they state what information the app access, but not what it does with those information, even though that could really make a difference. Therefore people become accustomed to give horrific permissions to any app.
Looking at the book cover carefully, I believe she is actually depicted on it. Not on the forward big ship, but on the small ship going away in the background. She mentions in the book that this is the last edition for her, because nowdays she spend most of her time on a sailing ship where she only has a 30 (or 300?) baud radio connection.
I am usually a developer, but I have spent most of my time with system administration for the last half year. Whenever I have a new task in an unknown area, I always start with reading the relevant chapter from her book. I usually read a few other, unrelated sections too. As I have read this sad post, her book was actually lying next to me, open on page 938.
So 20 million Yahoo user names are revealed. Why is that interesting at all? I guess if I write a script which loops some id for a yahoo info page I get a similar list. Maybe a Google search is enough. Or do not contact external service, just guess: take all Japanese names, append one or two digits to it. Mostly these are valid names.
25 W idle is quite impressive, could you describe what parts and other measures have you used to achieve it? Now I have 3 computers online 24h in my home alone, mostly idle. Two are about 60W at idle. The third is a Raspberry Pi, which only consumes a few watts, but it has an attached LCD display too.
Regarding servers: I believe the new servers has much better energy management, so the idle - full difference may be larger than once it was. I also found that it is very hard to achieve a - seemingly - full load, the type of test program makes a big difference in power consumption, even if top displays 100% on all cores in every cases.
I agree, the wattage must be measured. As another example, I measured 80W idle and 160 W on full load on a 12 core Opteron server.
This server does not have a 3D video card. I guess you also achieved full load on a 3D card too, and that explains the large difference between the wattage in idle and full load in your case.
AMD already has FMA3. They also published great results. Of course nobody read it, at least I have seen mentioned it in the usual generic benchmark articles people like to refer (which does not use FMA3).
I recently installed Windows 7 on two machines. It took 5 hours on both machines to download, setup all patches. It restarted itself about 15 times. The Windows update process is ridiculous.
AFAIK In Europe the role of the jury is much smaller. If there is a jury at all, it is only a few people, and they alone do not decide about anything, they work together with the judge.
Do most developers use caps lock for typing capitlized constants and other things?
Yes. Since I have learned touch typing, I use CAPS LOCK extensively. Like in the previous sentence. If I have to type more than two (or one?) upper case characters I always use it.
It was indeed one of the most difficult key to learn, maybe because if I accidentally hit another key, the usual Backspace does not correct it. But it is well worth to learn it. Otherwise I had to switch between LEFT SHIFT and RIGHT SHIFT after almost every character, which drives me crazy. I am not sure, but I assume, that those who hate CAPS LOCK never really learned touch typing well, if at all.
It is by no accident that there was a SHIFT LOCK key on every typewriter (and that was less useful than CAPS lock), which was mostly used by professional typists.
You can use a Kinesis Advantage keyboard. First, important keys are pressed with the thumb, not the right fingers (Enter, Ctrl, Backspace). Second, the keyboard is programmable, so you can map all problematic keys to the left side and type them together with AltGr (right ALT). I am already using this method, because our national characters take the place of almost every symbol characters, which are important for coding. It is working well.
I understand, too high temperature is one thing, but crashing is really bad.
The new models, which have onboard IPMI controller, send you an email if a sensor value is unusual. At least I always get a notification email when I open the case, telling me just that: somebody opened the case. I had no problem with temperature even when I run a burn-in utility.
You have not provided any specific information, neither about the hardware, not about which is the part that is overheating. In general, at least in the 1U form factor, I cannot see any magic solution for cooling. Supermicro adds air shrouds to direct the airflow and they are using brutal fans. The front and back sides are as open, heatsinks are as large as possible. That is all they - or any other manufacturer - can do. Heat generation depends on the processors, chipset and drives.
Using your ISP mail server for outgoing mail is Best Practice.
You mixed up things. Using your ISP mail server is indeed better than sending directly from your dynamic IP address at home or in a small office.
But that is all, in every other situations, practically any solution is better than sending through poorly maintained ISP mail servers.
And no, sending through your ISP mail server does not break SPF at all, it is the same situation as somebody outsourcing his mail servers. Actually there is nothing unusual in that. See the "include" mechanism of SPF for such cases.
After reading the comments here, it is obvious that there is one and only one significant issue with the SPF system: 95% of system administrators do not get it. I try to clean things up (therefore it will be long, and nobody will read it, but anyway...).
First of all, fortunately, SPF is very simple to implement it, so most admins do no harm, even if they do not understand it.
Nor they get SMTP. Specifically the most important promise of SMTP: Your mail will be either delivered, or you will get a notification that it failed.
In the old days that promise was delivered, and email was a huge success. But then became mass spamming, and it became impossible to deliver the SMTP promise. You only had bad options:
-deliver all mails to the user. They lose huge amounts of time with deleting spams.
-place suspect mails into a Junk folder and send back a notification: you become a backscatter spammer. The sender was most likely forged, and you delievered your notification to an innocent.
-place suspect mails into a Junk folder, but do not send back notification: It all mails in Junk is read, than you have won nothing. If all mail is not read, you break the SMTP promise, because of some legitimate mail will be practically swallowed.
-reject suspected spam within the mail session: That requires significant processing power, and you are easier become DOS-ed exploiting this.
SPF was created to solve THIS issue. Not the problem of spam, but the effect of it! With SPF you again have a good choise:
Either place suspect email in Junk folder or drop it, but in either case, send back a notification. Now you are not a backscatter spammer, because the sender (the so called reverse path), thanks to SPF, cannot be forged. Your notification is assured to go to the real sender.
But this requires that you block mail which fails the SPF test. Do not accept it at all, block it right now in the SMTP session! Note that a missing SPF record is not considered failure - another common misunderstanding. If somebody does not publish SPF record, than he will get backscatter-spam, but this was his choice...
If your mail server does accept mails which fails the SPF check, than you again cornered yourself into the bad position. You have no good choice. Even if later your system decides that the mail is likely spam, you must deliver it to the user. Your only other safe choice would be to notify the sender about the issue, and let him fix the issue himself, but now you must not send to the sender because it may be a forged address (and you can easily find yourself on a blacklist). You tried to be cautious by accepting mail with failed SPF check, but actually you made the situation more dangerous to your user.
Huh? SPF implementations do not filter on a missing SPF record. A missing SPF records just means that, the sending mail servers of the domain are not specified. It never meant that the domain must not send any mails from any servers.
Quote from openspf.org:
"The domain does not have an SPF record or the SPF record does not evaluate to a result. Intended action: accept"
If you are talking about your customers, than you set their SPF record correctly, do you? So their mail will not bounced by others. If they want to use random email servers of the world, than you setup an "allow all" SPF record for them. Or you do not setup a record, but I think in this case you are doing a disservice to them, because their mail will be more suspicious. And no, if a domain has no SPF record, then its mails will not be rejected by any SPF compliant mail server.
Regarding spamassasin: that is a heuristics, in contrast to the well-defined SPF system. It is strange that you are afraid of SPF, but trust in a Spamassasin score.
However, I understand, that if you are neither a small organisaton, nor a big, influential company, like Google, then you may not want to take the effort to educate your users / other system administrators. But now, in 2013, maybe SPF is mature enough (thanks to the efforts of both the small and the large organisations), and it is not that big effort, and there are more benefits for customers than disadvantages, even in the short term.
Slashdot Mirror
Compare this with the Slashdot article title:
Whether he is technically right, or not, I find it disgusting that such a side note becomes news on Slashdot.
By the way, the subject was another new distribution based on Ubuntu, similar to Mint, therefore the Ubuntu developer actually encouraged an Ubuntu derivative.
My mistake, I wrote "script", but it is not, it is a job configuration file. The exec line defines the executable and its arguments. The example is a Minecraft server, which is written in Java, so the executable is java in our case.
The Upstart reference documentation is http://upstart.ubuntu.com/cookbook. If you want man, then man 5 init describes the job configuration format.
The Upstart documentation was indeed poor a few years ago, but now it is complete and easy to read.
And then:
# start minecraft
I cannot see a single line which requires documentation in order to understand it.
Upstart was already in a good shape when SystemD started. So if you consider this fragmentisation because of this, then please note that in this case it is not Ubuntu who fragments Linux distros, quite the opposite... Personally I find writing Upstart configuration files trivial. On the other hand I have never been able to write a perfect System V script. I hadn't found comprehensive documentation about it (especially about the various helper scripts and config files frequently used in init scripts). On the other hand, if you read the Upstart doc, which is a single long HTML page, at most 1 hour to read, your will know everything about it, much more than what you will ever use. I have not tried SystemD, so I have no opinion on that.
I have two, the first one displays system monitoring data. The diagrams are produced by Graphite on a real server, RPi displays them in a browser. That was not easy at first, because both Chromium and Midori are plagued with memory leaks which does not work well with Javascipt running in 24*7. My son wrote a script which reloads the tabs every hour, since that it works without issues. It only stops when there is a power outage.
I use the other one as a certificate authority, it is not connected to the internet.
Amazon does a favor with their Alexa service for the whole internet. That is the only third party global site statistics tool which provides information for free. At least I do not know any other.
Of course they should fix the vulnerability. The real issue is that the current authorization systems only give half of the necessary information, they state what information the app access, but not what it does with those information, even though that could really make a difference. Therefore people become accustomed to give horrific permissions to any app.
Looking at the book cover carefully, I believe she is actually depicted on it. Not on the forward big ship, but on the small ship going away in the background. She mentions in the book that this is the last edition for her, because nowdays she spend most of her time on a sailing ship where she only has a 30 (or 300?) baud radio connection.
I am usually a developer, but I have spent most of my time with system administration for the last half year. Whenever I have a new task in an unknown area, I always start with reading the relevant chapter from her book. I usually read a few other, unrelated sections too. As I have read this sad post, her book was actually lying next to me, open on page 938.
So 20 million Yahoo user names are revealed. Why is that interesting at all? I guess if I write a script which loops some id for a yahoo info page I get a similar list. Maybe a Google search is enough. Or do not contact external service, just guess: take all Japanese names, append one or two digits to it. Mostly these are valid names.
25 W idle is quite impressive, could you describe what parts and other measures have you used to achieve it? Now I have 3 computers online 24h in my home alone, mostly idle. Two are about 60W at idle. The third is a Raspberry Pi, which only consumes a few watts, but it has an attached LCD display too.
Regarding servers: I believe the new servers has much better energy management, so the idle - full difference may be larger than once it was. I also found that it is very hard to achieve a - seemingly - full load, the type of test program makes a big difference in power consumption, even if top displays 100% on all cores in every cases.
I agree, the wattage must be measured. As another example, I measured 80W idle and 160 W on full load on a 12 core Opteron server.
This server does not have a 3D video card. I guess you also achieved full load on a 3D card too, and that explains the large difference between the wattage in idle and full load in your case.
I mean "...I have never seen mentioned..."
AMD already has FMA3. They also published great results. Of course nobody read it, at least I have seen mentioned it in the usual generic benchmark articles people like to refer (which does not use FMA3).
I recently installed Windows 7 on two machines. It took 5 hours on both machines to download, setup all patches. It restarted itself about 15 times. The Windows update process is ridiculous.
AFAIK In Europe the role of the jury is much smaller. If there is a jury at all, it is only a few people, and they alone do not decide about anything, they work together with the judge.
Do most developers use caps lock for typing capitlized constants and other things?
Yes. Since I have learned touch typing, I use CAPS LOCK extensively. Like in the previous sentence. If I have to type more than two (or one?) upper case characters I always use it.
It was indeed one of the most difficult key to learn, maybe because if I accidentally hit another key, the usual Backspace does not correct it. But it is well worth to learn it. Otherwise I had to switch between LEFT SHIFT and RIGHT SHIFT after almost every character, which drives me crazy. I am not sure, but I assume, that those who hate CAPS LOCK never really learned touch typing well, if at all.
It is by no accident that there was a SHIFT LOCK key on every typewriter (and that was less useful than CAPS lock), which was mostly used by professional typists.
You can use a Kinesis Advantage keyboard. First, important keys are pressed with the thumb, not the right fingers (Enter, Ctrl, Backspace). Second, the keyboard is programmable, so you can map all problematic keys to the left side and type them together with AltGr (right ALT). I am already using this method, because our national characters take the place of almost every symbol characters, which are important for coding. It is working well.
I understand, too high temperature is one thing, but crashing is really bad.
The new models, which have onboard IPMI controller, send you an email if a sensor value is unusual. At least I always get a notification email when I open the case, telling me just that: somebody opened the case. I had no problem with temperature even when I run a burn-in utility.
You have not provided any specific information, neither about the hardware, not about which is the part that is overheating. In general, at least in the 1U form factor, I cannot see any magic solution for cooling. Supermicro adds air shrouds to direct the airflow and they are using brutal fans. The front and back sides are as open, heatsinks are as large as possible. That is all they - or any other manufacturer - can do. Heat generation depends on the processors, chipset and drives.
Your comment reminded me how great that there is Supermicro, who let me completely build even the most advanced x86 server if I want so.
Using your ISP mail server for outgoing mail is Best Practice.
You mixed up things. Using your ISP mail server is indeed better than sending directly from your dynamic IP address at home or in a small office.
But that is all, in every other situations, practically any solution is better than sending through poorly maintained ISP mail servers.
And no, sending through your ISP mail server does not break SPF at all, it is the same situation as somebody outsourcing his mail servers. Actually there is nothing unusual in that. See the "include" mechanism of SPF for such cases.
After reading the comments here, it is obvious that there is one and only one significant issue with the SPF system: 95% of system administrators do not get it. I try to clean things up (therefore it will be long, and nobody will read it, but anyway...).
First of all, fortunately, SPF is very simple to implement it, so most admins do no harm, even if they do not understand it.
Nor they get SMTP. Specifically the most important promise of SMTP: Your mail will be either delivered, or you will get a notification that it failed.
In the old days that promise was delivered, and email was a huge success. But then became mass spamming, and it became impossible to deliver the SMTP promise. You only had bad options:
-deliver all mails to the user. They lose huge amounts of time with deleting spams.
-place suspect mails into a Junk folder and send back a notification: you become a backscatter spammer. The sender was most likely forged, and you delievered your notification to an innocent.
-place suspect mails into a Junk folder, but do not send back notification: It all mails in Junk is read, than you have won nothing. If all mail is not read, you break the SMTP promise, because of some legitimate mail will be practically swallowed.
-reject suspected spam within the mail session: That requires significant processing power, and you are easier become DOS-ed exploiting this.
SPF was created to solve THIS issue. Not the problem of spam, but the effect of it! With SPF you again have a good choise:
Either place suspect email in Junk folder or drop it, but in either case, send back a notification. Now you are not a backscatter spammer, because the sender (the so called reverse path), thanks to SPF, cannot be forged. Your notification is assured to go to the real sender.
But this requires that you block mail which fails the SPF test. Do not accept it at all, block it right now in the SMTP session! Note that a missing SPF record is not considered failure - another common misunderstanding. If somebody does not publish SPF record, than he will get backscatter-spam, but this was his choice...
If your mail server does accept mails which fails the SPF check, than you again cornered yourself into the bad position. You have no good choice. Even if later your system decides that the mail is likely spam, you must deliver it to the user. Your only other safe choice would be to notify the sender about the issue, and let him fix the issue himself, but now you must not send to the sender because it may be a forged address (and you can easily find yourself on a blacklist). You tried to be cautious by accepting mail with failed SPF check, but actually you made the situation more dangerous to your user.
Huh? SPF implementations do not filter on a missing SPF record. A missing SPF records just means that, the sending mail servers of the domain are not specified. It never meant that the domain must not send any mails from any servers.
Quote from openspf.org :
"The domain does not have an SPF record or the SPF record does not evaluate to a result. Intended action: accept"
If you are talking about your customers, than you set their SPF record correctly, do you? So their mail will not bounced by others. If they want to use random email servers of the world, than you setup an "allow all" SPF record for them. Or you do not setup a record, but I think in this case you are doing a disservice to them, because their mail will be more suspicious. And no, if a domain has no SPF record, then its mails will not be rejected by any SPF compliant mail server.
Regarding spamassasin: that is a heuristics, in contrast to the well-defined SPF system. It is strange that you are afraid of SPF, but trust in a Spamassasin score.
However, I understand, that if you are neither a small organisaton, nor a big, influential company, like Google, then you may not want to take the effort to educate your users / other system administrators. But now, in 2013, maybe SPF is mature enough (thanks to the efforts of both the small and the large organisations), and it is not that big effort, and there are more benefits for customers than disadvantages, even in the short term.