|
Grex > Coop11 > #7: Grex vs. Malthus, round Sixty-Five Thousand, Five Hundred and Thirty-Six |  |
|
| Author |
Message |
| 25 new of 74 responses total. |
jep
|
|
response 14 of 74:
| 
Jul 9 19:02 UTC 1998 |
re #7: It *would* solve the problem if the reap period was set
quickly enough. The question is, how quickly do you have to reap
existing unused accounts in order to cause growth of the number of
loginids to happen at the desired rate?
Currently, we get 175 new user accounts per day and reap 100 accounts.
The 100 have been unused for 90 days. If you reap accounts after 75
days, you will be reaping some negligible number of more accounts per
day. Set the reap period at 60, and it will be less negligible. Set it
at 30, and I'll bet it's pretty substantial. Set it at some level, and
it will reap 75 more users per day.
The question is, where do we have to set the reap period in order to
either stop growth in the number of users, or at least keep it from
getting to 65,000? When we find out the answer, we can decide if it's a
good idea to change the reap period.
I'll bet someone on the staff can determine the answer to that question.
|
krj
|
|
response 15 of 74:
|
Jul 9 19:43 UTC 1998 |
I think we shouldn't get bogged down in arguments about reap scheduling
and policy.
As I understand the situation: this is oversimplified a bit, but every day
we create 100 Grex accounts which will eventually be reaped, and 75
accounts which will stick around. On a 90 day expiration cycle,
this means that we have a bank of 9000 sure-to-be-reaped accounts.
We could go to a 30-day reap cycle and immediately reclaim 6000 accounts
from that bank: but that's a one-shot deal.
Recovering those 6000 accounts will only buy us 80 days of growth if we
keep adding 75 long-term users per day. That will be useful in an
emergency, but it won't solve our long-term problem.
Our choices are:
1) commit to whatever it takes to remove the 64K limit on the number
of Grex users -- if this is even possible in the time remaining
2) accept that there will be periods, starting next year, in which
"newuser" is going to be shut off. These periods will get longer
and longer, if we keep adding 75 long-term users each day "newuser"
is open, and eventually there will be essentially no new users.
3) Be willing to decide that some uses of Grex are more important than
others; start steering away Grex users who are only here for the
services we deem less important.
Hmm, let me rephrase option #2 vs. option #3:
2) Allow Grex to fill up on a first-come, first-served basis,
and shut the doors to latecomers for all our services --
** including conferencing **
3) Take pro-active steps to shape the Grex community in the belief
that our community-building services are the most important ones.
|
jared
|
|
response 16 of 74:
|
Jul 9 20:04 UTC 1998 |
dynamic uid generation
|
mdw
|
|
response 17 of 74:
|
Jul 10 07:52 UTC 1998 |
I think it's a bit premature to assume grex is just automatically going
to run out of UID's sometime next year. Another important limiting
constraint is the number of users we can support online at one time, and
the kind of performance we can offer those users. I think it's highly
probable that before we run out of UID's, we'll run out of network
capacity, telnet ports, CPU, or so other load bottleneck. It's worth
keeping in mind, too, that with our current text-only operation and no
global media advertising, there are limits to the % of people who might
be interested in us, or who might discover us.
So far as an upgrade path goes, there are a number of interesting
choices. We could continue to go with sun hardware, and run Solaris
2.6, which *does* support long uid's. Or, we could migrate to RS/6K's
and AIX, which has long supported long uid's. Or, we could choose to
run openbsd, and adapt it to run long uid's, perhaps even on the current
hardware. Each has different costs, performance, and security risks.
Another issue to consider in terms of upgrades, of course, is the kind
of computing environment we want to end up in. The kind of "server"
technology that grex is running on is getting relatively scarce. What
is much more the norm is to use "workstation" technology for servers -
and to run services distributed across several such workstations. The
next generation of sun server hardware after the 670 is probably the Sun
Enterprise server 1000, of which I happen to know of 3 in the A^2 area.
The equivalent "workstation" technology would be the SparcStation 10 or
20, of which there are probably at least a thousand in the A^2 area.
It's certainly worth looking at the services we offer. A *substantial*
chunk of the service we currently offer is definitely free e-mail. I
don't think we've done any studies, but it's highly possible that 50-90%
of those "75 new permament users every day" will only ever be using grex
for mail. Perhaps we should resign ourselves to competing with hotmail,
and deliberately set up a number of machines dedicated *solely* to pop
mail, with their own separate arrangements for UIDs and such, and shift
mail to that arrangement. We could then issue "pop-only" mail to the
unwashed masses, and separate full-shell and computer conferencing
access to only those that really want it. We could also probably shove
the mail servers behind some sort of network throttling gateway if they
prove *too* popular, although hopefully hotmail and other free mail
giants, with their big budgets, have a sufficient head start on us that
we won't be serious competition.
|
rcurl
|
|
response 18 of 74:
|
Jul 10 15:08 UTC 1998 |
Do you think it would really be fun offering a free e-mail service? Why
not just drop that and keep just the full-shell and computer conferencing
for "those that really want it"?
|
mta
|
|
response 19 of 74:
|
Jul 10 15:26 UTC 1998 |
Another possibility is to advise people that they can get free e-mail on
hotmail and other free e-mail providers and sing the parises of those other
providers more loudly. Then we hope that if e-mail is all they want, they'll
find it elsewhere...
I don't want to completely stop offering free e-mail -- but if we could find a
way to limit it that would be no bad thing.
You're right Rane, that offering free e-mail is not a particularly fun thing
for Grex to be doing -- but it is valuable to some people and worthwhile.
|
keesan
|
|
response 20 of 74:
|
Jul 10 22:47 UTC 1998 |
Is there some way to try out grex once without creating a user id? I telneted
to some conferencing system in Iowa and had to sign up to use it and then
never went back. Can people just look at the conferences using Backtalk
before they sign up?
|
srw
|
|
response 21 of 74:
|
Jul 11 03:06 UTC 1998 |
Yes you can look at conferences in Backtalk without signing up. In some
conferences, the author may invoke an option which renders his.her posts
unreadable that way, but most things should be readable. Users will have no
participation file, and will not be able to post.
I agree with Ken Josenhans that adjusting the reap policy doesn't buy much.
I strongly urge grex not to reduce its 90 day reap policy.
I agree with Marcus that STeve's projection doesn't take into account other
factors, and thus I too expect growth to slow. With 23000 accounts and a max
of about 80 users on simultaneously, we still have 299 users not logged in
at that time for every one who is. I doubt that this ratio can be forced much
higher. The telnet queue will get too long and people will lose interest.
In answer to atticus in resp:12, backtalk users need to own files too,
because their conference participation file is in their account. therefore, it
is not possible for backtalk users to use backtalk on Grex without consuming a
UID. Note: It *is* possible, but it requires configuring backtalk differently,
and in that mode it could not share conferences with picospan, which is why I
say it really isn't possible.
|
mdw
|
|
response 22 of 74:
|
Jul 11 11:21 UTC 1998 |
People who take out accounts once and then never come back don't really
cost grex much in terms of resources. Our current policy is that we may
delete such accounts as soon as one month after creation.
It was a pretty deliberate decision of mine early on, with m-net, to
give people their own unique full-function account immediately upon
signing up, rather than setting up any sort of 'guest' account. My
reason was that I didn't want to create any barriers towards those
people jumping in and responding, because there are already more than
enough "natural" barriers in people against doing that sort of thing.
If there's a "guest access" provision, then a lot of people who might
otherwise become participants will only observe, and never participate,
because they'll know how to observe, and they'll just never "get around"
to registering. Since this is exactly what backtalk currently offers,
it would be interesting to test my hypothesis against real data from
backtalk usage.
We already offer free e-mail. What I described amounts to making us
less "special" and attempting to streamline the service so that it uses
less resources.
|
valerie
|
|
response 23 of 74:
|
Jul 11 22:53 UTC 1998 |
This response has been erased.
|
arthurp
|
|
response 24 of 74:
|
Jul 12 03:05 UTC 1998 |
I think that wording would do a good job in newuser.
This is a bit techie, but does the file system have room in its
structures for longUIDs? We would have to mkfs anyway. But would we
have to create custom file system drivers?
|
srw
|
|
response 25 of 74:
|
Jul 12 05:02 UTC 1998 |
oops, the link I typed in resp:21 exposed a backtalk bug. It should have
worked and pointed to resp:12 . I am fixing the bug, which was caused by
the comma following the link, and the link will work once a new backtalk
is installed here.
picospan users please ignore - sorry for the drift -
The backtalk strategy of providing access to users without requiring an
account was well thought out, I believe. Asking people to take out an
account poses a barrier for many people. With this feature, they can see
what might be in store for them if they take out an account. They are
urged to do so. It was not so much intended to reduce the number of
abandoned accounts (wlthough it should do that) but to attract people
who would otherwise not come in.
|
mdw
|
|
response 26 of 74:
|
Jul 12 07:39 UTC 1998 |
If we were going to stick with sunos, we'd have to do a *lot* of
hackery. However, Solaris 2.6 does in fact share a "compatible" on-disk
filesystem layout with SunOS. The trick they use is they store the long
UID & GID at offsets +116, +120 in the on-disk inode, & store
0xffff,0xffff at offsets +4, +6, the old short uid/gid slots. One of
the many bits of kernel hackery that we'd have to do to sunos would be
to do something about the code in SunOS that *does* use these slots for
something else--"i_delaylen" and "i_nextrio".
openbsd shares very similar filesystem code with sunos, and may be very
nearly compatible. It, too, has support for long uids, but they're stored
in +112,+116, and there doesn't seem to be any kernel code to deal with
"old" filesystems. Instead, fsck contains logic to copy the old UIDs to
the new spots (apparently, without even asking.)
|
jared
|
|
response 27 of 74:
|
Jul 12 15:30 UTC 1998 |
I'd recommend saving your pennies and just buying some big fancy PC,
setting up some sort of *BSD on it, that you have full sources to,
and do it that way. 1) Replacement hardware is easy to find
2) Full source to OS and all its drivers is great for doing local hacks
3) despite (insert marcus paranoia about someone hardware hacking system),
there quickly come out OS patches for stuff like the 0xf00f stuff that
prevent any such attack.
|
mdw
|
|
response 28 of 74:
|
Jul 13 08:17 UTC 1998 |
You've a lot more faith in intel than me. Nevertheless, I would agree
it's likely grex will be on pci-bus in 1-2 hardware generations, and it
*may* be the case that linux a/o bsd will be secure enough at that
point. Given the # of really scary solaris bugs I keep hearing about, I
certainly don't feel especially comfortable in sticking with that.
|
rtgreen
|
|
response 29 of 74:
|
Jul 15 18:05 UTC 1998 |
I just entered a long response, and it appears it didn't get posted.
Mebbe I'll have the energy to re-type all that tomorrow, if it doesn't
find its way out of the bit-bucket.
|
dang
|
|
response 30 of 74:
|
Jul 16 17:01 UTC 1998 |
What about Kerberos? Would that solve our uid problem?
|
dpc
|
|
response 31 of 74:
|
Jul 16 19:34 UTC 1998 |
I like your suggestion in #23, valerie!
|
janc
|
|
response 32 of 74:
|
Jul 17 12:43 UTC 1998 |
I don't think Kerberos will have any effect on the UID problem. The
limitation is in the kernel, not in the passwd file.
|
jared
|
|
response 33 of 74:
|
Jul 17 19:58 UTC 1998 |
correct. kerberos is just a way to do user-auth, and it's os independent,
which means janc is correct.
as for marcus, and his paranoia, i'd be more concerned for solaris than
for intel. count the number of show-stoping hardware bugs in intel hardware
where the os is free. count the number of show-stoping hardware bugs where
the os is expensive, support is expensive, and you have to pay for some
patches, and you don't get src without boku bucks.
basically, all your paranoia about solaris and all can be taken care of by
getting OpenBSD or something, and spending a weekend reading the source,
hacking what you need into it over the next week or two, then anything
new that comes out you can patch against yourself, or use vendor
patches, rather than *having* to wait for sun to come out w/ a patch.
sun hasn't realized how to code yet and avoid buffer overflows. nor
have many people actually, they're not sgi, which by definition,
if you have an account, you have root, but they don't lock down on stuff
like openbsd does. (Note, i don't even run openbsd, but
they ara paranoid security folks, see http://www.openbsd.org/security.html)
|
janc
|
|
response 34 of 74:
|
Jul 17 21:15 UTC 1998 |
Though there are sparc versions of OpenBSD, and, according the the
developers "can be quite reliable depending on the configuration".
However, it does NOT run on Sun 4/600 systems.
|
jared
|
|
response 35 of 74:
|
Jul 18 16:46 UTC 1998 |
correct. the PC platform is the next logical choice for you to move to.
|
mdw
|
|
response 36 of 74:
|
Jul 19 07:57 UTC 1998 |
I agree the openbsd folks sound quite promising.
My reservations regarding intel based hardware still remain however.
Just the other day I saw some sort of *new* linux program that seems
intended to cause some sort of hardware exception (and crash the
machine). This is where the i386 really shows its weakness: the i386
has an extremely complex architecture, and all of these loose ends show
up in the exceptions you need to be able to handle. Just to add insult
to injury, the intel documentation is nearly useless in terms of
decoding all these exceptions--you basically need to try them all out
yourself, and see what happens, and this is the very worst sort of
kernel debugging to do, because you're basically dealing with the
machine where it gives you the least clues as to what went wrong. I
have *never* seen any intel OS that wasn't fairly trivial to crash. I
never made a concerted effort either, these were just things I *ran
into* doing quite different other stuff. With SCO Xenix (yup, it's
*ancient* history) -- I could crash it by doing a "return from
interrupt" with the wrong stuff on the stack (reti *is* a legal
instruction, even from so-called "user mode" (which doesn't really exist
on the intel, but that's a whole 'nuther story.). With freebsd, I could
crash it by trying to do a "ptrace" with a word that crossed a page
boundary. I don't know about the "reti" case, but I see that the ptrace
bug, at least, is fixed in openbsd.
For a while, I had mklinux running on a Macintosh (until the hard disk
died). This was an early version of mklinux - so it was missing the
years and years of experience everyone has had with the intel platform.
It was also more stable than any of the intel versions I've used.
*This* is the difference a clean architecture makes.
I'm still waiting for the vandals to find the "holy grail" bug in the
pentium series - the instructions that allow any "user mode" program to
read/write "kernel" memory. I'm confident it's only a matter of time.
|
jared
|
|
response 37 of 74:
|
Jul 19 14:30 UTC 1998 |
oh yeah, once they find the "holy grail" instruction, sure, the world is
over, but ya know what, instead of being paranoid about that, i'd be more
concerned about some stupid userland program or libc bug that allows
that because of poor bounds-checking.
and with your holy-grail paranoia, when is it going to be found in the
sparc platform? ultrasparc? 68030, everything.. ack!!!! lets let my
paranoia drive me away from any platform. that's the bright move.
The other thing you can do (oh no, another not-well-tested platform),
is use a Dec Alpha, those can take the same PCI bus cards as intel
(and the PCI Ultrasparcs), and have better handling of things such as no
video card, which intel boxes can't handle well, and it has a real
rom monitor. This would actually be a good choice also. The problem
with intel hardware is the fact that it's designed to have a monitor
and keyboard all the time. Although you can boot without them, if
your cmos becomes corrupted, you won't boot until someone gets back
there and fixes it. this can be avoided with headless boxes such as
sparcs, and alphas.
(yes, there are others that do headless well, but i'm not going to go
much further there).
|
mdw
|
|
response 38 of 74:
|
Jul 19 22:07 UTC 1998 |
The thing is, the 68030, sparc, powerpc, etc., platforms *are* different
than intel. *All* of these cpu's have much more modern design
methodology in them. The intel design methodology basically dates from
about 1960 -- the chip architecture is pretty obviously pre-GPR, and
even the IBM 7094 has a more regular instruction set. It's worse than
that even -- until the pentium II, intel processors weren't microcoded,
but used "random logic" to implement the instruction set. I've heard
that the famous intel FP bug wasn't an actual logic bug, but was in fact
an analog layout glitch.
There are also PCI bus powerpc machines, and PCI bus sparc machines.
(In fact, I have one of each in my office now...) That's why I said it
was a pretty safe bet that grex would end up on PCI bus at some point.
|