|
|
| Author |
Message |
| 25 new of 175 responses total. |
mjb
|
|
response 125 of 175:
| 
Dec 15 19:30 UTC 1998 |
Re #124: Steve, I'm afraid I might be responsible for some of the latest
confusion. In my previous response I stated that I didn't know what
security measure grex uses in combating fork bombs, but I suggested that
it may be a kernel limit on total number of simultaneous processes that
a user can execute. That was speculation on my part, and now people are
asking you questions about an unverified comment that I made. Sorry! ;-)
|
steve
|
|
response 126 of 175:
|
Dec 15 19:37 UTC 1998 |
Ah, I see. No, thats OK. Yes, we limit the number of processes that
any user can have running at once. Thats what makes forkbombs merely
nasty, rather then devistating.
|
gregb
|
|
response 127 of 175:
|
Dec 15 19:55 UTC 1998 |
That's what I was asking: How do you know how many proc. to limit a user?
Is it an arbitrary number?
|
steve
|
|
response 128 of 175:
|
Dec 15 20:29 UTC 1998 |
Well, in the world of the UNIX kernel nothing is arbitrary. The
default value was originally something fairly large, which isn't needed
in the environment of Grex where people don't do much at once. We
changed the figure to 100 procs per logged in entity. Actually, we
should likely go down form there but we'll have to experiement with
that.
|
mjb
|
|
response 129 of 175:
|
Dec 15 21:27 UTC 1998 |
Hmm...I was poking around a little while ago and I found:
#define MAXUPRC 25 /* max processes per user */
in both /usr/include/sys/param.h and /usr/kvm/sys/sys/param.h
so, perhaps it's 25, and not 100? Or perhaps I don't have a clue?
That's possible too...;-)
|
mcnally
|
|
response 130 of 175:
|
Dec 15 22:32 UTC 1998 |
re #127: Yes, basically you pick a number and the kernel returns an
error to any user program that tries to fork the n+1th process
for that user. It's not hard to pick a number that's on the
generous side of what a typical grex user would need during a
login session and still below the "one person can make the
system totally useless" threshhold.
|
tpryan
|
|
response 131 of 175:
|
Dec 15 22:45 UTC 1998 |
Did this come from the fork bomb factory (ISP) that Grex
blocked recently? or has that not been a problem these days?
|
kaplan
|
|
response 132 of 175:
|
Dec 16 03:16 UTC 1998 |
Do the backtalk designers read this item? If many different users are all
trying to run backtalk at the same time, all of the backtalk processes would
be owned by the same system account, right? So if this MAXUPRC limit is
reached, does backtalk (or the web server) handle that situation in stride?
Has it been tested? Just a thought....
|
steve
|
|
response 133 of 175:
|
Dec 16 04:17 UTC 1998 |
Nope, the limit is 100. It was changed in the object itself;
one of the things we need to do is gen a new kernel with the
right value.
No, the last fork bomb did not come from anywhere that I've
ever seen before. I'm in contact with the right people on that
one.
|
mdw
|
|
response 134 of 175:
|
Dec 16 07:31 UTC 1998 |
The real limit for the # of user runnable processes is set by the
variable "maxuprc" in /vmunix. This is set in param.c to default to
MAXUPRC, but can be set to some other value. We set it to 64 (so the
limit is actually 64 not 100). While we *could* have built param.c to
have a different value, I think we *actually* used adb to patch /vmunix
directly.
|
davel
|
|
response 135 of 175:
|
Dec 16 13:02 UTC 1998 |
Maybe STeve was counting in octal?
8-{)]
|
steve
|
|
response 136 of 175:
|
Dec 16 13:06 UTC 1998 |
No, that was my memory, based on reading email from some time
ago. Hmm. 64hex is 100decimal, so that may be it.
|
remmers
|
|
response 137 of 175:
|
Dec 16 13:07 UTC 1998 |
Result of the Grex Board Election:
---------------------------------
Voting members (these are the ones that count):
9 dpc
33 janc
12 mziemba
18 other
30 remmers
23 steve
Non-members (unofficial):
1 cmcgee (withdrew her candidacy)
15 dpc
34 janc
23 mziemba
26 other
36 remmers
35 steve
Since there were three slots to fill, janc, remmers, and steve are
elected to 2-year terms.
|
jep
|
|
response 138 of 175:
|
Dec 16 13:17 UTC 1998 |
Congratulations to the new Board members!
Thanks to everyone who ran. It's wonderful to be able to choose from
such an excellent ballot. This was a no-lose election, with 7 great
candidates.
|
janc
|
|
response 139 of 175:
|
Dec 16 16:39 UTC 1998 |
Cool. Thanks to all those who supported me.
Looking at these results, I find myself simultaneously pleased that
John and Steve got elected, and regretting that some of the other, very
able people without so long a Grex history didn't get elected.
Obviously we need to increase the size of the board. The only way I
could find to vote for all the other candidates I really wanted to see
on the board was by not voting for myself. Oh well. Thanks so much to
those who ran but didn't get elected. I respect your devotion to Grex
and your willingness to help.
|
remmers
|
|
response 140 of 175:
|
Dec 16 16:52 UTC 1998 |
REMINDER: Wednesday December 16 is the LAST DAY TO VOTE on the proposal
for Grex to endorse the Blue Ribbon Campaign for Online Freedom. The
polls will close at midnight, Eastern Standard Time. See Item 43 in the
Coop conference (item:coop,43) for discussion of the proposal.
To vote, you must telnet or dial direct to Grex and type one of:
propvote -at a Unix shell prompt
!propvote -at a menu or bbs prompt
|
keesan
|
|
response 141 of 175:
|
Dec 16 17:48 UTC 1998 |
Only 117 member votes for 3 positions is about 39 voters, under 50%.
How does this compare with US presidential elections?
|
steve
|
|
response 142 of 175:
|
Dec 16 21:18 UTC 1998 |
We were briefly bothered by a forkish bomb again today, from a
different domain than the last couple. I've sent mail and have
talked on the phone with an administrator from the offending site.
|
remmers
|
|
response 143 of 175:
|
Dec 17 10:47 UTC 1998 |
RESULTS of vote on the motion that Grex support the Blue Ribbon
Campaign for Online Freedom.
Members:
27 YES
5 NO
The proposal PASSED.
Unofficial non-member vote:
43 YES
3 NO
|
gregb
|
|
response 144 of 175:
|
Dec 17 13:50 UTC 1998 |
Congrats to janc, steve and remmers!
|
steve
|
|
response 145 of 175:
|
Dec 17 16:24 UTC 1998 |
Rebooted Grex today, to make effective yet another change to
perhaps make Grex a little better at dealing with fork bombs.
|
steve
|
|
response 146 of 175:
|
Dec 18 05:35 UTC 1998 |
For the third time in Grex's history we've "rewound" uid's
in the passwd file.
Since the highest number uid (user id) we can have is 65,536
we've had to recycle uids when we've gotten near the end of the
uid limit. This morning just a few minutes past mightnight, the
uid count got to 65,501 so I changed newuser to start using uid
10,000 as we have in the past, but with a new "group" id, which
is 53.
Back in the olden days (ha!) all accounts were in group 50,
called people. Then came group 51, "foks" and then group 52
called "beings". Today we're at group 53 which is called
"humans".
Here's a history of the groups:
Group Date Started
50 (people) 06-jun-91
51 (folks) 24-nov-96
52 (beings) 10-mar-98
53 (humans) 18-dec-98
We've had about 162,000 accounts created on Grex now. Gosh,
I think its time for me to do another strange statistics item
about Grex's accounts...
|
rcurl
|
|
response 147 of 175:
|
Dec 18 17:23 UTC 1998 |
Pretty quiet right now:
Login Name TTY Idle Login Time Location Work Phone
gal Terri Lynn qb Dec 18 11:59 Ypsilanti q
keesan C. Keesan *p1 Dec 18 11:57
rcurl Rane Curl *r4 Dec 18 12:21
|
keesan
|
|
response 148 of 175:
|
Dec 18 17:35 UTC 1998 |
Hi Rane, is the telnet connection down again? Jim says hi, too.
|
steve
|
|
response 149 of 175:
|
Dec 18 19:30 UTC 1998 |
Grex's net connection has been acting strangely since about 5am this
morning. Technically, our ISDN connection is just fine, but a router
"upwind" of Grex (or something like that) has been intermittant.
|
