[linux-elitists] wtf is "public domain"?

Greg Folkert greg@gregfolkert.net
Thu Nov 8 08:47:12 PST 2007


On Tue, 2007-11-06 at 13:32 -0800, Marc MERLIN wrote:
> On Tue, Nov 06, 2007 at 11:51:21AM -0800, Rick Moen wrote:
> > There was also some 2005 kerfuffle about Dan allegedly... dodging
> > concerning a problem with integer handling on 64-bit platforms -- fixed
> > in netqmail.  http://cr.yp.to/qmail/guarantee.html addresses that claim 
> > from Dan's perspective.
> 
> I love the quote
> In May 2005, Georgi Guninski claimed that some potential 64-bit portability
> problems allowed a ``remote exploit in qmail-smtpd.'' This claim is denied.
> Nobody gives gigabytes of memory to each qmail-smtpd process, so there is no
> problem with qmail's assumption that allocated array lengths fit comfortably
> into 32 bits.

I've been *THROWN* into dealing with systems setup by someone that
ABSOLUTELY LOVES DJB's software.

I have a mail server, that... well has 4GB of memory and we do Bulk Mail
sending to opt-in lists ONLY, (people either pay/donate/grant/other to
get access) we sometimes have 200K messages in queue with the ability to
send 1.5M an hour.

This system is running qmail. and it uses nearly all 4GB of memory...
we've experienced a few problems when we batch more than 100K messages.
qmail dumps.... it seems its using more than 1GB of memory on one
process, it just up and dies, nothing in the log, multilog then starts
to cycle through 6K PIDs a minute, and qmail-* fails to restart
automagically... load averages climb, machine does a self DoS of sorts.

IF I can get an ssh into the machine I can svc-stop everything easily,
and svc-start ...

But dang. The person whom originally setup the machine using qmail, is
now a "consultant" for us and he see no problem... he is as blind about
it as DJB.

Oh, we also use TinyDNS, DNScache and other *WONDERFUL* pigeon hole
software from DJB...

Talk about PITA, to get Dynamic-DNS stuff to work... well, lets just
say: I'm not going there. Not to mention IPV6, odd
(SRV/SPF/DKIM/SenderID) records, and other things.

> In other words, there was a remotely exploitable bug, but djb conveniently
> states that it wouldn't happy to anyone sane, therefore it's not a bug.
> 
> Gotta love that way of thinking...

Oh, he breeds a WHOLE MINDSET with this thinking. Blindly following his
word.


	"There is no consistent way to start services in *NIX"

What was that? There are four that *I* know of, in _common_ use today.


	"There is no good logging systems available."

Again, HUH? There are so many, if I shake a stick...


To get back to *MY* problem, the place I work develops a type of
CRM/website/Bulk-mail stuffs. And we are now using DJBs daemontools to
manage the starting and stopping of them.

YUCK.

I can only hope... to move things to something easier to
manage/update/improve for all the stuff he writes that we use.

</RANT>
-- 
Greg Folkert <greg@gregfolkert.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20071108/116575ba/attachment.pgp 


More information about the linux-elitists mailing list