l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: On Compatibility

From: Jonathan S. Shapiro
Subject: Re: On Compatibility
Date: Tue, 25 Oct 2005 21:09:22 -0400 
On Tue, 2005-10-25 at 21:48 +0200, Bas Wijnen wrote:
> On Tue, Oct 25, 2005 at 02:57:18PM -0400, Jonathan S. Shapiro wrote:
> > On Tue, 2005-10-25 at 20:17 +0200, Marcus Brinkmann wrote:
> > > There is a huge legacy of administration manuals how to set up such
> > > systems, in a "reasonably secure manner".  For example, how to set up
> > > web servers and virtual domains.
> > > 
> > > This is an important legacy...
> > 
> > Actually, I do not agree. In contrast to user applications, the total
> > set of important server applications is very very small. It is not at
> > all out of the question that these could be rewritten, and in many cases
> > the rewrite could be done by restructuring existing systems.
> 
> I think Marcus meant the legacy of educated sysadmins and manuals, not the
> servers themselves.  Rewriting the server may be pretty easy, reeducating all
> the people who know how it worked isn't.

I understood Marcus's meaning. I simply do not agree. In fact, I believe
that destroying this legacy is one of the greatest services that a new
system design could achieve. Administrators have a real job to do.
Tinkering with system parameters isn't it.

IBM recently did a study of a whole bunch of server applications.
Specifically, they looked at configuration options for performance
tuning. They found that (a) most were legacies of debugging code, (b) of
the ones that were actually intended to be administrator configurable,
most had no desirable effect, and (c) in no case were there more than 10
useful tuning parameters. They looked at both IBM and non-IBM code, and
their results were consistent with other studies of a similar nature.

Configuration of access control does not appear to suffer from a similar
problem. This is a case where the administrator is stating policy, and
policy is necessarily localized.

However, the vast majority of actions that a system administrator needs
to take are a legacy of older system designs: how much space, which file
system, what order to start things in, and so forth. Absolutely *none*
of these decisions are relevant in a persistent system.

In fact, in an ideal system design the *only* decisions that
administrators would make would be:

  which extra services to turn on
  which user accounts to create

We are a very long way from actually having a system this simple, but it
would be a *huge* step forward if we did.

So: I view Marcus's observation as a problem to be eradicated, not a
legacy to be supported.


shap
reply via email to
[Prev in Thread] Current Thread [Next in Thread]