[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to make Debian less fragile (long and philosophical)

On Tue, 17 Aug 1999, Michael Stone wrote:

> On Tue, Aug 17, 1999 at 12:56:17AM -0400, Justin Wells wrote:
> >    #5 -- a hardware error occurs and it corrupts a few files. you
> >          don't know how extensive the problem is, but libC is 
> >          at least one of the file that's been hosed
> So you copy libc from your backup disk. What's the big deal?

Reboots are bad, downtime is bad, the lack of remote access is bad, on
production systems. I think this was already addressed multiple times.

> Are you intentionally being obstinate? You mount your backup disk
> read-only, then you copy what you need off of it.

If you don't have a shell, then you can't do it without a reboot.

> You use your serial
> line to do it. The serial line's getty is going to be there regardless
> of what you do to your libs because it's already running.

If you haven't already logged into that getty and the libs are broken,
then you can't launch a new shell.

> You're putting too much emphasis on static bins, pure and simple. I've
> got machines that don't even have dynamic libs, and let me assure you
> that they're not failure-proof. 

I don't think it's fair to throw in some reductio ad absurdum like that,
do you? Nobody is arguing for perfection or "failure-proof" systems. The
issue is a rather simple one of costs vs. benefits. A very simple issue,
but of course the details are more complex.

I had reacted in the same way (with hostility) before I thought about it
really carefully. There's definitely a benefit to having static core
binaries. For those who administer remote production machines or machines
where downtime is very bad, the benefit is frankly substantial from a risk
point of view. So what are the costs? What are they really? As far as I
can tell, there's a small disk space cost (about 200K per binary) and no
memory cost. There was some grumbling about the effort involved, but I
think that was without a full understanding of what was involved.

Reply to: