From owner-freebsd-current@FreeBSD.ORG  Sat Jul 17 08:00:21 2010
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 17C7810656D7;
	Sat, 17 Jul 2010 08:00:21 +0000 (UTC)
	(envelope-from m.seaman@infracaninophile.co.uk)
Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk
	[IPv6:2001:8b0:151:1::1])
	by mx1.freebsd.org (Postfix) with ESMTP id 942718FC16;
	Sat, 17 Jul 2010 08:00:20 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
	[81.187.76.163]) (authenticated bits=0)
	by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id
	o6H80EZn042495
	(version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
	Sat, 17 Jul 2010 09:00:14 +0100 (BST)
	(envelope-from m.seaman@infracaninophile.co.uk)
Message-ID: <4C416307.9000001@infracaninophile.co.uk>
Date: Sat, 17 Jul 2010 09:00:07 +0100
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Organization: Infracaninophile
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB;
	rv:1.9.2.4) Gecko/20100608 Thunderbird/3.1
MIME-Version: 1.0
To: Lowell Gilbert <freebsd-current-local@be-well.ilk.org>
References: <20100716143621.GA9281@ravenloft.kiev.ua>
	<44k4ov6nax.fsf@lowell-desk.lan>
In-Reply-To: <44k4ov6nax.fsf@lowell-desk.lan>
X-Enigmail-Version: 1.1.1
OpenPGP: id=60AE908C
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig1542F6D7EF7AAA6124ED2888"
X-Virus-Scanned: clamav-milter 0.96.1 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_20,DKIM_ADSP_ALL,
	SPF_FAIL autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	lucid-nonsense.infracaninophile.co.uk
Cc: freebsd-current@freebsd.org, Alex Kozlov <spam@rm-rf.kiev.ua>,
	Gabor Kovesdan <gabor@freebsd.org>
Subject: Re: periodic script in base system to run csup
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Jul 2010 08:00:21 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig1542F6D7EF7AAA6124ED2888
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 17/07/2010 24:04:38, Lowell Gilbert wrote:
> Alex Kozlov <spam@rm-rf.kiev.ua> writes:
>=20
>> On Fri, Jul 16, 2010 at 04:27:39PM +0200, Gabor Kovesdan wrote:
>>> Em 2010.07.16. 16:23, Alex Kozlov escreveu:
>>>> On Fri, Jul 16, 2010 at 03:58:33PM +0200, Gabor Kovesdan wrote:
>>>>
>>>> Thousands pc simultaneously try to access cvsup servers?
>>>> Sound like a ddos to me.
>>> Yes, this was the only concern and that's why I started this discussi=
on.
>> And because its periodic, We can't use portsnap solution (random delay=

>> before csup start).
>=20
> It's not completely impossible; periodic could spin off a separate shel=
l
> for it, with a random delay.  It's not clear what the best way to deal
> with the output would be, although several approaches present themselve=
s.
> It would be a lot more complicated than Gabor's approach, though.

Simply ensuring the csup periodic job is the last one to run
(/etc/periodic/daily/1000.csup ?) should give you the best of both
worlds.  You can insert a random delay of up to an hour and still deal
with csup as a foreground job.  All of the other periodic jobs will run
as normal (and should help with randomising the time distribution of the
csup runs too) -- you'll just have to wait a bit longer for the nightly
e-mail to be produced.

Even so, I think this is still likely to upset the cvsup servers: a
whole timezone worth of machines hitting a small number of servers
within one or two hours might be doable with portsnap / freebsd-update
but cvsup requires a lot more effort server-side.

	Cheers

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew@infracaninophile.co.uk               Kent, CT11 9PW


--------------enig1542F6D7EF7AAA6124ED2888
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxBYw4ACgkQ8Mjk52CukIx/ZQCfWMuiyGsoD77lllg/aaF9dPaY
j6sAn30E/jk37O4y+gR2Fqmn0Th5kvf4
=P5QY
-----END PGP SIGNATURE-----

--------------enig1542F6D7EF7AAA6124ED2888--