Re: DWOF

Date view Thread view Subject view Author view

From: Kragen Sitaker (kragen@pobox.com)
Date: Fri Jun 16 2000 - 17:40:32 PDT


Tomwhore writes:
> thoughts of circulr list backups runthrough my head.
>
> Set ups that would use the egroups archive as a fall back posting
> vector....taged headers to parse from which vector a post is entered into
> the fork stream...parsers to rout the tags for inclusion back into a
> servers streams after a downage...
>
> Somewhere in my mocha soaked sleep deprived brain there is an answer using
> a zope product...maybe some one can help tear it out of my brain for
> use:)-

Distributing a mailing list can be done fairly simply; you just need a
distributed transactional storage space. The following actions need to
be atomic, isolated, and durable:
- accepting a subscription request from a potential user and sending
  that user a confirmation request containing a cookie
- subscribing a user to the list upon receipt of a confirmation
  containing a correct cookie
- the equivalents of the above two actions for unsubscribing
- accepting a post to the list and recording the contents of that post
- delivering a post from the list to a subscriber
- possibly other things

This could be done fairly straightforwardly even with a distributed
transactional hierarchical database.

Now you simply need to run something that tries to deliver posts to
subscribers as long as need be.

The standard mail system works on the principle that all parts are
equally reliable; once part X accepts responsibility for delivering
mail from part Y, part Y can forget about it. Unfortunately, if we're
building a distributed mailing-list server, unless we're writing a
distributed MTA, we can't let the MTA accept responsibility for getting
the mail sent out from the mailing-list software; otherwise, we get a
scenario like this:

- box A accepts a post, doing a two-phase commit with box B.
- the mailing-list software on box A hands off ten copies of the
  message to the MTA on box A, doing a two-phase commit with box B to
  tell box B that the messages are delivered.
- box A loses power in a power outage. The messages don't get
  delivered until three weeks later (if box A is in downtown Auckland).

This is to be avoided. We can't avoid handing responsibility off to
remote MTAs, but we can avoid adding SPOFs to the mix.

Oh, and all the boxes can be equal-priority MX records for the domain
where the mailing lists live, eliminating SPOFs on the input.

-- 
<kragen@pobox.com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
The Internet stock bubble didn't burst on 1999-11-08.  Hurrah!
<URL:http://www.pobox.com/~kragen/bubble.html>
The power didn't go out on 2000-01-01 either.  :)


Date view Thread view Subject view Author view

This archive was generated by hypermail 2b29 : Fri Jun 16 2000 - 17:44:03 PDT