Proposal: Good Neighbor Policy

Dan Kaminsky effugas at best.com
Wed Dec 22 00:43:48 GMT 1999 

A bit on "Administrative Error Detection"--

	In the computer music world, there's a piece of code called a
"MIDI Loopback".  What this thing does is create a slew of virtual
music channels to input into and output from.  MIDI Loopback
systems are used to implement filters; instead of directly sending musical
data to your synthesizer, you send it to one of these channels, which is
being monitored by a filtering program configured to read input from the
vritual channel, munge it mercilessly, and then forward the notes over to
the synth for playback.

	There is, however, a rather common problem that used to afflict
most MIDI Loopback implementation:  Feedback.  The filtering program would
be misconfigured to send its instructions in from the very same channel it
would send them back out on.  Assuming the filter did anything that
multiplied the number of musical events(think taking one note and
multiplying it into three), the internal buffers would quickly become
overwhelmed and everything would go boom.

	You may be wondering why I'm telling a file serving list this
story about musical information.  The answer is, the solution that at
least one MIDI Loopback implementation used is worth analyzing. You see,
in order to detect feedback loops, the system inserted a meaningless clock
pulse in its general chatter.  Since there was nothing else that would
ever generate this pulse *but* the feedback detection system, any dramatic
increase in the rate of incoming pulses would be indicative of a loop(and
thus a pending system crash).  Upon detection, the system would automute
the offending channel and pop up an error message.

	No boom.

	Now, you can say that the user should know better than to create a
feedback loop, just like you can say the user should know better than to
create browser master wars.  But sh*t happens, and it doesn't matter that
Microsoft hasn't seen fit to implement anything beyond monetary barriers
to protect network integrity.  We *know* users never want to create a
situation where the network goes down, just like the MIDI guys *know*
users never want to actually crash their system.  Building impending
disaster protection into Samba actually gives us more credibility than our
competitor.

	We don't just have to match NT.  In terms of sheer features and
flexibility, we long ago became the leader in the SMB File+Print Services
world.  Just because NT doesn't let you host multiple virtual machines off
the same server, doesn't mean we can't.  And just because NT doesn't
detect when it's about to break browsing for several subnets, doesn't mean
we don't have to.

	Perhaps that's beyond Good Neighbor.  Perhaps that's a *Better*
Neighbor policy.  It's something to consider nonetheless.

Yours Truly,

	Dan Kaminsky
	DoxPara Research
	http://www.doxpara.com

More information about the samba-technical mailing list