Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!cs.utexas.edu!uwm.edu!bionet!turbo.bio.net!lear From: lear@turbo.bio.net (Eliot) Newsgroups: news.software.b Subject: Re: CNews - now a pedantic software! : -( Message-ID: Date: 6 Apr 91 01:07:33 GMT References: <1991Apr03.042907.16938@buster.stafford.tx.us> <1991Apr03.230016.8369@looking.on.ca> <1991Apr4.063315.20892@zoo.toronto.edu> <1991Apr04.223504.20615@sat.com> Organization: GenBank Computing Resource for Mol. Biology Lines: 43 lmb@sat.com (Larry Blair) writes: >If you were sympathetic to the sysadmins you wouldn't just throw away all of >their site's postings without any indication. Even the most naive admin would >rather be bombarded with mail than have everything posted from their site >disappear into a black hole. Some thoughts: #1: Any processing done on all machines (``the NET'') MAY have effects on all machines. Thus one must consider the effects fairly carefully before introducing such systemic solutions. #2: The right place to catch format errors is on input into the system. This is the least expensive (and presumably the way CNews works), and has the maximum impact, because 99% of the time the system can give an interactive error message. As an example of #1, I am reminded of the person who forged 5 sendsys control messages from webber@rutgers.edu, when no such address existed. So that cost 10*N where N was the number of machines who responded (now about 10K or so?)/ Both of these rules affirm the robustness principle, ``Be liberal with what you accept and conservative with what you send.'' (See RFC 793 2.10, and other places). Neither of these rules will solve all problems. A much better solution would be enough logging information that various system administrators can run perl scripts to determine when problems exist, and who to contact. While this isn't an automatic solution, the only automatic ones I would consider are somewhat longer term. One possibility is an inband control message that only gets turned into mail or log information when it hits the offending site. This method presumes that the error is not so significant that the system in question will be unable to process it. This method would set the overhead of the error message to no more than one control message. In some cases this would cause more processing, in some cases less. -- Eliot Lear [lear@turbo.bio.net]