今天，CNNIC正式发布了第21次中国互联网络发展状况统计报告。正如提前透露的那样，中国网民数量经过一年大跃进（年增长率53.3%），基本达到了美国上网人口的数字──2.1亿。

我用Google Spreadsheets生成了一张图表，可以直观地看到中国网民数量的历年增长率。



抛开互联网发展初期（2000年以前）由于基数太小而出现的半年翻一番的情况，中国网民数量真正开始高速增长，是在互联网泡沫破灭之后的2001年。尽管那时候互联网公司正在寒冬中挣扎，但之前投入的大笔资金和市场培育这时候开始显现效果。2002年上半年，网民数量达到4580万，较半年前增长36%。这是自互联网泡沫破灭后，网民数量增长最快的半年。随后，增速开始放缓，呈现逐年下降的趋势。2005年下半年，网民数量较半年前增加不到8%，是增长最慢的半年。

不过，从2007年上半年起，神奇的增长又开始了。上半年中国网民增加了18.25%，下半年再接再厉，又猛增了29.63%。上半年的增长容易理解，因为CNNIC修改了“网民”的定义，从原来的平均每周上网1小时以上，改为“半年内使用过互联网的6周岁及以上中国公民”，这让那些进过一次网吧、不小心用手机访问过一次移动梦网、跟儿子一起看过一眼网上视频、陪老乡在百度下载过一次MP3的人，都成了“网民”。

可是，下半年近30%的增长，还是非常令人费解。最近几年，PC销售并未出现井喷，网吧数量也一直被“总量控制”在12万家左右。手机？根据CNNIC的报告，手机用户中的12.6%是手机网民，数量为5040万人。但CNNIC同时又说，这“5040万人在使用其他上网接入方式的同时，还选择使用手机上网”，也就是说，他们并不是只用手机上网的用户。

CNNIC说，农民，农民托起了中国网民的数字。2007年7300万新增网民中的4成，即有2917万来自农村，年增长率达到127.7%。为什么2007年农民开始蜂拥上网？为了看周正龙的纸老虎？还是为了支持马云的B2B？ 即使去掉来自农村的增长，2007年的年增长率仍高达32%。太反常了，不是吗？

所以我仍然疑惑，2007年网民数量的超常规增长背后，到底发生了什么？

如果仍然保持半年29.63%的增速，到今年底，中国网民数量就可以达到3.53亿，基本上可以占据全球网民数量的半壁江山。

由于Oracle10201在Enterprise Linux 5 X86-64上的安装与AS4 X86-64安装十分类似，这里只列出二者的区别，详细步骤就忽略了。安装Oracle10201 for REDHAT AS4 x86_64：http://yangtingkun.itpub.net/post/468/439077安装ORACLE10201 for ENTERPRISE LINUX 5 x86-64报错无法打开共享对象文件：http://yangtingkun.itpub.net/post/468/445373内存、磁盘空间，操作系统等检查和AS4上的一致，这里可以简单跳过。需要注意的是Enterprise Linux 5上的安装包和AS4上的有区别，包括以下的安装包就可以了：binutils-2.17.50.0.6-2.el5compat-db-4.2....

Since its debut in March of 2001, Mac OS® X® has been a very attractive operating system for many Linux® and Unix™ enthusiasts. The operating system brings the interface design Apple is known for to Unix and builds on the previous efforts of A/UX® and especially NeXT®. This article will introduce the reader to a technique for configuring a Fedora® 8 server and corresponding workstation running Mac OS X Tiger (10.4). I will discuss ways to provide three key services: authorization, authentication, and file sharing.

Network information

OpenLDAP provides directory services and is often used to provide network information. This information may include users and groups. Our server will use OpenLDAP to provide basic account information and network authorization.

Note:

If you are running Fedora’s firewall, iptables, then you must configure it to allow incoming LDAPS, Kerberos and NFSv3 traffic. On Fedora 7, this configuration may be done using the system-config-securitylevel tool. LDAPS and Kerberos are straightforward, simply list ldaps:tcp and kerberos:udp in the “Other” field of the Firewall Customization interface. NFSv3 is actually a suite of software running on various ports. In order to allow NFSv3 traffic, allow connections on the following ports: nfs:tcp nfs:udp sunrpc:tcp sunrpc:udp 32803:tcp 892:tcp 892:tcp 662:tcp 662:udp 875:tcp 875:udp filenet-rpc:udp. These ports correspond to the ports configured in /etc/sysconfig/nfs.

The Fedora Linux server will require the nss_ldap, openldap-clients, and openldap-servers packages. These packages may be installed using the command, yum install nss_ldap openldap-clients openldap-servers.

The first step in setting up the OpenLDAP server is to configure the stand-alone LDAP server (slapd). Write the following to /etc/openldap/slapd.conf to configure slapd:

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/redhat/autofs.schema

allow           bind_v2

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

database        bdb
suffix          "dc=example,dc=com"
rootdn          "cn=Manager,dc=example,dc=com"
rootpw          {SSHA}REPLACEME

directory       /var/lib/ldap

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

The interesting portion of the configuration file is the definition of the suffix as “dc=example,dc=com.” This sets the suffix that will be used for queries to the LDAP server. This is essentially an administrative domain. To generate a real password for the rootpw field, use the slappasswd command. Copy the output of slappasswd and paste it into the rootpw field in slapd.conf.

In order to prevent users from observing LDAP traffic as it passes across the network, we will configure slapd to encrypt its traffic. To require that slapd uses LDAP over TLS (LDAPS), add the following lines to /etc/sysconfig/ldap:

SLAPD_LDAP=no
SLAPD_LDAPS=yes

Once slapd is set up, we will configure the Linux server to act as its own client. This ensures that accounts set up for the network are valid on the server as well. The file /etc/openldap/ldap.conf configures OpenLDAP client software to connect to localhost using LDAP over TLS (LDAPS):

BASE          dc=example,dc=com
URI           ldaps://localhost
TLS_REQCERT   allow
TLS           hard
TLS_CACERTDIR /etc/openldap/cacerts

Now that LDAP is fully configured, issue the commands /sbin/service ldap start to start the service and /sbin/chkconfig ldap on to cause it to start each time the system boots. We may now populate LDAP’s database. The first step to doing this is to generate a database shell and save it to any file (e.g., filename.ldif):

dn: dc=example,dc=com
objectClass: organization
objectClass: dcObject
o: Example, Inc.
dc: example

dn: ou=people,dc=example,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=group,dc=example,dc=com
objectClass: organizationalUnit
ou: group

Once this file has been created, you may import it into LDAP using ldapadd -x -D 'cn=Manager,dc=example,dc=com' -W -f filename.ldif. We may now create an account consisting of a user and group (e.g., user.ldif):

dn: uid=user,ou=People,dc=example,dc=com
uid: user
cn: Joe User
objectClass: account
objectClass: posixAccount
objectClass: top
userPassword:: XXXX
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
homeDirectory: /home/user
gecos: Joe User

dn: cn=user,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: user
userPassword:: XXXX
gidNumber: 500

Many of these fields may look familiar if you are familiar with /etc/passwd, the standard Unix account information file. Again, we will use ldapadd to insert this LDIF data into the LDAP database: ldapadd -x -D 'cn=Manager,dc=example,dc=com' -W -f user.ldif.

The LDAP server has been configured and its database is populated. We may now query it from the command line using ldapsearch -x. This should display all of the data we have entered into the LDAP database. Ldapadd and ldapdelete are the commands OpenLDAP provides to manipulate its database. Refer to the OpenLDAP documentation for more details about these commands.

The final configuration is of OpenLDAP’s GNU C library counterpart, the ldap_nss module. The following goes in /etc/ldap.conf and will configure ldap_nss to resolve system database queries using LDAPS.

bind_policy soft
base dc=example,dc=com
uri ldaps://localhost
ssl start_tls
ssl on
nss_initgroups_ignoreusers ldap

In order to tell the GNU C library to use the nss_ldap module configured above, ensure /etc/nsswitch.conf contains the following two lines:

[...]
passwd:     files ldap
group:      files ldap
[...]

Now that the name service switch is configured to query using LDAP, getent passwd should return some account information for the user we created above. The output should be as follows:

[...]
user:*:500:500:Joe User:/home/user:/bin/bash

The first service on the Linux server, authorization, is now available. Let’s turn our focus to the workstation.

Assume that we have a fresh Mac OS X installation on the workstation. The first time it is booted, the OS prompts the user to create a user account. Although most account information will be served by LDAP, it is still important to have a local administrator account. We will use this account to configure the workstation. Name the account “Local Administrator Account” and give it a short name of “local.” Log in to the local account.

Different flavors of Unix have different techniques for numbering UID’s. For example, Fedora starts new users at 500. Mac OS X starts at 501. It is
important to ensure that the local Mac OS X user does not collide with LDAP users. The following commands change the UID of our local account
so that it is compatible with the accounts that will be served by the Linux server.

First, identify local’s current UID and GID:

sudo niutil -read . /users/local | grep '^uid'
sudo niutil -read . /users/local | grep '^gid'

Next, change local’s GID, primary group and UID to 499, making room for the Linux accounts that will start with 500:

sudo niutil -createprop . /groups/local gid 499
sudo niutil -createprop . /users/local gid 499
sudo niutil -createprop . /users/local uid 499

At this point it becomes necessary to log out and then back in to the local account. This ensures that the new UID and GID are adopted by the
running session. However, existing files that are owned by local will retain the now incorrect UID and GID of 501. This is easily fixed with the
following two commands:

sudo find / -user 501 -exec chown 499 {} ;
sudo find / -group 501 -exec chgrp 499 {} ;

Now we are done changing the user local’s UID and GID. Logging out and back in again will ensure the account is fully operational.

The next step is for convenience. So that we don’t have to refer to the server by IP address, we will add an entry to the workstation’s /etc/hosts file. Add:

192.168.0.10 server.example.com server

where 192.168.0.10 is replaced with your server’s IP address.

Figure 1 is a picture of Mac OS X Directory Access® configuration tool. We will use this tool to configure our workstation to use LDAP for network information. The Directory Access tool is found in Applications/Utilities. Once the tool is running, select the “Services” tab and ensure that only the LDAPv3 block is checked. Highlight LDAPv3 and press the “Configure” button. Select the “New…” button. You should now see the window pictured in Figure 2.

Fill out the form as documented in Figure 2 and press “Continue.” Fill in the rest of the form as documented in Figure 3 and press “Continue” again. Select “Ok” and name the configuration something relevant to your network. Click “Ok” and “Apply” to apply the configuration. You may now quit the Directory Access application.

The LDAP configuration is tested much like it was tested on the Linux server. The following command should print the contents of the Linux server’s LDAP database: ldapsearch -H ldaps://server -b dc=example,dc=com -x.

The graphical login tool on Mac OS X does not recognize LDAP accounts. Because of this, it will not list these accounts as available for use. To get around this, configure the login window to allow the input of both usernames and passwords. This is configured by opening the Mac OS X System Preferences tool and selecting the Accounts applet. Press the “Login Options” button to configure the login window. See Figure 4.

Authentication

Now that the server and workstation both have their corresponding LDAP systems operational, we will configure the authentication service using a system called Kerberos. Kerberos is an authentication system that uses a key distribution center to manage access to network resources. This KDC will reside on our Linux server.

The server will require the krb5-libs, krb5-workstation, krb5-server, pam_krb5, and ntp packages.

To start configuring the Kerberos service, add the following to /etc/krb5.conf:

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = example.com
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
    example.com = {
    kdc = server.example.com:88
    admin_server = server.example.com:749
    default_domain = example.com
}

[domain_realm]
.example.com = example.com
example.com = example.com

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
    kdc_timeout = 1
    max_retries = 1
}

Next, initialize the Kerberos system with kdb5_util create -s. Add the following to /var/kerberos/krb5kdc/kdc.conf:

[kdcdefaults]
v4_mode = nopreauth
kdc_ports = 88,750
kdc_tcp_ports = 88

[realms]
example.com = {
    acl_file = /var/kerberos/krb5kdc/kadm5.acl
    dict_file = /usr/share/dict/words
    admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
    supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}

As before, use service and chkconfig to start the service: /sbin/service krb5kdc start and /sbin/chkconfig krb5kdc on.

The Kerberos system is now fully initialized on the server. It is now possible to add users to the Kerberos database. User information is stored in LDAP, but their authentication tokens exist in Kerberos. Add the user “user” to the Kerberos database using /usr/kerberos/sbin/kadmin.local:

/usr/kerberos/sbin/kadmin.local
> addprinc user

An account that has a token in Kerberos and a record in LDAP is almost complete. The final step is to create a home directory for the user:

mkdir /home/user
chown user:user /home/user

The Kerberos protocol is heavily dependent on synchronized system clocks. We will use NTP to ensure our computers’ clocks are synchronized. Run ntpdate -u 128.101.101.101 to synchronize the server’s clock. Use /sbin/service ntpd start and /sbin/chkconfig ntpd on to ensure it stays synchronized.

As with LDAP, we want our Linux server to also act as a client, allowing network accounts to be valid on the server (note, you may want to restrict
accounts on the server later). On Linux, the PAM system provides a module to authenticate users using Kerberos. The command authconfig --enablekrb5 --update will configure PAM to allow authenticating against the Kerberos KDC.

We will now turn our attention to the workstation.

As before, we must set up NTP. Mac OS X provides a preferences applet to do this as documented in Figure 5.

Next, we will configure the Kerberos client libraries on the workstation. Edit /Library/Preferences/edu.mit.Kerberos to contain the following:

[libdefaults]
default_realm = example.com
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes

[realms]
example.com = {
    kdc = server.example.com:88
    admin_server = server.example.com:749
    default_domain = example.com
}

[domain_realm]
.example.com = example.com
example.com = example.com

The next step is to configure the login window to authenticate accounts using Kerberos. To do this, edit /private/etc/authorization. Search for system.login.console. Within the <dict> entry, look for the mechanisms <key> and, within it, the <string> containing authinternal. Change the string “authinternal” to “builtin:krb5authnoverify,privileged.”

Kerberos is now configured. The configuration may be tested using /System/Library/CoreServices/Kerberos. Click new and fill out the form with valid account information as depicted in Figure 6. You should be able to authenticate the user “user” against the Kerberos server.

File sharing

The final service we will configure is file sharing. We will support file sharing by using NFS version 3. Once again we will begin by turning our attention to the Linux server. The server will require the nfs-utils package.

Before starting the NFS service, we will configure a few of the daemons in the NFSv3 suite. Adding the following to /etc/sysconfig/nfs will ensure that the daemons listen on predictable ports, making the configuration of a firewall easier:

RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020

Start the NFS service using /sbin/service nfs start and /sbin/chkconfig nfs on.

The file /etc/exports determines which portion of the server’s filesystem is exported by NFS. The following will export /home on the server to both NFSv3 and NFSv4 clients:

/home *(rw,fsid=0,insecure,no_subtree_check,sync)

The command exportfs -rv will tell the NFS daemon to reread the /etc/exports file. This NFS export may be tested with mount server:/home /somedirectory.

Mac OS X does not yet support NFSv4. However, Mac OS X does have solid support for NFSv3, including an automounter. The NetInfo Manager may be used to configure the automounter and is found in Applications/Utilities. This tool is shown in Figure 7. To create a mount, select the mounts folder and create a subfolder named server.example.com:/home. Within this new folder, add the following properties and values by selecting Directory  >  New Property from the applicaion menu:

Property: dir        Value:  /Network/Servers
Property: vfstype    Value:  nfs
Property: opts       Values: net
                             -i
                             -P

The “opts” property has multiple values. These may be input by repeatedly selecting Directory  >  Insert Value from the application menu.

You may force the automounter to reread its new configuration using sudo kill -HUP `cat /var/run/automount.pid`.

The options we have specified will cause the NFS share server.example.com:/home to be mounted at /automount/Servers/server.example.com/home whenever the directory is accessed. In order to make this share available as a user’s home directory in /home, create a symbolic link:

sudo ln -s /automount/Servers/server.example.com/home /home

Now a user’s home directory will be mounted at login.

Conclusion

This article has described how to configure a Fedora Linux server to provide network authorization, authentication, and file sharing services. It has also shown how to integrate a Mac OS X workstation into such an environment. Linux provides a very powerful server platform. The combination of Mac OS X and Linux workstations creates an environment that may run a very wide variety of applications and will appeal to many different user requirements.

It feels good to be able to talk publicly about Yahoo's OpenID support (developer info). :-)

It's been in the works for a while and I was one of the early squeaky wheels poking people to see if we could get on board. You can see the official press release or the story on TechCrunch. But no matter where you read it, this is big news.

Both yahoo.com and flickr.com will act as OpenID 2.0 providers. That means starting soon any Yahoo! or Flickr user can sign in to an OpenID 2.0 enabled site simply using a reference to yahoo.com or flickr.com.

I've been a fan of OpenID for a long time--not just because of it's simplicity but because of the philosophy behind it. It puts more control in the hands of us: the end users. And it's another milestone in Yahoo! opening up more and more. In fact, I wrote about it almost exactly one year ago in The Tipping Point for OpenID.

Who knows. Maybe OAuth support isn't far off?

Oh, and before anyone jumps on me about this not being "full" (meaning bi-directional) OpenID support, I'm quite aware of that. Consuming OpenID is a different beast that can't happen overnight. Give it some time. I'm optimistic that we'll get there.

(comments)

Author:江枫 posted on Taobao.com

前面说到，Oracle9i中每个sub pool的空间下边界是128M，实践证明是偏小的，所以在Oracle10g中，这个边界被调整为256M，在Metalink的一篇文章(Note 396940.1)中还有一种说法，可能500M左右一个sub pool在10.2以后的版本中更加合适，不知道在Oracle11g中是不是对这个设置再次做出调整，因为没有足够的测试环境，我也没有试验。大家如果谁有试验出Oracle11g的sub pool边界大小，欢迎留言给出。Oracle10g的另外一个改进，就是为某些共享对象搜索可用空间的时候，如果在一个sub pool中找不到可用的chunk，可以切换到其他sub pool了，不过还不能做到所有类型的内存请求都能切换。而可以做到在不同子池间切换，对于单个子池空间不够的情况，应该算是比较彻底的解决方案，希望在以后的版本中能更进一步了。

最后介绍一个内部视图X$KSMSP，这个视图保持了每个chunk的详细信息，chunk可以分成四种类型(KSMCHCLS)：

• free：free chunks–未分配的可用chunk。
• recr：recreatable chunks–包含可以被临时移出内存的对象，在需要的时候对象可以被重新创建，如共享sql代码的内存。
• freeabl：freeable chunks–包含session周期或调用的对象，随后可以被释放。但是注意，由于某些中间过程产生的对象不能临时被移出内存(因为不可重建)。
• perm：Permanent memory chunks–包含永久对象.通常不能独立释放，像processes/sessions参数指定的数组控制结构。

如果是R-开头的如R-free类型，则表示该chunk是Shared Reserverd Pool中的内存片。

查看目前Share Pool中各类chunk的空间总体情况：

查看各个大小范围的free chunk的情况：

监控系统中ora-04031的报错情况(有些错不会在alert中报出来)：

X$KSMP视图在HP平台的某些版本中有bug，查询时可能导致系统挂起，慎用。也可以通过转储level 2级别的heapdump来获得类似的信息：

Add Comments(1)

Part 4 of this series covers installing Oracle 11g RAC on a 64 bit Windows system using Windows 2003 Service Pack 2.

Author:NinGoo posted on NinGoo.net

要理解SRC(System Resource Controller)，首先需要介绍另外两个概念：子系统(Subsystem)和子服务器(Subserver)。Subsystem是一组相关可独立控制的进程或者程序的集合，而Subserver则就是其中的某一个进程或者程序，一组相关功能的Subsystem则属于一个Group。SRC则是用来控制Subsystem或者Subserver的一个后台守护进程。对于各个Subsystem的启动，停止后者查看状态都提供了统一的接口，有点类似于windows里的net start/net stop命令来控制windows的服务的意思。SRC可以控制本地或者远程系统。

SRC的守护进程是/etc/sbin/srcmstr，通过/etc/inittab随系统自动启动。

启动一个Subsystem或者Subserver使用startsrc命令，如果要启动的Subserver所属的Subsystem没有启动，则在启动Subserver前会先启动对应的Subsystem。

相应的停止Subsystem/Subserver使用stopsrc命令。

如果某个Subsystem的配置发生变更，则可以使用refresh命令来刷新服务的状态，而不需要先停止再启动。

lssrc则可以查看Subsystem/Subserver的运行状态，例如，在AIX5.3上运行该命令的结果如下：

查看所有Subsystem

查看某个Subsystem

查看所有Subserver

查看某个具体的Subserver

具体每个命令的用法和参数请参考man。除了命令行方式，也可以通过smit来管理subsystem和subserver

Related Articles

• AIX 5L errpt错误报告
• AIX下遭遇TNS-12531
• AIX 5L网卡管理与配置

Add Comments(0)

©作者：eygle 发布在 eygle.com

6.Piner与Piner的新书《构建oracle高可用环境-企业级高可用数据库架构、实战与经验总结》
在这次年会上，如愿看到了Piner的新书，这是一本期待已久的好书，从目录上就可以看出其不凡的价值所在。

很早就知道Piner在计划这本书，他也曾经向我询问过出版相关的事宜，在5月份去杭州参加阿里的英雄大会时，和Piner仔细聊过出版的事情，恰逢博文视点的周老师也在现场，我就介绍他们一起聊聊出版，大家一见如故，于是就有了后来Piner和博文视点的合作。

1月12日中午我到达年会现场，已经过了午饭时间，会议组织者马上拉我去吃饭，找了一张桌子坐下来，四处寻找熟悉的面孔，看到了Biti、Yangtingkun、DCBA等一些老朋友，然后Piner过来，我们在一个桌子上就聊起他的新书。上楼以后到他的房间，我和DCBA分别抢了一本新书。

拿到新书第一感觉是质量很不错，博文的排版、印刷都很到位，版式也有国际风范，很让人满意：

作为一个作者，我深知写作的不易，理解一个技术是一回事，写到纸上完全是另外一回事，而传达到读者那里就又有所不同。写一本让自己和读者都满意的书是非常不易的，Piner的这本书从写作到审稿定稿，数易文稿，实是倾力制作。而这本书中传达出来的作者在Taobao网的工作经验就更为宝贵。

我最关注书中的一篇是监控体系篇，我自己的团队同样维护这一系列的数据库系统，如何部署一套高效可靠的监控系统也是我们在不停摸索的内容之一，早就闻听阿里有一套成熟的监控维护体制，Piner在这本书中为我们揭秘了这套系统的运行机制。

可以学习的内容有很多，要慢慢阅读，唯识一点：作者费尽心力，读者揣摩研读，必有所获！

另据作者称，他最强的技术不是Oracle，而是斗地主，如果有市场，他就准备写一本斗地主的书:)

。。。未完待续。。。

相关文章|Related Articles

• ITPUB电子杂志第十期-诊断案例专刊出版
  
• 中国IT技术精英年会纪事之二
  
• 中国IT技术精英年会纪事之一
  
• 中国IT技术精英年会第一天
  
• 2008中国IT技术精英年会及杰出贡献奖
  

评论数量(3)|Add Comments

本文网址：http://www.eygle.com/archives/2008/01/annual_mem_piner_book.html

从12月底开始，公司就开始了各行业总经理和分公司总经理的2007年度工作总结会和2008年度的工作规划会。解决方案部作为销售的第一支持部分，需要全程参加所有的会议。

这半个多月基本上都是会议中度过的，正常的技术工作只能晚上在家加班干，人员招聘也基本上被我推到了下周。不过也没有办法，只有人事计划确定了，新员工才能入职。原定的北京、上海、深圳、南京、南宁等地区售前和售后还有将近20个名额，估计还得好长时间才能到位。技术人员太难找了。想来UIT的朋友可以发简历给我，从入门水平到高级顾问都有空余职位。

呵呵，这几天没事别找我，因为我不是在开会就是在准备开始的内容，忙着呢。

明天下午公司开年会，我是男主持人，现在正在准备主持词，好多年没搞过这种事了，而且女主持人和我不是一个风格，想要搞出一台搞笑版的晚会有难度啊。

• 123

网站: JavaEye  作者: robbin  链接：http://robbin.javaeye.com/blog/157104  发表时间: 2008年01月17日

声明：本文系JavaEye网站发布的原创博客文章，未经作者书面许可，严禁任何网站转载本文，否则必将追究法律责任！

http://www.dbanotes.net/arch/douban_web_server.html

在老冯同学的博客上看到的文章。里面介绍说豆瓣网站的情况如下：

一台Web服务器运行Lighttpd，每天处理2500万个request，峰值每秒处理1000个request；
一台应用服务器运行Python，每天处理500万PV；
数据库服务器运行MySQL，负载情况没有介绍。

我对比了一下JavaEye网站的服务器运行情况，我们是一台Web+应用服务器，一台数据库服务器，如下：

Web服务器运行Lighttpd，每天处理430万个request，峰值每秒处理150个request，平均每秒处理50个request；
Web服务器运行Ruby 1.8.6 + Rails 1.2.6，每天处理70万动态请求(去掉404，301状态的请求，只统计200的)，如果算PV的话，去掉RSS订阅请求，AJAX请求，估计PV在60万左右；
数据库服务器运行MySQL，CPU负载不高，在5%-30%之间波动。

豆瓣的Lighttpd峰值每秒处理1000个request，到不让人觉得意外，因为Lighttpd本身就是设计能够并发处理上万个request的。但是豆瓣用单台服务器支撑500万动态请求，确实是很惊人的数据！看阿北介绍说，豆瓣的应用服务器是一台单颗双核AMD Opteron，JavaEye的Web服务器是两路老的单核的AMD Opteron，主频是2GHz，豆瓣的应用服务器是新的单颗双核AMD Opteron，主频不详。

目前JavaEye的Web服务器运行Lighttpd，Memcached，Email Server和Ruby的FastCGI，除了ruby之外，其他应用消耗的CPU资源都极少，Web服务器在峰值期间的CPU负载在35-50%之间波动，非峰值期间回落到20-30%。假设应用程序不做针对性优化，我估计这台服务器可以支撑到100万到120万PV，但要更高就很困难了。不过JavaEye要达到这样的访问量，估计还得一年时间。到那个时候再想办法也不迟。不过设想到这样的程度，我到宁愿加一台服务器立马解决问题，而不是投入人力去费时耗力的优化程序代码。

豆瓣使用的Python性能要比Ruby好很多，但即便如此，在同样硬件条件下，用Python支撑到500万以上，也是非常困难的，可以想像的是大量运用了页面的局部缓存，以及对程序和框架的优化达到了极致，这一点，不得不佩服豆瓣的技术人员的性能优化水准和所下的功夫。

不过，对于豆瓣只用一台应用服务器支撑500万PV，我觉得没有必要。豆瓣有2000万人民币的投资，增加一台服务器一次性开支不超过1.5万，每年托管费多支出0.5万而已，九牛一毛。但在今天一个资深程序员月薪都要超过1.5万的情况下，为了节省这点钱而需要对应用程序进行深度优化而投入的人力成本，远远超过2万元。豆瓣新版本刚上线的一段时间之内，网站访问速度非常缓慢，最近速度慢慢的提升上来了，似乎也从侧面证明了这一点。干吗不多部署几台应用服务器，让用户从一开始就享受良好的速度体验呢？而用一台应用服务器支撑，等着优化程序代码来提升访问速度呢？CSDN网站每天有600多万访问量，比豆瓣的访问量略高一些，CSDN有30多台服务器，其实服务器少不见得就有多好，服务器多也不见得就是什么坏事。用投入硬件的方式可以解决的性能问题，总是会比软件优化方式来得成本低。
本文的讨论也很精彩，浏览讨论>>


JavaEye推荐
中国领先的电子商务网站－淘宝网招贤纳士，诚聘Java工程师

Chris Riley is a web developer from the UK. In his spare time, he likes to mess about with various web APIs to create interesting and useful mashups.

If you’re like me, you probably have a blog and use Google Analytics to track visitor activity. If you’ve not already got one, you probably want a “Most Popular Posts” section on your blog as it’s a great way for new visitors to find your best content. The only problem is that this would usually have to be hard coded, and would therefore need updating periodically after you’ve checked the “Top Content” report in Google Analytics, or it would require some server-side scripting and a database to track your page views and show the links dynamically.

Wouldn’t it be great if you could somehow use Google Analytics to display the “Most Popular Posts” section on your blog automatically? That would be a huge time-saver for you and would make it much more useful for your visitors as it would always be up-to-date. Unfortunately, Google Analytics doesn’t have an API, but here’s a method that doesn’t involve any server-side code or screen-scraping. All you need to do is use a few existing free services from Google and Yahoo and a bit of JavaScript.

Basic Method

1. Obtain the tracking data in a usable format – We can schedule Google Analytics to email this as an XML file on a regular basis.
2. Make the XML file accessible online – By emailing an attachment to Google Groups, the file is automatically given a public URL.
3. Work out the URL of the most recent report – Since Google Groups provides RSS/Atom feeds for all messages, we can easily find the URL of the most recent message and therefore work out the URL of the XML report.
4. Prepare the data for use – We need to manipulate the XML and massage it into a handy JSON format that we can use on our blog, which can all be done using Yahoo Pipes.
5. Display the links on your site – With just a bit of client-side JavaScript, you can finally add a self-updating “Most Popular Posts” section to your blog.

There you have it! Using your own Google Analytics data, you can create a completely automated way of displaying your most popular posts to your site visitors.

If you’re interested in exactly how I did this, the rest of this post expands on each step and take you through the entire process...

Setting up the Google Group

Since Google Analytics doesn’t provide an API, or allow you to link directly to any exported reports, we’ll use a Google Group to host the files which we’ll schedule Google Analytics to email to us. When you setup your Google Group, choose the Announcement-only option. Once created, under the Group settings menu item, select Access and make sure that Anybody can view group content, Do not list this group and People have to be invited are all selected. This is so that no one else can post to the group, which would cause issues when trying to retrieve the Analytics message. Keeping the group unlisted makes it less likely for someone to stumble across your Analytics reports when searching Google Groups. Although it would be preferential to make the group private, this would prevent public access to the feeds for the group, which we’ll need later.

While we could email our reports directly to the Google Groups email address, each message would then contain an “opt-out” link because it’s not the email address we’ve got registered with Google Analytics. Given that our messages will be publicly available, we’ll be using Gmail to forward the messages from the same Gmail address we use for Google Accounts so that if anyone manages to find the Google Group, they can’t stop our scheduled report. Simply create a new filter, looking for any email with Analytics in the subject that has attachments and have Gmail forward the email to your Google Group. (You can choose to “skip the inbox” so you don’t have automated reports cluttering up your inbox too.)

Setting up Google Analytics

In Google Analytics, under the Content section, view the Top Content report and change Show rows from 10 to 50. (You can’t configure how many results to include in your report any other way; it just remembers the last setting you selected.) Now click the Email link button near the top of the page, beneath the page title. Select the Schedule tab, change the report format to XML, set the date range/schedule to Monthly (unless you have a really active blog, then you might want to keep it on Weekly) and click the Schedule button at the bottom. Just to test everything, select the Send Now tab, choose XML as the format and click the Send button.

If everything worked correctly, after a few seconds your Google Group should have a Top Content XML report in it! :o)

Yahoo Pipes

You’ll need to find the feed URL for your Google Group. You can get this from the XML button at the bottom of your group homepage. Choose one of the New messages feeds, copy the URL and head on over to Yahoo Pipes...

For those that don’t know, Pipes is a really powerful service provided by Yahoo that lets you fetch data from all over the web and perform various operations on it, resulting in new or altered XML feeds / JSON output being created, all done using a funky graphical interface – not a line of programming code in sight!

A screenshot of the Pipe being used.

The Yahoo Pipe I’m using can be found here. If you’re familiar with Yahoo Pipes, feel free to view the source, clone this pipe and use it as the basis for you own implementation. For those not familiar with Yahoo Pipes, here’s a brief rundown of what’s happening:

• Grab the Google Groups XML feed and truncate it to leave us with the most recent message.
• Take the message URL and modify it to give us the URL of the XML attachment (basically replaces “msg” with “attach” and appends “?part=2”).
• Select the report data from the XML attachment and filter out any links we don’t want to include.
• Finally, using the filtered links, fetch each blog post from the website to retrieve the page title for use in the link and truncate the results to return only the top five.

The result is a JSON file containing the top five most popular blog posts based on the most recent Top Content report sent from Google Analytics to the Google Group.

Displaying your “Most Popular Posts”

The final step is to take the JSON file returned by Yahoo Pipes and display the contents on you website, which can be done using some client-side JavaScript similar to this:

(Basically, we’re making the pipe execute a JavaScript function on the web page by using a callback on the JSON URL. To learn more about JSON visit the Yahoo Developer Network’s JSON overview, or the official home of JSON, JSON.org.)

Conclusion

This is a simple way of making your Google Analytics data available to use in your own web pages and applications. There are obviously some privacy issues, as your report data is available for everyone to see on Google Groups (which can easily be found by doing a quick search) but if you think that’s a worthwhile trade-off for being able to have a maintenance-free top posts section, then the world is your oyster...

And you’re not just restricted to displaying your most popular posts. You could also use a similar technique to display your top keywords, referring sites, geographic locations, browsers... and anything else which you can find in Google Analytics!

Have fun mashing up your Google Analytics data!

[By Chris Riley | Origin: No Google Analytics API? No Problem! | Comments]

[Advertisement] Search Engine Meeting, Boston, 28-29 April 2008   [Advertise here]

前一篇文章裡所提到DreamHost 扣錢事件，在經過一天之後，使用者抱怨已經增加到一千多則，Dreamhost 也在稍後在官方部落格上發表了一篇文章說明事件發生的經過。

簡單來說，就是有個傢伙在跑扣款程式時，跑到了 2008/12/31 的扣款日期。他本來是要把新年假期沒扣到的帳扣回來(因為某些機器升新版的緣故，所以有一些帳戶沒正常扣到款)，所以手動讓程式計算在 2008/01/04、2008/01/13…到 2008/01/01 這些日子裡應該扣款的帳戶。跑完之後，因為不確定沒正常扣到款的現象是從什麼時候開始，他又繼續跑了 2007/12/31 ~ 2007/12/25 這些日子。

此時，慘劇發生了。

他把 2007/12/31 打成 2008/12/31了。這導致扣款程式去計算 2008/12/31 前要扣款卻沒有扣的帳戶，然後造成了一口氣扣到 2008 年底的慘劇，所以我才會發現自己一口氣被扣了12 次…也就是一年份的錢。從程式的觀點來看，這表示該程式並沒有針對執行時所設定的扣款日期作詳盡的檢查，這個程式應該在使用者輸入「未來的扣款結帳日」時，給予適當的檢查並回覆適當的錯誤訊息 (或進一步的確認訊息)才是。不管如何，錯誤已經造成。

而根據 Dreamhost 的統計，這一口氣多扣的結果，他們總共多扣了用戶 USD$7,500,000，也就是七百五十萬美元，折合台幣兩千四百多萬兩億四千多萬!! (這也大概透露了 Dreamhost 一年總營收的基本數字)

現在，在經過一天之後，他們聲稱已經跑完「退款」的程式，我檢查了我 DreamHost 後台裡的資訊，原來多付的120塊美金已經消失無蹤，好像一切事情都沒有發生過。同時，我也接到了一封來自 DreamHost 的通知信，告知我的錢將會被退款，並且表達了歉意：

Hi MXXX-HXXX!

Ack. Through a COMPLETE bumbling on our part, we’ve accidentally attempted
to charge you for the ENTIRE year of 2008 (and probably 2009!) ALREADY
(it was all due to a fat finger)!

I’m really really realllly embarassed about this, but you have nothing
to worry about. Please ignore any confusing billing messages you may have
received recently; I’ve already removed all those bum future charges on
your account (#2XXXXX1) and already refunded the $109.45 charge on your
credit card.

You should get the money back on almost immediately, within a day or
two max, and there’s no need to contact your credit card company or bank
for the refund.

Again, I feel terrible about this whole thing.. there will be a blog post
soon at blog.dreamhost.com fully explaining how this bug was even allowed
to happen..

Thank you very very much for your patience with this.. we PROMISE
this won’t happen again. There’s no need to reply to this message unless
of course you have any other questions at all!

Sorry again,
Josh!

至於我的信用卡方面，我上網查了一下，目前還沒有 Dreamhost 扣款/退款的紀錄進來，可能跨國交易要數日後才會顯示在我的帳戶資料上。希望到時會有正常的扣款/退款紀錄…..至於 DreamHost 會不會有後續的補償措施，根據他們過去的紀錄，我並不抱持著什麼希望…..

The rumor last week was that Google (as well as Verisign and IBM) were mulling over the idea of joining the OpenID 2.0 single sign-on framework. But the real news comes today, as Yahoo and its roughly 250 million user IDs officially jump on the bandwagon. Today, there are only approximately 120 million valid OpenID accounts. In one move, Yahoo more than triples that number.

The service will be available in public beta on January 30, says Yahoo, and will allow users to log in to more than 9,000 OpenId compliant websites with their Yahoo IDs. Yahoo will also be integrating their Sign-In Seal feature, meaning users can view an uploaded image before giving over credentials - the feature is widely used by financial institutions and is designed to reduce the effectiveness of phishing attempts.

Yahoo is also announcing that both Plaxo and JanRain will allow Yahoo OpenID sign-ins from January 30.

“This is just the first step in working with OpenID,” Yahoo Director of Membership and Registration Raj Mata said to me on a phone interview yesterday. But he would not confirm when (or if) Yahoo would also become what is called a “relying party” (allowing users with third party OpenIDs to log in to Yahoo). He did say that the goal was to move in that direction, but gave no further guidance.

More information can be found at openid.yahoo.com. Screen shots are below.

Crunch Network: CrunchGear drool over the sexiest new gadgets and hardware.

[Ed: This post is edited by Josh and co-published on ReadWriteWeb.com. Here is the original post.]

According to latest report from China Internet Network Information Center (CNNIC), by end of 2007, there are over 200 million Internet users (including 163 million broadband users) in China. 2008 must be a very busy year for Chinese Internet, and the Chinese market seems a heaven for Social Networks. You can find QZone which is owned by Tencent with the support of QQ’s over 220 millions active users; some alternatives are also available, such as 51.com which proclaims 160,000 new users daily; Linkist and Wealink are two popular professional networks based in shanghai; Tianji.com is another professional networks based in beijing and it has partnered with Viadeo, one of the world’s largest online business communities to create a premier business platform for online networking between China and Europe; Xiaonei, Zhanzuo and many others are sharing the campus social networking market. With the massive user base, of course the Chinese market is one of the most attractive place to the western networks. MySpace has set up its office in Beijing; Facebook might acquire a Chinese SNS, Fenbei.com and surely will have local presence in 2008; Friendster expects the same success story in China as they did very well in south-east Asia market. Xing, a professional network from Europe has set up its office back in 2005; Last.fm is trying to be more localized in China to compete 9Sky, Yobo, 8box and so on. 

So it seems that Chinese Internet will be no any fun without these web2.0 Social Networks? But it is actually not that right. If QQ is the first Internet experience for Chinese netizen, then you might ask what service is the second? It is not those web2.0 concept social networks, you should be surprised, it is the rather traditional Bulletin Board System (BBS) actually played a very important role in Chinese Internet life. In China the registered BBS users have reached 3000 million (one netizen might register himself in more than one BBS); 80% of Chinese sites are running their own BBS and the total daily page view is over 1600 million and 10 million posts are published every day. We are writing this article to show you this undiscovered Chinese Internet phenomenon. To understand more about why BBS can be such a heat in  China and how it will co-exist with the modern social networks, we also interviewed Kevin Day the CEO and founder of Comsenz Inc., owner of Discuz!, the first ever social platform - a BBS system in Chinese Internet. More than 400,000 BBS sites are built on Discuz! system nowaday in China, in other words, Discuz! now takes over 70% Chinese BBS market. 

The Phenomenon of Chinese BBS

According to a report produced by iResearch Consulting Group in 2007, In China around 36.3% users spend 1-3 hours on BBS, about 44.7% users spend 3-8 hours and even 15.1% users are on BBS for more than 8 hours a day. Over 60% of users will login at least 3 BBS more than 3 times each every week.

So what are the primary purpose for Chinese to log on the BBS, report says finding a solution, discussing topics, browsing information, and sharing the life experience are the top 4 motivations. 98% of users have been more or less contributed to their BBS by publishing articles, replying a post, participating a vote, etc. The users trust BBS mainly because they think the information there are usually first-hand, updated frequently and environment of the virtual communities are comfortable.

Chinese BBS life have apparently extended to the real life. The report also says 64.5% users have been attended some offline events organized by BBS administrators or users. More than 80% users are using BBS to search for the information of the product they plan to buy and 61.7% users are keen to ask other BBS users for opinion before make the purchase. 47.3% users have bought products directly from the BBS, which implies the BBS are also becoming an important form of e-business.

The screenshot below shows a BBS set up by the fans of Jinglei Xu, a very famous Chinese celebrity and blogger. This site has over 65,420 registered users, and you can find thousands of online communities like this one built on BBS.

The History of Discuz!

If you ever log onto a Chinese BBS site, most likely it is built on the Discuz! system. Discuz! was first developed by Kevin when he was at his first year in university. In 2002, the first version of Discuz! was sold to a HongKong based company; In 2003, Kevin decided to discontinue the student life and founded Comsenz Inc. in 2004 in Beijing. Discuz! was soon widely accepted by the Chinese users and become a commercial software. In 2005,  Comsenz Inc. partnered with Zend and established the Zend China support center. Later in 2005, Kevin announced the open source of Discuz!, which is described by the local media as an earthquake to Chinese software industry. Comsenz Inc. got its first round fund around $10 million from Sequoia Captial, Morningside and Google in 2006. Now Comsenz Inc. has grown to a household name with 200+ staff and offer a serials of products, including Discuz! (bulletin board), X-Space (social Network platform), SupeSite (content management system), ECShop (open source B2C and C2C system) and SupeV (online Video-sharing system). It is also running a few Internet services including a free forum hosting service 5d6d, a free B2B shop hosting service Maifou and a community advertising network Insenz. Kevin is now only 26 years old but he has been publicly recognized as the one of the most outstanding entrepreneur born in 80’s.

The BBS and Social Networks

With 70% Chinese BBS built on Discuz! system, Kevin is obviously the key guy who created this phenomenon. The first question we asked him is that why the BBS has been so popular in China. “The first Chinese BBS was probably set up back in 1997. Like Email, BBS is one of the first Internet services recognized by Chinese netizens. Chinese like the communities, they are normally a bit quiet in real life but in Internet they love to express their opinion and to follow up some discussion of hot topics. BBS provides a perfect and easy-to-setup show stage for everyone. BBS has evolved as a media platform, it is not the main stream media yet and might never be in China, but the latest and hottest news are always from various forums, spread and  discussed by millions of users.” Kevin said, “Take a look at how fast the blog grows in China, you will understand my point here. The BBS users are more mature, they are mainly at the age of 20 to 40, well-educated and with various professional background, and their contribution to all sorts of forums make BBS a valuable information source.”

So we asked Kevin: “how you see the development of BBS and SNS in the web2.0 era. Will SNS be a replacement of BBS in China?” Kevin shared with us his views on this: “BBS will not be replaced by SNS and they will not be the competitors to each other either. BBS is a must-to-have application in SNS, at least in China. The features of BBS can help the social network users to exchange their ideas efficiently. On the other hand, SNS is a people-centric networking platform but BBS is a topic-centric platform. SNS is to map the social relationship in real life into the cyber space, which in my opinion is one of the reasons people love Facebook; But BBS is there for users to follow the hottest topics and expand your social experience virtually. In BBS, people goes there because they are interests in the topics, and whom they communicate with are not really matter.”

The Monetization of BBS

The global web2.0 market is still struggling to seek the best way for the monetization, but it seems BBS service already found its way to drive the revenue. Kevin introduced us his Insenz, a BBS-based marketing service which have been launched for half a year. It sounds like a very Chinese version of Google Adsense/AdWord services. If you are running a BBS focusing on the mobile phones market, you can join the Insenz advertisement campaign and allow the mobile phone related ads or articles posted on your BBS. Insenz’s customer are from all sorts of industries, car manufactures, telecommunications, IT companies etc. Insenz will monitor the user feebacks ( e.g. how many replies to the article, how many times the post has been viewed, etc) during the campaign and the final report is a very valuable and first-hand marketing information to its customers since Chinese so indulge in the BBS. The revenue from this campaign will be shared by Insenz and all the participate BBS sites.

Of course Insenz takes the advantage of Kevin’s Discuz! kingdom. But actually in China Insenz is not the only one offering this service. Daqi.com which started as a portal service is now also taking the advantage of the phenomenon of BBS for marketing purpose. Instead of distributing ads across the forums, they invented a technology to help gathering and analysing the discussion on the products of their customers. Daqi has closed its second round fund from WI Harper in 2007.

Conclusion

An universal BBS search engine will be definitely more valuable than blog search in China, even though Kevin said that he would not bother to do this simple because he think the search engine giant Google or Baidu have better technology to implement this. It seems that Google China has finally understood the Chinese market right, they took a stake of Tianya.cn a very popular BBS-based social network with 6+ million registered users and 200,000 online users daily. So should we suggest MySpace, Facebook etc to enhance their BBS features when they are in China?

Also in China, none of these new Internet companies has turned the web2.0 into a significant cash flow. But Comsenz Inc. certainly achieved this. Another story is also astonishing. No one would consider Alibaba.com a Chinese e-business portal as a web2.0 service. However, it is expected that it will be in net profit next year to 1.02 billion yuan ($136 million), and a 44% increase in 2009 to 1.47 billion Yuan ($196 million).

So what have you learned? Definitely lots for us to think.

Share This