{"id":374,"date":"2017-01-20T00:23:02","date_gmt":"2017-01-19T22:23:02","guid":{"rendered":"http:\/\/www1.ngtech.co.il\/wpe\/?p=374"},"modified":"2017-01-20T00:31:12","modified_gmt":"2017-01-19T22:31:12","slug":"when-is-the-kid-considered-stable-squid-3-5-234-0-17","status":"publish","type":"post","link":"https:\/\/www1.ngtech.co.il\/wpe\/2017\/01\/20\/when-is-the-kid-considered-stable-squid-3-5-234-0-17\/","title":{"rendered":"When is the kid considered stable? – Squid 3.5.23+4.0.17"},"content":{"rendered":"

When is the kid considered stable?
\nOr
\nWhen is the software stable enough?<\/h1>\n

\"\"<\/h1>\n

I am not developing software daily\u00a0but it seems that the inner debate on the stability of our different “kids” and fruits of work is always there. Every time when I consider something as stable enough for production some other voice adds a doubt on the stability of a software.<\/p>\n

Specifically, in the squid-cache and the open-source world the question is always on the board or the desktop. The source is open to everyone to find the next bug. Some are happy with what they have already while some expect the equivalent of a Ferrari.<\/p>\n

When I am writing a software, I am doing my best effort to write it with the main goal that human lives can be entrusted to this software. One of the reasons why I am trying to meet such a goal is that in real life I try to do the same. When someone asks me a question or turns to me with a request or a\u00a0word, I know that he asks for a reason. There is no chance in the world that the occasion is a result of only “A series of of unfortunate events”. I was asked in my past couple times “Why do you bother to answer?” and the answer is the simplest: the sanity of the other party is in my hands.<\/p>\n

Sometimes a REDIRECT is the right answer but never DROP or REJECT. These are the actions of “war” and when we are talking about HTTP in general there is a war out there. \u00a0I had the choice in the past to work in couple layers of the Internet from the hardware to the application and I choose to invest lots of time on layer 4 and above.<\/p>\n

There are many tools in this warzone and\u00a0every time that a new tool is in use it get’s it’s own life cycle. The issue is that it takes time for every tool to become mature enough to serve different purposes.<\/p>\n

Squid 3.5 is already in use by many users and admins for a while and is considered Stable for a very long time, but now aging start showing up. \u00a0There are different levels of maturity but the basic one is a period of 30 days uptime. We do expect more but a restart once every 30 days without any crash would be considered stable.<\/p>\n

For now I am\u00a0in the hunt for fatal bugs on the 3.5 series. The reason for this is to measure the maturity of the the branch!<\/p>\n

Lately I have been working on couple tools and one of them is a library for distributed rate blacklists querying and blocking. Using this library\u00a0I wrote\u00a0an external acl helper for squid that\u00a0can help many\u00a0admins to use OpenDNS and Symantech or other internal DNS Blacklists.<\/p>\n

The library sources can be found at:
\nhttps:\/\/github.com\/elico\/drbl-peer<\/a><\/p>\n

And in binaries package at:
\nhttp:\/\/moodle.ngtech.co.il\/drbl-extacl\/<\/a><\/p>\n

squid.conf example of usage:<\/p>\n

external_acl_type dnsbl_check ipv4 concurrency=200 ttl=15 %DST %SRC %METHOD \/opt\/bin\/squid-external-acl-helper -peers-filename=\/opt\/bin\/peersfile.txt
\nacl dnsbl_check_acl external dnsbl_check
\ndeny_info http:\/\/ngtech.co.il\/block_page\/?url=%u&domain=%H dnsbl_check_acl<\/p>\n

http_access deny dnsbl_check_acl<\/p><\/blockquote>\n

Example of peersfile.txt:
\nhttp:\/\/moodle.ngtech.co.il\/drbl-extacl\/peersfile.txt<\/a><\/p>\n

The syntax of the above file is:
\ntype<space>address<space>path(for http services)<space>port<space>rate for the host(uint)<space>address which will indicate a blacklisted domain with spaces between them.
\nThe type options are:<\/p>\n