the djb way


the djb why?

introduction

This site is about something called the djb way.

Mostly it is about the details of installing and using certain network programs and utilities --such as for email, DNS, and web serving-- that may help you craft the perfect server for your network.

The idea of "perfect" here is for you to decide. Whether this means reliability, security, performance, portability, scalability, flexibility, ease of use and administration, cost-effectiveness, any and/or all of the above, these characteristics are central to the principles and software embodied in the djb way.

For the most part, the djb way simply means installing and using the freely available software published by Daniel J. Bernstein. This site describes how to install, configure, and administer several of Bernstein's packages, such as daemontools, djbdns, and qmail. We also include a growing body of information about software written by others who may be said to follow the spirit of the djb way, whom we refer to as djb "friends".

So most of the material in these pages is simply devoted to the hands-on particulars and practices of the djb way, what might be described as the djb what, the djb where, the djb how. Before we get started, though, we'll essay here a bit on the djb why. That is, why would you want to use any of this djb stuff anyway?

the unix way

In the first place, the software of djb and friends is freely available and OS agnostic. You can use it on just about any operating system on any computer hardware you choose.

Just as long as it's Unix.

That's not as limiting as it might sound (except for you, Billy). In fact, the opposite: within the world of Unix and Unix-like operating systems, one may find an incomparable range of choice and power. This range extends to the many freely available open-source variants such as Linux and the BSDs (FreeBSD, NetBSD, and OpenBSD). It also includes the commercial Unices, from vendors including Sun Microsystems, IBM, and Hewlett-Packard. Even Apple devotees may now get in on the act, as the latest generation Mac OS-X is now "Unix-based" (on FreeBSD) and may serve as a fine platform for the djb way.

These systems are everywhere and can be run on devices as tiny as the little Soekris single board computers, to rack-mounted blade servers and the "big-iron" mainframes of research and industry.

No matter what package it comes in, these Unix and "Unix-like" systems provide the essential levels of security and reliability that Bernstein demands for programming and networking services. This is because Unix has undergone over 30 years of continuous refinement and development, over three decades of collaborative attention from the best and brightest computer scientists around the world.

Some of the features of "the Unix way" that have made it into such a successful and durable system include:

simple

A Unix system is comprised of many smaller, simple programs and utilities, each performing a specific task in a focused and well-defined way.

flexible

The components of a Unix system are designed to easily work together, so that complex tasks may be accomplished by "plugging together" the tools and utilities the system provides, without having to reinvent wheels for each new task.

reliable

A Unix system is purposefully designed to run unattended day-in, day-out for months on end without fail, so its components must be stable and perform without side-effects that could compromise other parts of the system or network.

Unix was originally developed by AT&T/Bell Labs to run their huge network of telephone switches across the U.S. The scope of this task, and its demands for reliability and performance, are truly awesome. Yet in a delightful convergence of technology and economics, all of the big-iron power of Unix is today freely available for easy installation on any inexpensive personal computer, including laptops and handhelds. This means anyone can harness the power and reliability of Unix and use it for whatever purpose is desired.

So, first and foremost, the djb way is a form of practicing "the Unix way", and tapping into all of the virtues and capabilities these systems deliver.

djb why?

Every system mentioned in the last section --including the BSDs and Linux distributions-- usually comes ready to go with a suite of networking software, already providing for the needs of the average server.

So for email you will usually find sendmail, for DNS you will find bind, the web server will be Apache, and other pre-compiled software to build and run a server will be tossed in the salad with your basic installation.

In contrast, the software of djb and friends is generally not included with the operating system. The djb way means downloading, compiling, and installing software in addition to the base operating system.

The question then is, "why bother?" Why not just use the software that comes with the system?

Stating the obvious, the purpose of building a server is to provide one or more services. Now, building a server may be interesting, and some of us find all this network infrastructure stuff very cool. But let's face it: servers just aren't very glamorous. These are just dull-looking metal boxes that sit on a shelf, tucked away someplace in a corner or a closet. Mostly you just want them to work, to do their job without complaint or trouble.

Excitement is what you don't want.

Excitement comes when a hacker breaks into your system and uses it as a spam relay. Excitement comes when your mail server unexpectedly dumps core and corrupts users' mailboxes. Excitement comes when your website is blocked. Excitement is a crisis. It always occurs at the worst possible time.

Unfortunately, the standard server software delivered with most systems has an ongoing history of excitement. Although built for Unix systems, much of this software has inexplicably veered from fundamental Unix design principles, to become monolithic, complex, and unreliable. Great if you are seeking thrills and the latest security advisories, otherwise an unrelenting pain in the ass.

In contrast, what you will find on the djb way is a lack of excitement. Your servers just run, you practically forget they are there. Trouble-free, no-hassle, no surprises. No excitement. With the djb way, you can do other things with your life and find your thrills elsewhere.

And so the top three attributes of the djb way:

reliability

The reliability of djb software is proven and robust. It doesn't burp, belch, cough, or spit-up. It runs and runs, smoothly, month after month, just doing what it is supposed to do. Nothing more, nothing less.

security

djb software is notoriously secure. Bernstein even offers a security "warranty" for many of his packages: a $500 reward out of his own pocket for anyone who identifies a vulnerability. Now there's an offer you don't get everyday! Yet most of the packages described here have been deployed on thousands of sites for several years --plenty of time to be examined, stressed, and shaken-- without incident.

performance

The performance of djb software is outstanding. That is, fast. It's faster than your average office server will ever really need. qmail can process hundreds of thousands of messages per day. djbdns can serve millions of IP addresses. The cdb database is on the order of 100 times faster than other hashing databases. Bernstein and friends code in plain, unadorned C, stripped to the bone and close to the kernel, maximizing every clock cycle. djb is simply the software of choice when performance matters.

Now: the djb way --this site-- is about going beyond the simple replacement of individual software packages with djb alternatives. Although there are certainly the discrete advantages in doing so --say, replacing bind with djbdns or sendmail with qmail-- the way bigger hit comes from using djb software in the aggregate, using as much of the incredible Bernstein archive as possible. That is, as one gradually adopts more and more software from djb and friends, one derives huge benefits from a uniform framework, methodology, and mindset spanning all services.

These benefits may be experienced in:

Your whole server environment will grow to develop a familiar set of procedures and idioms. Instead of needing to figure out and remember lots of different "ways", you simply get the hang of the djb way.

downsides

Where there is so much light, one may be certain to find a few shadows. The djb way does have a few limitations and drawbacks:

That's about all the downsides we can think of right now. If we come up with any more, we will be sure to add them.

freedom from religion

The perfect server is the one that works best for your particular network and the services you want to deliver. The djb way is but one of many possibilities toward this goal.

We live in abundant times. In terms of software alternatives, a thousand and one choices are at our disposal. We have freely available, open-source operating systems, compilers, programming languages, and applications. Meanwhile, networking and information technology is supported by a growing number of collaborative, open standards and protocols. These allow us --if we choose-- to communicate and exchange information seamlessly in a borderless world. And they allow us the freedom to design and select conforming solutions that are effective, reliable, portable and sustainable, for just about any particular platform and operating environment we choose.

This is fat city. We love it all! We love the quality, the variety, the creativity, the genius, the freedom of expression. We love the freedom of information and the freedom of choice. We love the source code, we love the permissions that developers give us to use their work. We love GNU, Linux, the BSDs, and all their respective LICENCEs; yes, we even like the djb take on copyright. We respect and admire all those dedicated to the effort of providing and advancing information technology throughout the world. And we hold in the highest esteem all those who make their efforts freely available for the collective benefit of all.

At the time of this writing we happen to be living in Kampala, Uganda. There is something of an escalating religious war going on here now, and our house feels like it is caught in the crossfire. On one side are the evangelical Christians, broadcasting their frenzied proceedings over loudspeakers blasting at full crank. In response, the many mosques boost their own amplifiers with screaming calls to prayers at all hours, and recitations of the Koran that seem interminable. The result is more than unpleasant; there is no peace day or night.

In fact, all this religion is pure hell.

Regrettably, it seems Kampala is but a microcosm of a broader insanity that is madly destroying intelligence and life force all around the planet.

We believe freedom of religion should mean --first and foremost-- freedom from religion. How can we truly have freedom of choice, of religion or anything else, if others would impose screaming their choice on us?

All this is by way of saying that the intent of this site it not to proselytize. As concerns "the djb way", we merely hope to be descriptive. It's up to you to choose, to take it or leave it from the abundance on offer. If something about the djb way works for you, that's swell! If not, well, that's fine, too.

For the sake of all our freedom, though, we do hope you will at least choose this: choose to be free. However you do it, put up your own server and help others do the same, to help sustain the ecology of the Internet as our one true commons, for an open, free, and borderless world.

conclusion

People come to the djb way for any number of reasons. Some come seeking the reputation of djb software for security. Others come because the "standard" software seems too complex, bulky, and difficult to use properly. Some come for the small footprint and efficient performance. Still others are looking for some of the unique capabilities that djb software provides.

We first chose the djb way in Africa. Seeking a solution to match the particular constraints of our Radio Email project, we decided to adopt a serialmail solution.

The performance of the system since then has been simply phenomenal, exeeding all expectations. Well over two years in operation now, Radio Email with the djb way continues to perform flawlessly in a harsh environment, every single day in all seasons, with virtually no maintenance and no problems.

Now we build all of our servers the djb way. We like it. It works, it makes sense.

It makes us happy!


Copyright © 2002, 2003, 2004, Wayne Marshall.
All rights reserved.

Last edit 2004.09.02, wcm.