docs/diploma
changeset 196:b80438534651
rewrites and new content about non-functional requirements
author | meillo@marmaro.de |
---|---|
date | Wed, 31 Dec 2008 14:00:30 +0100 |
parents | ff55d3d6fbca |
children | b08be036783d |
files | thesis/tex/4-MasqmailsFuture.tex |
diffstat | 1 files changed, 93 insertions(+), 61 deletions(-) [+] |
line diff
1.1 --- a/thesis/tex/4-MasqmailsFuture.tex Wed Dec 31 13:58:26 2008 +0100 1.2 +++ b/thesis/tex/4-MasqmailsFuture.tex Wed Dec 31 14:00:30 2008 +0100 1.3 @@ -56,49 +56,43 @@ 1.4 1.5 1.6 \subsubsection*{Security} 1.7 -\MTA{}s are critical points for computer security, as they are accessable from external networks. They must be secured with high effort. Properties like high priviledge level, work load influenced from extern, work on unsafe data, and demand for reliability, increase the security needed. \masqmail\ needs to be secure enough for its target field of operation. 1.8 +\MTA{}s are critical points for computer security, as they are accessable from external networks. They must be secured with high effort. Properties like high priviledge level, work load influenced from extern, work on unsafe data, and demand for reliability, increase the need for security. \masqmail\ needs to be secure enough for its target field of operation. 1.9 1.10 1.11 \subsubsection*{Reliability} 1.12 -Reliability is the second essential quality property for an \MTA. Mail, for which the \MTA\ took responsibility, must never get lost. The \MTA\ must not be the cause of any mail loss, no matter what happens. Unreliable \mta{}s are of no value. 1.13 +Reliability is the second essential quality property for an \MTA. Mail for which the \MTA\ took responsibility must never get lost. The \MTA\ must not be \emph{the cause} of any mail loss, no matter what happens. Unreliable \mta{}s are of no value. 1.14 1.15 1.16 \subsubsection*{Robustness} 1.17 -Being robust means handling errors properly. Small errors may get tolerated, large errors may kill a process, to get restarted afterwards. Log messages should be written in every case. Robust software does not need a special environment, it creates the right environment itself. \person{Raymond}'s \name{Rule of Robustness} and his \name{Rule of Repair} are good descriptions.\cite[pages~18--21]{raymond03} 1.18 +Being robust means handling errors properly. Small errors may get tolerated, large errors may kill a process. Killed processes should be automatically restarted and lead to a clean state again. Log messages should be written in every case. Robust software does not need a special environment, it creates the right environment itself. \person{Raymond}'s \name{Rule of Robustness} and his \name{Rule of Repair} are good descriptions.\cite[pages~18--21]{raymond03} 1.19 1.20 1.21 \subsubsection*{Extendability} 1.22 -Modern needs like large messages demand for more efficient mail transport through the net. Aswell is a final solution needed to defeat the spam problem. New mail transport protocols seem to be the only good solutions for both problems. They also can improve reliability, authentication, and verification issues. \masqmail\ should be able to support new mail transfer protocols as they appear and are used. 1.23 -%fixme: like old sendmail, but not too much like it 1.24 +Modern needs like large messages demand for more efficient mail transport through the net. Aswell is a final solution needed to defeat the spam problem. New mail transport protocols seem to be the only good solutions for both problems. They also can improve reliability, authentication, and verification issues. \masqmail's architecture needs to be extendable, to allow new features to be added afterwards. For example new mail transfer protocols as they appear and are used. 1.25 + 1.26 1.27 \subsubsection*{Maintainability} 1.28 -Maintaining software takes much time and effort. \person{Spinellis} measures ``40\,\% to 70\,\% of the effort that goes into a software system is expended after the system is written first time.''\cite[page~1]{spinellis03} This is maintaining work. Hence making software good to maintain is effort that will become invalueable afterwards. 1.29 +Maintaining software takes much time and effort. \person{Spinellis} guesses ``40\,\% to 70\,\% of the effort that goes into a software system is expended after the system is written first time.'' \cite[page~1]{spinellis03}. This work is called \emph{maintaining}. Hence making software good to maintain is effort that will easy 40 to 70\,\% of the work afterwards. 1.30 1.31 1.32 \subsubsection*{Testability} 1.33 -Good testability make maintainance easier, because functionality is directly verifiable when changes are done, thus removing the uncertaintay. Modularized software makes testing easier, because parts can be testet without external influences. 1.34 +Good testability make maintainance easier too, because functionality is directly verifiable when changes are done, thus removing the uncertainty. Modularized software makes testing easier, because parts can be testet without external influences. \person{Spinellis} sees testability as a subquality of maintainability. 1.35 1.36 1.37 \subsubsection*{Performance} 1.38 -Also called ``efficiency''. Software requiring few time and few resources is nice. But as performance improvements are in contrast to many other quality poperties (reliability, maintainability, usability, capability \cite[page~5]{kan03}), japardizing them to gain some more performance should not be done. \person{Kernighan} and \person{Pike} state clear: ``[T]he first principle of optimization is \emph{don't}.''\cite[page~165]{kernighan99} 1.39 - 1.40 -The merge of communication hardware and the move of email services from providers to homes, demands smaller and more resource-friendly software. The amount of mail will be lower, even if much more mail will be sent. More important will be the energy consumption and heat emission. These topics increased in relevance during the past years and they are expected to become more central. \masqmail\ is not a program to be used on large servers, but to be used on small devices. Thus focusing on energy and heat, not on performance, is the direction to go. 1.41 +Also called ``efficiency''. Efficient software requires few time and few resources. The merge of communication hardware and its move from service providers to homes and to mobile devices, demand smaller and more resource-friendly software. The amount of mail will be lower, even if much more mail will be sent. More important will be the energy consumption and heat emission. These topics increased in relevance during the past years and they are expected to become more central. 1.42 1.43 1.44 \subsubsection*{Availability} 1.45 -Availability is important for server programs. They must stay operational, even when bad guys run \name{denial of service} attacks. 1.46 +Availability is important for server programs. They must stay operational, even during \name{denial of service} attacks. 1.47 1.48 1.49 \subsubsection*{Portability} 1.50 -Not to forget is portability. It can be accieved by using standard features of the programming language and common libraries. Basic rules for portable code are defined by \person{Kerighan} and \person{Pike} \cite{kernighan99}. 1.51 - 1.52 -Focusing on \unix\ systems seems to be okay, but being portable between different flavors of them is important. Also should the \masqmail\ be independent of the underlying file system. 1.53 +Source code that compiles and runs on various operationg systems is called portable. Portability can be achieved by using standard features of the programming language and common libraries. Basic rules for portable code are defined by \person{Kerighan} and \person{Pike} \cite{kernighan99}. Portable code lets software spread faster. 1.54 1.55 1.56 \subsubsection*{Usability} 1.57 -Usability, not mentioned by \person{Hafiz} but by \person{Spinellis} and \person{Kan}, is a property very important from the user's point of view. Software with bad usability is rarely used, no matter how good it is---if roughly equivilent substitutes with better usability exist, the user will switch to one of them. 1.58 - 1.59 -Usability here means easy to set up and configure, too. Having \mta{}s on many home servers and clients, requires easy and standardized configuration. The common setups should be configurable with single actions by the user. Complex configuration should be possible, but focused must be the most common form of configuration: choosing one of several standard setups. 1.60 +Usability, not mentioned by \person{Hafiz} (he focuses on architecture) but by \person{Spinellis} and \person{Kan}, is a property very important from the user's point of view. Software with bad usability is rarely used, no matter how good it is. If roughly equivilent substitutes with better usability exist, the user will switch to one of them. Usability here means easy to set up and configure, too; users are also administrators here. Having \mta{}s on many home servers and clients, requires easy and standardized configuration. The common setups should be configurable with single actions by the user. Complex configuration should be possible, but focused must be the most common form of configuration: choosing one of several standard setups. 1.61 1.62 1.63 1.64 @@ -242,8 +236,25 @@ 1.65 There is currently no way of archiving every message going through \masqmail. 1.66 1.67 1.68 -%fixme: write about non-functional requirements 1.69 - Making \masqmail\ a \name{crash-only software}\cite{candea03} would be a step to make it more robust. 1.70 +Non-functional requirements are not so easy to be marked as fulfilled or not. Instead they are discussed here. 1.71 + 1.72 +\masqmail\ needs to be ``secure enough'', but what is ``secure enough''? This depends on its target field. Currently \masqmail\ is targeted to workstations and private networks, with explicit warning for use on permanent online hosts \citeweb{masqmail:homepage2}. \masqmail's current security is bad. (For instance does a long time known attack against \sendmail, described by \person{Sill} \cite[page~4]{sill02}, still outwit \masqmail). The security, however, seems acceptable for use on workstations and private networks, if the environment is trusted. In environments where untrusted components or persons have access to \masqmail, its security is too low. 1.73 + 1.74 +Similar for its reliability. It has been reported that \masqmail\ has not sent mail under some circumstances \citeweb{FIXME}. %fixme 1.75 +The author also noticed problems with where only one part of the queued message was removed, the other part remained as garbage. Fortunately, reports abou lost mail are not known. Current reliability is not good enough. 1.76 + 1.77 +The logging behavior of \masqmail\ is good, but does not cover everything. Also it trusts its environment. For example, if the queue directory is world writeable by accident (or as action of an intruder), any user can remove messages from the queue or replace them with own ones. \masqmail\ does not even write a debug message in this case. 1.78 + 1.79 +\masqmail's extendability is very poor. This is a general problem of monolithic software, but can thus be provided with high effort. \exim\ is an example for good extendability for a monolithic program. 1.80 + 1.81 +The maintainability of \masqmail\ appears to be equivilent to other software of similar kind. Missing modularity and therefore more complexity makes the maintainer's work harder. In summary is \masqmail's maintainability bearable, and in view of its missing modularity good. The testability suffers from the same. Testing program parts is hard, but done by compiling source parts to special test programs. 1.82 + 1.83 +The performance---effenciency---of \masqmail\ is good enough for its target field of operation, where this is a minor goal. As well is its availability. Hence no further work needs to be done her. 1.84 + 1.85 +The code's protability is good with view on \unix-like operation systems. At least \name{Debian}, \name{Redhat}, \NAME{SUSE}, \name{slackware}, \name{Free}\NAME{BSD}, \name{Open}\NAME{BSD}, and \name{Net}\NAME{BSD} are reported to be able to compile and run \masqmail\ \citeweb{masqmail:homepage2}. About special requirements for the underlying file system is not heard of. The portability is already good. 1.86 + 1.87 +The usability, from the administator's point of view, is very good. \masqmail\ was developed to suite a specific, limited job, its configuration does perfect match. The user's view does not reach to the \MTA, as it is hidden behind the \name{mail user agent}. 1.88 + 1.89 1.90 1.91 \subsubsection*{Missing parts} 1.92 @@ -256,12 +267,26 @@ 1.93 1.94 Archiving again is prefered to be implemented soon. It does not require much work, but enables all kinds of statistical analysis. Also it is a requirement for companies to archive their mail communication. 1.95 1.96 -%fixme: what about non-functional requirements? 1.97 +Non-functional requirements need improvements too. 1.98 1.99 +\masqmail's security is bad and limits it thus to a field of operation that shrinks. Security becomes more important and networking and interaction increases. Save and trusted environment become rare. Improving security is an important thing to do in future. 1.100 1.101 +Reliability is also to improve. It is a key quality property for an \MTA, and not good enough in \masqmail. Also is the program lacking robustness. Checking the environment and reporting bad characteristics is wanted. Especially improving robustness inrelation to the queue is favorable; applying ideas of \name{crash-only software}\cite{candea03} will be a good step. 1.102 1.103 +Extendability, maintainability, and testability do all lack from the monolithic architecture and are nearly impossible to improve without changing the programs structure. These properties can hardly be retrofitted into software. But extendability might become important in the future, and the other two make all further work on the software easier. 1.104 1.105 -\subsubsection*{Discussion on architecture} 1.106 +Performance is a nice-to-have property, but as performance improvements are in contrast to many other quality poperties (reliability, maintainability, usability, capability \cite[page~5]{kan03}), jeopardizing these to gain some more performance should not be done. \person{Kernighan} and \person{Pike} state clear: ``[T]he first principle of optimization is \emph{don't}.''\cite[page~165]{kernighan99}. \masqmail\ is not a program to be used on large servers, but on small devices. Thus important for \masqmail\ is focusing on energy and heat, maybe also system resources, not on performance. 1.107 + 1.108 +Focusing on being portable amoung the various flavors of \unix\ systems seems to be okay, because these systems are the ones \MTA{}s run on usually. Problems with non-\unix platforms are primary expected to come from file systems lacking required features. But no special care should be taken here. 1.109 + 1.110 +Configuration could be eased more, by providing configuration generators to be able to run \masqmail\ right ``out of the box'' with only running one of several configuration scripts for common setups. This would make \masqmail\ better usable by people not technical educated. 1.111 + 1.112 + 1.113 + 1.114 + 1.115 + 1.116 + 1.117 +\section{Discussion on architecture} 1.118 1.119 %fixme: why is there a need for a new arch?? 1.120 Adding authentication and encryption support is limited to a narrow region in the code. Such features are addable to the current code base without much problem. In contrast do support for new protocols or mail processing interfaces to external programs require a lot of effort. Changes in many parts of the source code are required. It is no good idea to implement large retro-fitted features in a software that is critical in security and reliability, like \masqmail. Worse if these features need changes in the program's structure, like adding mail scanning interfaces would do. 1.121 @@ -331,7 +356,53 @@ 1.122 1.123 1.124 1.125 -\section{A design from scratch} 1.126 + 1.127 + 1.128 + 1.129 + 1.130 + 1.131 +\section{Result} 1.132 + 1.133 +Directions to go 1.134 + 1.135 +Now how could \masqmail\ be like in, say, five years? 1.136 + 1.137 +This section discusses about what shapes \masqmail\ could have---which directions the development could go to. 1.138 + 1.139 + 1.140 + 1.141 + 1.142 +1) fix the current version 1.143 + 1.144 + 1.145 +2) create a new one 1.146 +But how is the effort of this complete rewrite compared to what is gained afterwards? 1.147 +<< would one create it at all? >> 1.148 + 1.149 + 1.150 +pro---contra 1.151 + 1.152 + 1.153 + 1.154 + 1.155 +<< short term goals --- long term goals >> 1.156 + 1.157 +do it like sendmail: first do the most needed stuff on the old design to make it still usable. Then design a new version from scratch, for the future. 1.158 + 1.159 +<< which parts to take out and do within the thesis >> 1.160 + 1.161 + 1.162 + 1.163 + 1.164 + 1.165 + 1.166 + 1.167 + 1.168 + 1.169 + 1.170 + 1.171 + 1.172 +\chapter{A design from scratch} 1.173 1.174 The last sections identified the jobs that need to be done by a modern \MTA; problems and prefered choices were mentioned too. Now the various jobs are assigned to modules, of which an architecture is created. It is inpired by existing ones and driven by the identified jobs and requirements. 1.175 1.176 @@ -772,42 +843,3 @@ 1.177 1.178 1.179 1.180 - 1.181 - 1.182 - 1.183 - 1.184 - 1.185 - 1.186 - 1.187 - 1.188 -\section{Result} 1.189 - 1.190 -Directions to go 1.191 - 1.192 -Now how could \masqmail\ be like in, say, five years? 1.193 - 1.194 -This section discusses about what shapes \masqmail\ could have---which directions the development could go to. 1.195 - 1.196 - 1.197 - 1.198 - 1.199 -1) fix the current version 1.200 - 1.201 - 1.202 -2) create a new one 1.203 -But how is the effort of this complete rewrite compared to what is gained afterwards? 1.204 -<< would one create it at all? >> 1.205 - 1.206 - 1.207 -pro---contra 1.208 - 1.209 - 1.210 - 1.211 - 1.212 -<< short term goals --- long term goals >> 1.213 - 1.214 -do it like sendmail: first do the most needed stuff on the old design to make it still usable. Then design a new version from scratch, for the future. 1.215 - 1.216 -<< which parts to take out and do within the thesis >> 1.217 - 1.218 -