You certainly _can_ run ejabberd on any other port. However, lots of clients can only connect through the port 443, so you have to run ejabberd on this port. And it was not possible to setup nginx as a proxy, because ejabberd only pretends to be HTTPS.

Of course, if you control the network of all your clients then you can just use the port 5223 (SSL version).

Port 80 for the console and 443 for HTTPS tunneling.

JFYI, we're using clouds to do lots of computations. So once we get a job, we quickly start tons of instances, do the computation and then stop them. Our PostgreSQL cluster is not restarted, though we sometimes do add and remove read-only replicas to it.

So what are you suggestions, my lord? Ejabberd is able to dynamically add or remove new services, so a static 'open ports and drop privs' is not enough.

Classic cars still have them. Do you know how to tune them? No?

And this is bad exactly why?

Do you remember how to tune your carburettor or patch a punctured tire? No? Hell, lots of people don't even know that their car has sparkplugs, never mind actually changing them. Kids these days...

Yeah, really? How about Forbes: http://www.forbes.com/2010/08/...

SSH verifies the identity of both endpoints, and it's impossible to hijack the user's password even in case of MITM. But it's possible to do this if you intercept MySQL port (passwords are sent in the clear) and then you can probably use the gleaned password to do all sorts of bad stuff. Ditto for PostgreSQL.

Detecting this race condition is the hard part. Once you identify it, it's fairly easy to fix it by adding explicit dependencies and/or locking.

The thing is, systemd really solves the root case of race conditions, by not depending on accidents of timing and detecting interdependencies automatically.

It won't start your daemon in parallel, but other services will start just fine. Also, all the other advantages like reliable service isolation are still there.

How? Systemd can start stuff in parallel because it can do automount and create sockets before the service is actually started. Automatically.

There are no real reasons to wait for BIND9 to shut down gracefully. Abrupt shutdown might terminate ongoing zone transfers but they'd be resumed once BIND is again started.

But if you have something that should genuinely be restarted gently (like a in-memory database, for example), systemd supports that just fine:

It's stupid, but you CAN do it just fine. It simply makes no sense to do by default.

Oh, and if Slate is not enough for you, here's Forbes: http://www.forbes.com/2010/08/... It's even more damning.

You seem to cling to the illusion, don't you? Mother Theresa's charity got _billions_ in donations over its lifetime. More than enough to spend more than $50 million dollars on Mother Theresa's air travels alone. Which could have been enough to buy strong analgesics for those who really needed them (hint: not EVERYBODY in her Homes). And her organization also spent at least tens of millions on anti-abortion and anti-contraception propaganda.

Basically every study that tries to look into the matters in details comes to the same conclusion - she was a fraud and a fanatic. The most recent one: http://www.independent.co.uk/v...

Here's an excerpt: