[spambayes-dev] pop3proxy execution "rules" on Windows

[Mark Hammond]

[Richie]

> With you so far.  Looks like you're shaping up to allow
> multiple instances
> of the server, all running as different users, with
> optionally one of them
> being a service.

Yes, that was my starting position.  However, it seems to lead to complex
logic for a simple "start proxy" command.  It must check if the service is
configured for the current user, rather than simply installed for any user.
Not brain surgery, but seeming to move into unnecessary complexity.

> > * For the sake of simplicity all round, pop3proxy_normal
> (ie, the "normal"
> > executable, whatever it is) will refuse to start if the
> service is already
> > running on the current machine, even if it is running as a
> different user.
>
> ...which I don't understand - what makes the "normal" executable so
> different from the service, if the service is running as a
> user...?

The difference is that only one service instance can be running on a machine
at one time.  However, multiple executables can.

So as you say:

> way?  (I assume only one user can run a Windows service at
> once, and if
> that's a restriction of Windows then fair enough.)

Is exactly the problem.  Further, as we are using sockets, there is no way
we can determine what user is at the other end of the connection.  Hence a
single service instance can not service multiple clients (as it won't know
what user database to use for the request).

>
> > I suspect this will not be a problem,
> > as people who want to run the service will tend to have
> exclusive access to
> > the machine.
>
> Yes, but can they be sure that all other users have logged off?  I've
> never worked anywhere that implemented hot desking, but I imagine XP's
> "fast user switching" capability leads to people being lazy
> about logging
> out - just hit Standby and then whoever comes to the machine
> next will log
> on and use it.  It's not great for system resource usage, but when you
> next come along, all your applications (and services, I
> assume) are still
> running - very convenient.

As I mentioned, I believe users who are interested in the service will have
exclusive access to the machine.  They will be implicitly choosing to have a
single service running for all users but using a single database.  If they
need to share the machine, then the service is not appropriate - as the
service does not know what user is at the other end of the connection.

> > (Note the tray icon app could still start in this case, which
> > could control the service - just never a proxy)
>
> [Where "in this case" means "where a service is running as
> any user", I
> assume]  Again, I don't see why you're differentiating
> between services
> and normal user processes.  Say I share a machine with Johnny
> Lazy, who
> never bothers logging out, and I download Spambayes (possibly
> even through
> his recommendation) and try to run it, I'll be annoyed if it
> says "Someone
> else is running the Spambayes service, so you can't run it as a normal
> application, even with a different data directory and on
> different ports."

:)  This was part of the meandering reasoning I left out.  This makes the
startup logic horrible.  Assuming the pop3tray program will just "do the
right thing", then it must not only check if a service is installed on the
current machine, but installed with a specific user name.

It all just seemed too hard, for not enough gain.  If Johnny truly
understands that SpamBayes is a per-user solution and knows that other users
may log onto his machine, he would be foolish to run the service.

> I'm not saying that your proposed restrictions are outrageously
> unacceptable, just that I can't figure out the reasons behind
> them.

It all boils down to the logic needed in "start proxy" in the tray icon.  I
don't think it acceptable that we allow mulitple instances of the "same"
proxy to be started - which made me start thinking about exactly how to
guard against that, while still allowing "different" proxies to be supported
in the same machine.

I am now of the opinion that "pop3proxy_service" is a dumb idea - it should
not be a service at all unless it becomes capable of a single instance
serving and storing data for multiple users.  Until it is capable of that,
it really doesn't qualify as being a resonable service by any measure, other
than it is a "background" task.  However, having it as a service *is*
conventient.

Therefore, people who want it to run as a service do so purely from a
convenience point of view - for the "background" qualities of services
rather than the true "service" qualities.  I came to the conclusion that
these people are likely to use their machine exclusively.  Administrators
etc looking to setup the service as a true service, serving multiple users,
will find it unauitable so drop back to the "per-user process" option.

We need to come up with something that is easily understood by our users.
My idea was basically to document:
* The SpamBayes proxy is a per user program - therefore, it doesn't run as a
service.
* People want a service, even though they shouldn't.  So we have provided
one - but if you use it, you must configure it yourself and the non-service
version of the proxy won't work (but the tray-bar icon will - in that case
it will be controlling the service rather than running the proxy)

Mark.