Re: HTTPS, CPAN, and dist integrity
On 04. feb. 2015 08:17, Michiel Beijen wrote: Can anyone fill in on the feasibility of directing all cpan cients to *one* site, i.e. https://cpan.metacpan.org/ ? Having multiple mirrors is IMO one of the many things that CPAN got right from the start. Other similar but centralized package repositories have failed (and continue to fail) miserably. Why go centralised if the problem is elsewhere? CDNs, while being distributed, are managed centrally by one entity, who also pays the bandwidth/service cost. -- Cosimo
Re: HTTPS, CPAN, and dist integrity
Hi Cosimo, On Wed, Feb 4, 2015 at 10:29 AM, Cosimo Streppone cos...@opera.com wrote: On 04. feb. 2015 08:17, Michiel Beijen wrote: Can anyone fill in on the feasibility of directing all cpan cients to *one* site, i.e. https://cpan.metacpan.org/ ? Having multiple mirrors is IMO one of the many things that CPAN got right from the start. Other similar but centralized package repositories have failed (and continue to fail) miserably. Why go centralised if the problem is elsewhere? CDNs, while being distributed, are managed centrally by one entity, who also pays the bandwidth/service cost. Yeah of course, it should not be one **host** - but it can still be one URL which leverages a CDN right? Are you saying CDN, bad, mirrors, good? I understand this might mean more bandwidth cost for the one who pays the bills - therefore I've asked about how we could find out about the amount of traffic that would be involved. If bandwidth would be much of a concern it could also be a possibility to get the checksums for the dists from one source via HTTPS, perform the download from a mirror and then verify the checksum. -- Michiel
MetaCPAN info...
Hi, In regard to the 'HTTPS, CPAN, and dist integrity' thread. I work on the metacpan project... FYI: We use http://www.fastly.com/ as our CDN (they are amazing) and we get this for free - always likely to: http://www.fastly.com/about/open-source/ MetaCPAN gets lots of support from companies, https://metacpan.org/about/sponsors Currently we have 2 servers with failover and load balancing (done through Fastly) at Bytemark UK (actually we have a 3rd as a staging server with them). We are working on setting up 3 servers with Liquid Web US, and have a 3rd hosting company looking at donating 3 servers (each hosting company is a different datacenter). This hardware (32G Ram + lots of CPU on each boxs) hosting and the bandwidth are kindly donated to us. So bottom line, I'm sure we can cope if this is what people want, though as always, more help with managing it is appreciated (we use puppet a lot), everything (other than our certs and private keys!) is available publically from https://github.com/CPAN-API/ Catch me on irc.perl.org #metacpan (ranguard) if you need further details, or want to help From last month, daily averages served from Fastly... 65% hit rate (not back to our origins) 139k requests 29.5 GB of bandwidth Leo
Image fileproblem downloading from webserver
Hi There, Somehow images and files get corrupted when i read them with a perl script and then download them with a modperl script using File::Read or File::Slurp. The images are not really broken but they get blurred and dont look the same like before they are uploaded. When i download them directly from the webserver directory where the files are stored are stored they are ok. I have also tried the script below but no success. -- print $args-{base}-{CGI}-header( -type = $mimetype, -attachment = $document ); my $fname = $file; open my $in, q{}, $fname or die qq{Could not open file $fname: $!}; binmode($in); open my $out, q{STDOUT} or die qq{Cant dup STDOUT: $!}; binmode($out); $out-autoflush(1); my ($more, $buf); do{ $more = read $in, $buf, 4096; print $out $buf; } while $more; close $out or die $!; close $in or die $!; -- Any hints that can help me out? Thanx in advance! Michel
Re: HTTPS, CPAN, and dist integrity
Hi David, On Wed, Feb 4, 2015 at 12:46 PM, David Cantrell da...@cantrell.org.uk wrote: Having a zillion mirrors is no longer a killer feature - the net is now much better connected, bandwidth is cheap, and site reliability is much higher than it used to be. However, the ability to easily create a mirror is still a nifty feature. It makes it dead easy to: * have a mirror on my laptop for hacking on the move; * have a customised module repository where all the normal tools just work The latter is really important. It lets companies add their non-public code to a CPAN mirror-a-like. It lets you pin some of your dependencies to particular versions. It lets you do things like the cpXXXan. I'm not saying that all mirrors should go, and I'm not saying that you should not be able to insert your own servers (or file locations) in your urllist! That's a useful feature and should absolutely stay. What I'm saying is that I think the *default* out-of-box setup should go use some central SSL-enabled website - which now, on latest CPAN, uses http://www.cpan.org by default. -- Michiel
Re: HTTPS, CPAN, and dist integrity
On Tue, Feb 03, 2015 at 11:25:26PM +0100, Michiel Beijen wrote: Basically I think the whole CPAN setup with 200+ mirrors sounded great back in the 1990s and it is still widely touted as a feature of CPAN. Having a zillion mirrors is no longer a killer feature - the net is now much better connected, bandwidth is cheap, and site reliability is much higher than it used to be. However, the ability to easily create a mirror is still a nifty feature. It makes it dead easy to: * have a mirror on my laptop for hacking on the move; * have a customised module repository where all the normal tools just work The latter is really important. It lets companies add their non-public code to a CPAN mirror-a-like. It lets you pin some of your dependencies to particular versions. It lets you do things like the cpXXXan. -- David Cantrell | Godless Liberal Elitist In My Egotistical Opinion, most people's ... programs should be indented six feet downward and covered with dirt. --Blair P. Houghton
Re: HTTPS, CPAN, and dist integrity
On 04. feb. 2015 10:36, Michiel Beijen wrote: Hi Cosimo, On Wed, Feb 4, 2015 at 10:29 AM, Cosimo Streppone cos...@opera.com wrote: On 04. feb. 2015 08:17, Michiel Beijen wrote: Can anyone fill in on the feasibility of directing all cpan cients to *one* site, i.e. https://cpan.metacpan.org/ ? Having multiple mirrors is IMO one of the many things that CPAN got right from the start. [...] CDNs, while being distributed, are managed centrally by one entity, who also pays the bandwidth/service cost. Yeah of course, it should not be one **host** - but it can still be one URL which leverages a CDN right? Are you saying CDN, bad, mirrors, good? Of course I am not saying that :-) Just, it's easy to look at the neighbor's garden and think the grass is greener. I've been in other gardens, and it's often not the case :) /C