From: Brian Cline <br...@linux.vnet.ibm.com> To: openstack-dev@lists.openstack.org, Date: 03/04/2014 12:29 PM Subject: Re: [openstack-dev] Proposal to move from Freenode to OFTC
On 03/04/2014 05:01 AM, Thierry Carrez wrote: > James E. Blair wrote: >> Freenode has been having a rough time lately due to a series of DDoS >> attacks which have been increasingly disruptive to collaboration. >> Fortunately there's an alternative. >> >> OFTC <URL:http://www.oftc.net/> is a robust and established alternative >> to Freenode. It is a smaller network whose mission statement makes it a >> less attractive target. It's significantly more stable than Freenode >> and has friendly and responsive operators. The infrastructure team has >> been exploring this area and we think OpenStack should move to using >> OFTC. > There is quite a bit of literature out there pointing to Freenode, like > presentation slides from old conferences. We should expect people to > continue to join Freenode's channels forever. I don't think staying a > few weeks on those channels to redirect misled people will be nearly > enough. Could we have a longer plan ? Like advertisement bots that would > advise every n hours to join the right servers ? > >> [...] >> 1) Create an irc.openstack.org CNAME record that points to >> chat.freenode.net. Update instructions to suggest users configure their >> clients to use that alias. > I'm not sure that helps. The people who would get (and react to) the DNS > announcement are likely using proxies anyway, which you'll have to > unplug manually from Freenode on switch day. The vast majority of users > will just miss the announcement. So I'd rather just make a lot of noise > on switch day :) > > Finally, I second Sean's question on OFTC's stability. As bad as > Freenode is hit by DoS, they have experience handling this, mitigation > procedures in place, sponsors lined up to help, so damage ends up > *relatively* limited. If OFTC raises profile and becomes a target, are > we confident they would mitigate DoS as well as Freenode does ? Or would > they just disappear from the map completely ? I fear that we are trading > a known evil for some unknown here. > > In all cases I would target post-release for the transition, maybe even > post-Summit. > Indeed, I can't help but feel like the large amount of effort involved in changing networks is a bit of a riverboat gamble. DDoS has been an unfortunate reality for every well-known/trusted/stable IRC network for the last 15-20 years, and running from it rather than planning for it is usually a futile effort. It feels like we'd be chasing our tails trying to find a place where DDoS couldn't cause serious disruption; even then it's still not a sure thing. I would hate to see everyone's efforts to have been in vain once the same problem occurs there. -- Brian Cline br...@linux.vnet.ibm.com +1 I have not seen this as a frequent problem. I have been aware of it but it seems a bit excessive to move to a possibly less equipped provider. -Jay _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
