[openstack-dev] Proposal to move from Freenode to OFTC

Brian Cline brian at linux.vnet.ibm.com
Tue Mar 4 18:22:37 UTC 2014

On 03/04/2014 05:01 AM, Thierry Carrez wrote:
> James E. Blair wrote:
>> Freenode has been having a rough time lately due to a series of DDoS
>> attacks which have been increasingly disruptive to collaboration.
>> Fortunately there's an alternative.
>> OFTC <URL:http://www.oftc.net/> is a robust and established alternative
>> to Freenode.  It is a smaller network whose mission statement makes it a
>> less attractive target.  It's significantly more stable than Freenode
>> and has friendly and responsive operators.  The infrastructure team has
>> been exploring this area and we think OpenStack should move to using
>> OFTC.
> There is quite a bit of literature out there pointing to Freenode, like
> presentation slides from old conferences. We should expect people to
> continue to join Freenode's channels forever. I don't think staying a
> few weeks on those channels to redirect misled people will be nearly
> enough. Could we have a longer plan ? Like advertisement bots that would
> advise every n hours to join the right servers ?
>> [...]
>> 1) Create an irc.openstack.org CNAME record that points to
>> chat.freenode.net.  Update instructions to suggest users configure their
>> clients to use that alias.
> I'm not sure that helps. The people who would get (and react to) the DNS
> announcement are likely using proxies anyway, which you'll have to
> unplug manually from Freenode on switch day. The vast majority of users
> will just miss the announcement. So I'd rather just make a lot of noise
> on switch day :)
> Finally, I second Sean's question on OFTC's stability. As bad as
> Freenode is hit by DoS, they have experience handling this, mitigation
> procedures in place, sponsors lined up to help, so damage ends up
> *relatively* limited. If OFTC raises profile and becomes a target, are
> we confident they would mitigate DoS as well as Freenode does ? Or would
> they just disappear from the map completely ? I fear that we are trading
> a known evil for some unknown here.
> In all cases I would target post-release for the transition, maybe even
> post-Summit.

Indeed, I can't help but feel like the large amount of effort involved 
in changing networks is a bit of a riverboat gamble. DDoS has been an 
unfortunate reality for every well-known/trusted/stable IRC network for 
the last 15-20 years, and running from it rather than planning for it is 
usually a futile effort. It feels like we'd be chasing our tails trying 
to find a place where DDoS couldn't cause serious disruption; even then 
it's still not a sure thing. I would hate to see everyone's efforts to 
have been in vain once the same problem occurs there.

Brian Cline
brian at linux.vnet.ibm.com

More information about the OpenStack-dev mailing list