Open Stack

From:   Brian Cline <brian at linux.vnet.ibm.com>
To:     openstack-dev at lists.openstack.org, 
Date:   03/04/2014 12:29 PM
Subject:        Re: [openstack-dev] Proposal to move from Freenode to OFTC



On 03/04/2014 05:01 AM, Thierry Carrez wrote:
> James E. Blair wrote:
>> Freenode has been having a rough time lately due to a series of DDoS
>> attacks which have been increasingly disruptive to collaboration.
>> Fortunately there's an alternative.
>>
>> OFTC <URL:http://www.oftc.net/> is a robust and established alternative
>> to Freenode.  It is a smaller network whose mission statement makes it 
a
>> less attractive target.  It's significantly more stable than Freenode
>> and has friendly and responsive operators.  The infrastructure team has
>> been exploring this area and we think OpenStack should move to using
>> OFTC.
> There is quite a bit of literature out there pointing to Freenode, like
> presentation slides from old conferences. We should expect people to
> continue to join Freenode's channels forever. I don't think staying a
> few weeks on those channels to redirect misled people will be nearly
> enough. Could we have a longer plan ? Like advertisement bots that would
> advise every n hours to join the right servers ?
>
>> [...]
>> 1) Create an irc.openstack.org CNAME record that points to
>> chat.freenode.net.  Update instructions to suggest users configure 
their
>> clients to use that alias.
> I'm not sure that helps. The people who would get (and react to) the DNS
> announcement are likely using proxies anyway, which you'll have to
> unplug manually from Freenode on switch day. The vast majority of users
> will just miss the announcement. So I'd rather just make a lot of noise
> on switch day :)
>
> Finally, I second Sean's question on OFTC's stability. As bad as
> Freenode is hit by DoS, they have experience handling this, mitigation
> procedures in place, sponsors lined up to help, so damage ends up
> *relatively* limited. If OFTC raises profile and becomes a target, are
> we confident they would mitigate DoS as well as Freenode does ? Or would
> they just disappear from the map completely ? I fear that we are trading
> a known evil for some unknown here.
>
> In all cases I would target post-release for the transition, maybe even
> post-Summit.
>

Indeed, I can't help but feel like the large amount of effort involved 
in changing networks is a bit of a riverboat gamble. DDoS has been an 
unfortunate reality for every well-known/trusted/stable IRC network for 
the last 15-20 years, and running from it rather than planning for it is 
usually a futile effort. It feels like we'd be chasing our tails trying 
to find a place where DDoS couldn't cause serious disruption; even then 
it's still not a sure thing. I would hate to see everyone's efforts to 
have been in vain once the same problem occurs there.

-- 
Brian Cline
brian at linux.vnet.ibm.com


+1  I have not seen this as a frequent problem.  I have been aware of it 
but it
seems a bit excessive to move to a possibly less equipped provider.

-Jay



_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140304/e3a499dc/attachment-0001.html>