Hi folks
Over the Christmas/New Year period, Clojars experienced significant downtime due to a DDoS on our hosting provider <https://blog.linode.com/2016/01/29/christmas-ddos-retrospective/> Linode. This exposed a number of weaknesses in the Clojars service, and related tooling. Toby published a retrospective <https://groups.google.com/forum/#!topic/clojars-maintainers/fJmHRbSL4Lw> on the Clojars Maintainers list <https://groups.google.com/forum/#!forum/clojars-maintainers> a few days later, which I recommend you read for all the gory details. This email will describe what we’ve done since to improve Clojars resilience, and what we’re still doing. *# What we’ve done:* *## Additional administrator* First, we’ve increased the number of volunteer administrators by 100% (from 1 to 2). I’ve joined the team, and as I’m in the NZ timezone, we are better equipped to respond to incidents at any time of the day. *## Sponsorships* Second, we've gained a few service sponsors that will reduce costs and allow us to be more robust: DNSimple <https://dnsimple.com/>: they are providing free DNS for us Rackspace <https://www.rackspace.com/>: they are providing us free server and cloud file usage. We're not yet taking advantage of this, but hope to move in the near future. Thanks lvh <https://twitter.com/lvh> for advocating for us! StatusPage.io <http://statuspage.io/>: they are providing us a free status page (located at http://status.clojars.org) Pingometer <https://pingometer.com/>: they are providing us with website uptime monitoring. Those are in addition to the free account we were already receiving from Yeller <http://yellerapp.com/>, and some of Toby's admin time that is donated by Red Hat <http://www.redhat.com/en>. ## *Monitoring and status* Thanks to StatusPage, Yeller, and Pingometer, we’re able to identify and respond to issues quickly, and keep the community updated when there are issues. *# What we’re doing* *## Major work* There are a few major pieces of work we’ve identified to make Clojars more resilient (they were all created before the Linode outage, but haven’t been completed yet): - Move the Clojars repo off the server [#433] <https://github.com/clojars/clojars-web/issues/433> - Put the Clojars repo behind a CDN [#434] <https://github.com/clojars/clojars-web/issues/434> - Use config automation to build and maintain the server [#432] <https://github.com/clojars/clojars-web/issues/432> *## Moving to Rackspace* Once we have config automation available to recreate the server, we plan to move to Rackspace. We expect that Rackspace will be able to provide better resiliency and security. *## Becoming a non-profit* We've applied to be a member of the Software Freedom Conservancy. We're doing that for a few reasons: - It will allow us to take corporate donations - Donations would be tax-deductible (at least in the US, tax law may vary in your country) - We'll have legal protection in the case of a DMCA or other legal entanglement (currently, the liability is on the administrators) - If we succeed in gaining non-profit status, we plan to use excess funds to support other Clojure community projects, and will have a (eventually community elected) committee to determine how those funds will be distributed. We hope to know if our application has been accepted within the next couple of months. *# How you can help* - Clojars is an open source project, and anyone can contribute. There are a number of issues tagged ‘ready’ <https://github.com/clojars/clojars-web/labels/ready> which are ready for anyone to pick up and run with. If you’re looking to start contributing to open source, Toby and I are happy to work with you to help shepherd pull requests through the process. - I have some issues tagged ‘help wanted’ <https://github.com/clojars/clojars-server-config/issues?q=is:issue+is:open+label:%22help+wanted%22> on the server config project <https://github.com/clojars/clojars-server-config> where another pair of eyes would be very helpful. Also, if you have experience with Ansible, it would be great to have feedback on how we’re using it overall, and suggestions for improvements. - There are some issues for Leiningen related to offline support that need patches, [#2059] <https://github.com/technomancy/leiningen/issues/2059>, [#2058] <https://github.com/technomancy/leiningen/issues/2058>, [#2055] <https://github.com/technomancy/leiningen/issues/2055>. - Join the maintainers list <https://groups.google.com/forum/#!forum/clojars-maintainers>. This is where issues related to Clojars changes are discussed. - Donate to the Bountysource <https://salt.bountysource.com/teams/clojars> project. People have been incredibly generous donating to Clojars. Thanks so much to everyone! Thanks! Toby & Daniel -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en --- You received this message because you are subscribed to the Google Groups "Clojure" group. To unsubscribe from this group and stop receiving emails from it, send an email to clojure+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
