On 03/04/2014 05:01 AM, Thierry Carrez wrote:
James E. Blair wrote:
Freenode has been having a rough time lately due to a series of DDoS
attacks which have been increasingly disruptive to collaboration.
Fortunately there's an alternative.
OFTC <URL:http://www.oftc.net/> is a robust and established alternative
to Freenode. It is a smaller network whose mission statement makes it a
less attractive target. It's significantly more stable than Freenode
and has friendly and responsive operators. The infrastructure team has
been exploring this area and we think OpenStack should move to using
OFTC.
There is quite a bit of literature out there pointing to Freenode, like
presentation slides from old conferences. We should expect people to
continue to join Freenode's channels forever. I don't think staying a
few weeks on those channels to redirect misled people will be nearly
enough. Could we have a longer plan ? Like advertisement bots that would
advise every n hours to join the right servers ?
[...]
1) Create an irc.openstack.org CNAME record that points to
chat.freenode.net. Update instructions to suggest users configure their
clients to use that alias.
I'm not sure that helps. The people who would get (and react to) the DNS
announcement are likely using proxies anyway, which you'll have to
unplug manually from Freenode on switch day. The vast majority of users
will just miss the announcement. So I'd rather just make a lot of noise
on switch day :)
Finally, I second Sean's question on OFTC's stability. As bad as
Freenode is hit by DoS, they have experience handling this, mitigation
procedures in place, sponsors lined up to help, so damage ends up
*relatively* limited. If OFTC raises profile and becomes a target, are
we confident they would mitigate DoS as well as Freenode does ? Or would
they just disappear from the map completely ? I fear that we are trading
a known evil for some unknown here.
In all cases I would target post-release for the transition, maybe even
post-Summit.
Indeed, I can't help but feel like the large amount of effort involved
in changing networks is a bit of a riverboat gamble. DDoS has been an
unfortunate reality for every well-known/trusted/stable IRC network for
the last 15-20 years, and running from it rather than planning for it is
usually a futile effort. It feels like we'd be chasing our tails trying
to find a place where DDoS couldn't cause serious disruption; even then
it's still not a sure thing. I would hate to see everyone's efforts to
have been in vain once the same problem occurs there.
--
Brian Cline
br...@linux.vnet.ibm.com
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
