[openstack-dev] Proposal to move from Freenode to OFTC
Hi, Freenode has been having a rough time lately due to a series of DDoS attacks which have been increasingly disruptive to collaboration. Fortunately there's an alternative. OFTC http://www.oftc.net/> is a robust and established alternative to Freenode. It is a smaller network whose mission statement makes it a less attractive target. It's significantly more stable than Freenode and has friendly and responsive operators. The infrastructure team has been exploring this area and we think OpenStack should move to using OFTC. This would obviously be a big change, but we think that with the following process, we can move fairly smoothly: 0) Establish channel and bot registrations on OFTC. This has already been done (for all the channels listed on the wiki and all the bots managed via the infrastructure program). That actually puts us ahead of Freenode where we still haven't managed to register all the channels we use. 1) Create an irc.openstack.org CNAME record that points to chat.freenode.net. Update instructions to suggest users configure their clients to use that alias. 2) Set a date and time for a cutover, at least several weeks out. Make multiple announcements about the move on mailing lists, blogs, etc. 3) Set channel topics in OFTC to remind people that the move has not yet occurred. Nearer to the cutover date: 4) Ask a few people (perhaps some core members of each team) to join OFTC a few days early to be there to assist anyone who shows up there and is confused. 5) On the cutover, change the CNAME and links to web clients in the wiki. The infrastructure team will switch IRC bots (including channel logging) at the cutover time as well. Send reminder announcements. 6) Ask those same people from #4 to stick around Freenode for a few weeks after the cutover to assist anyone who shows up there and is confused. 7) Set channel topics in Freenode to remind people that we have moved to OFTC. If there aren't objections to this plan, I think we can propose a motion to the TC with a date and move forward with it fairly soon. -Jim ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
On 03/03/2014 06:07 PM, James E. Blair wrote: > Hi, > > Freenode has been having a rough time lately due to a series of DDoS > attacks which have been increasingly disruptive to collaboration. > Fortunately there's an alternative. > > OFTC http://www.oftc.net/> is a robust and established alternative > to Freenode. It is a smaller network whose mission statement makes it a > less attractive target. It's significantly more stable than Freenode > and has friendly and responsive operators. The infrastructure team has > been exploring this area and we think OpenStack should move to using > OFTC. > > This would obviously be a big change, but we think that with the > following process, we can move fairly smoothly: > > 0) Establish channel and bot registrations on OFTC. This has already > been done (for all the channels listed on the wiki and all the bots > managed via the infrastructure program). That actually puts us ahead of > Freenode where we still haven't managed to register all the channels we > use. > > 1) Create an irc.openstack.org CNAME record that points to > chat.freenode.net. Update instructions to suggest users configure their > clients to use that alias. > > 2) Set a date and time for a cutover, at least several weeks out. Make > multiple announcements about the move on mailing lists, blogs, etc. > > 3) Set channel topics in OFTC to remind people that the move has not yet > occurred. > > Nearer to the cutover date: > > 4) Ask a few people (perhaps some core members of each team) to join > OFTC a few days early to be there to assist anyone who shows up there > and is confused. > > 5) On the cutover, change the CNAME and links to web clients in the > wiki. The infrastructure team will switch IRC bots (including channel > logging) at the cutover time as well. Send reminder announcements. > > 6) Ask those same people from #4 to stick around Freenode for a few > weeks after the cutover to assist anyone who shows up there and is > confused. > > 7) Set channel topics in Freenode to remind people that we have moved to > OFTC. > > If there aren't objections to this plan, I think we can propose a motion > to the TC with a date and move forward with it fairly soon. A couple of concerns / questions. #1) do we believe OFTC is fundamentally better equipped to resist a DDOS, or do we just believe they are a smaller target? The ongoing DDOS on meetup.com the past 2 weeks is a good indicator that being a smaller fish only helps for so long. #2) how bad do we believe nick contention might be in this transition? We've got 1000+ people that have well known nicks on freenode, that might hit conflicts on oftc. #3) while for IRC veterans this is a simple matter of changing a config in your IRC proxy, we have been training new folks for a long time (and all through our wiki and documentation) that Freenode is our place. That might have required some of these folks to get firewall rules for freenode created. What kind of timeline are you thinking about for the cutover to hopefully catch all these folks? -Sean -- Sean Dague Samsung Research America s...@dague.net / sean.da...@samsung.com http://dague.net signature.asc Description: OpenPGP digital signature ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
On Mon, 2014-03-03 at 15:07 -0800, James E. Blair wrote: > Hi, > > Freenode has been having a rough time lately due to a series of DDoS > attacks which have been increasingly disruptive to collaboration. > Fortunately there's an alternative. > > OFTC http://www.oftc.net/> is a robust and established alternative > to Freenode. It is a smaller network whose mission statement makes it a > less attractive target. It's significantly more stable than Freenode > and has friendly and responsive operators. The infrastructure team has > been exploring this area and we think OpenStack should move to using > OFTC. > > This would obviously be a big change, but we think that with the > following process, we can move fairly smoothly: > > 0) Establish channel and bot registrations on OFTC. This has already > been done (for all the channels listed on the wiki and all the bots > managed via the infrastructure program). That actually puts us ahead of > Freenode where we still haven't managed to register all the channels we > use. > > 1) Create an irc.openstack.org CNAME record that points to > chat.freenode.net. Update instructions to suggest users configure their > clients to use that alias. > > 2) Set a date and time for a cutover, at least several weeks out. Make > multiple announcements about the move on mailing lists, blogs, etc. > > 3) Set channel topics in OFTC to remind people that the move has not yet > occurred. > > Nearer to the cutover date: > > 4) Ask a few people (perhaps some core members of each team) to join > OFTC a few days early to be there to assist anyone who shows up there > and is confused. > > 5) On the cutover, change the CNAME and links to web clients in the > wiki. The infrastructure team will switch IRC bots (including channel > logging) at the cutover time as well. Send reminder announcements. > > 6) Ask those same people from #4 to stick around Freenode for a few > weeks after the cutover to assist anyone who shows up there and is > confused. > > 7) Set channel topics in Freenode to remind people that we have moved to > OFTC. > > If there aren't objections to this plan, I think we can propose a motion > to the TC with a date and move forward with it fairly soon. Sounds like a well thought-out plan. ++ -jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
Sean Dague writes: [I don't have anything substantial to add to q1 right now, though it's a good one.] > #2) how bad do we believe nick contention might be in this transition? > We've got 1000+ people that have well known nicks on freenode, that > might hit conflicts on oftc. Now might be a good time to go register your nick (and your casual Friday nick as well) and see. OFTC has a similar policy to Freenode around releasing nicks that have not been used in years, and the operators in #oftc have been responsive to such requests. That way, if this is a problem, we might find out early. > #3) while for IRC veterans this is a simple matter of changing a config > in your IRC proxy, we have been training new folks for a long time (and > all through our wiki and documentation) that Freenode is our place. That > might have required some of these folks to get firewall rules for > freenode created. What kind of timeline are you thinking about for the > cutover to hopefully catch all these folks? Good point (though with Freenode's constant server rotation, I wonder how many folks actually have IP-based firewall rules [as opposed to just a port rule which should work for OFTC as well]). I was thinking about a month, for starters. That gives us plenty of time for notice, and early April puts us in the RC phase but not too close to the release. If we decide to proceed but feel this isn't enough time for this or other issues, we should probably push it to early May (the "off week" after the release). -Jim ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
On 03/03/2014 06:07 PM, James E. Blair wrote: > If there aren't objections to this plan, I think we can propose a motion > to the TC with a date and move forward with it fairly soon. Sounds good to me. The plan sounds well thought out and I trust your judgement on the topic. :-) Also, your mention of "casual nick Friday" in a follow-up post won many additional points of support from me. -- Russell Bryant ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
FYI http://www.oftc.net/Services/#register-your-account On Tue, Mar 4, 2014 at 8:32 AM, James E. Blair wrote: > Sean Dague writes: > > [I don't have anything substantial to add to q1 right now, though it's a > good one.] > > > #2) how bad do we believe nick contention might be in this transition? > > We've got 1000+ people that have well known nicks on freenode, that > > might hit conflicts on oftc. > > Now might be a good time to go register your nick (and your casual > Friday nick as well) and see. OFTC has a similar policy to Freenode > around releasing nicks that have not been used in years, and the > operators in #oftc have been responsive to such requests. That way, if > this is a problem, we might find out early. > > > #3) while for IRC veterans this is a simple matter of changing a config > > in your IRC proxy, we have been training new folks for a long time (and > > all through our wiki and documentation) that Freenode is our place. That > > might have required some of these folks to get firewall rules for > > freenode created. What kind of timeline are you thinking about for the > > cutover to hopefully catch all these folks? > > Good point (though with Freenode's constant server rotation, I wonder > how many folks actually have IP-based firewall rules [as opposed to just > a port rule which should work for OFTC as well]). > > I was thinking about a month, for starters. That gives us plenty of > time for notice, and early April puts us in the RC phase but not too > close to the release. If we decide to proceed but feel this isn't > enough time for this or other issues, we should probably push it to > early May (the "off week" after the release). > > -Jim > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- *Intel SSG/STO/DCST/CIT* 880 Zixing Road, Zizhu Science Park, Minhang District, 200241, Shanghai, China +862161166500 ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
On Tue, Mar 04 2014, James E. Blair wrote: > If there aren't objections to this plan, I think we can propose a motion > to the TC with a date and move forward with it fairly soon. That plan LGTM, and +1 for OFTC. :) -- Julien Danjou /* Free Software hacker http://julien.danjou.info */ signature.asc Description: PGP signature ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
James E. Blair wrote: > Freenode has been having a rough time lately due to a series of DDoS > attacks which have been increasingly disruptive to collaboration. > Fortunately there's an alternative. > > OFTC http://www.oftc.net/> is a robust and established alternative > to Freenode. It is a smaller network whose mission statement makes it a > less attractive target. It's significantly more stable than Freenode > and has friendly and responsive operators. The infrastructure team has > been exploring this area and we think OpenStack should move to using > OFTC. There is quite a bit of literature out there pointing to Freenode, like presentation slides from old conferences. We should expect people to continue to join Freenode's channels forever. I don't think staying a few weeks on those channels to redirect misled people will be nearly enough. Could we have a longer plan ? Like advertisement bots that would advise every n hours to join the right servers ? > [...] > 1) Create an irc.openstack.org CNAME record that points to > chat.freenode.net. Update instructions to suggest users configure their > clients to use that alias. I'm not sure that helps. The people who would get (and react to) the DNS announcement are likely using proxies anyway, which you'll have to unplug manually from Freenode on switch day. The vast majority of users will just miss the announcement. So I'd rather just make a lot of noise on switch day :) Finally, I second Sean's question on OFTC's stability. As bad as Freenode is hit by DoS, they have experience handling this, mitigation procedures in place, sponsors lined up to help, so damage ends up *relatively* limited. If OFTC raises profile and becomes a target, are we confident they would mitigate DoS as well as Freenode does ? Or would they just disappear from the map completely ? I fear that we are trading a known evil for some unknown here. In all cases I would target post-release for the transition, maybe even post-Summit. -- Thierry Carrez (ttx) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
On 04/03/14 11:01, Thierry Carrez wrote: James E. Blair wrote: Freenode has been having a rough time lately due to a series of DDoS attacks which have been increasingly disruptive to collaboration. Fortunately there's an alternative. OFTC http://www.oftc.net/> is a robust and established alternative to Freenode. It is a smaller network whose mission statement makes it a less attractive target. It's significantly more stable than Freenode and has friendly and responsive operators. The infrastructure team has been exploring this area and we think OpenStack should move to using OFTC. There is quite a bit of literature out there pointing to Freenode, like presentation slides from old conferences. We should expect people to continue to join Freenode's channels forever. I don't think staying a few weeks on those channels to redirect misled people will be nearly enough. Could we have a longer plan ? Like advertisement bots that would advise every n hours to join the right servers ? Why not just set /topic to tell people to connect to OFTC and join there? Cheers, -- Stephen Gran Senior Systems Integrator - theguardian.com Please consider the environment before printing this email. -- Visit theguardian.com On your mobile, download the Guardian iPhone app theguardian.com/iphone and our iPad edition theguardian.com/iPad Save up to 57% by subscribing to the Guardian and Observer - choose the papers you want and get full digital access. Visit subscribe.theguardian.com This e-mail and all attachments are confidential and may also be privileged. If you are not the named recipient, please notify the sender and delete the e-mail and all attachments immediately. Do not disclose the contents to another person. You may not use the information for any purpose, or store, or copy, it in any way. Guardian News & Media Limited is not liable for any computer viruses or other material transmitted with or as part of this e-mail. You should employ virus checking software. Guardian News & Media Limited A member of Guardian Media Group plc Registered Office PO Box 68164 Kings Place 90 York Way London N1P 2AP Registered in England Number 908396 -- ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
Stephen Gran wrote: > On 04/03/14 11:01, Thierry Carrez wrote: >> James E. Blair wrote: >>> Freenode has been having a rough time lately due to a series of DDoS >>> attacks which have been increasingly disruptive to collaboration. >>> Fortunately there's an alternative. >>> >>> OFTC http://www.oftc.net/> is a robust and established alternative >>> to Freenode. It is a smaller network whose mission statement makes it a >>> less attractive target. It's significantly more stable than Freenode >>> and has friendly and responsive operators. The infrastructure team has >>> been exploring this area and we think OpenStack should move to using >>> OFTC. >> >> There is quite a bit of literature out there pointing to Freenode, like >> presentation slides from old conferences. We should expect people to >> continue to join Freenode's channels forever. I don't think staying a >> few weeks on those channels to redirect misled people will be nearly >> enough. Could we have a longer plan ? Like advertisement bots that would >> advise every n hours to join the right servers ? > > Why not just set /topic to tell people to connect to OFTC and join there? We certainly would set /topic, but a lot of people ignore channel topics (and a lot of IRC clients fail to display them). But if they read the channel, they just can't ignore the public service announcement bots :) -- Thierry Carrez (ttx) ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
On Tue, Mar 04, 2014 at 11:12:13AM +, Stephen Gran wrote: > On 04/03/14 11:01, Thierry Carrez wrote: > >James E. Blair wrote: > >>Freenode has been having a rough time lately due to a series of DDoS > >>attacks which have been increasingly disruptive to collaboration. > >>Fortunately there's an alternative. > >> > >>OFTC http://www.oftc.net/> is a robust and established alternative > >>to Freenode. It is a smaller network whose mission statement makes it a > >>less attractive target. It's significantly more stable than Freenode > >>and has friendly and responsive operators. The infrastructure team has > >>been exploring this area and we think OpenStack should move to using > >>OFTC. > > > >There is quite a bit of literature out there pointing to Freenode, like > >presentation slides from old conferences. We should expect people to > >continue to join Freenode's channels forever. I don't think staying a > >few weeks on those channels to redirect misled people will be nearly > >enough. Could we have a longer plan ? Like advertisement bots that would > >advise every n hours to join the right servers ? > > Why not just set /topic to tell people to connect to OFTC and join there? That's certainly something you want todo, but IME of moving IRC channels in the past, plenty of people will never look at the #topic :-( You want to be more aggressive like setting channel permissions to block anyone except admins from speaking in the channel. Then set a bot with admin rights to spam the channel once an hour telling people to go elsewhere. Regards, Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
++, OFTC looks nice. On Tue, Mar 4, 2014 at 3:31 PM, Daniel P. Berrange wrote: > On Tue, Mar 04, 2014 at 11:12:13AM +, Stephen Gran wrote: >> On 04/03/14 11:01, Thierry Carrez wrote: >> >James E. Blair wrote: >> >>Freenode has been having a rough time lately due to a series of DDoS >> >>attacks which have been increasingly disruptive to collaboration. >> >>Fortunately there's an alternative. >> >> >> >>OFTC http://www.oftc.net/> is a robust and established alternative >> >>to Freenode. It is a smaller network whose mission statement makes it a >> >>less attractive target. It's significantly more stable than Freenode >> >>and has friendly and responsive operators. The infrastructure team has >> >>been exploring this area and we think OpenStack should move to using >> >>OFTC. >> > >> >There is quite a bit of literature out there pointing to Freenode, like >> >presentation slides from old conferences. We should expect people to >> >continue to join Freenode's channels forever. I don't think staying a >> >few weeks on those channels to redirect misled people will be nearly >> >enough. Could we have a longer plan ? Like advertisement bots that would >> >advise every n hours to join the right servers ? >> >> Why not just set /topic to tell people to connect to OFTC and join there? > > That's certainly something you want todo, but IME of moving IRC channels > in the past, plenty of people will never look at the #topic :-( You want > to be more aggressive like setting channel permissions to block anyone > except admins from speaking in the channel. Then set a bot with admin > rights to spam the channel once an hour telling people to go elsewhere. > > Regards, > Daniel > -- > |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| > |: http://libvirt.org -o- http://virt-manager.org :| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| > |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| > > ___ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Sincerely yours, Sergey Lukjanov Savanna Technical Lead Mirantis Inc. ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
On 03/04/2014 06:13 PM, Julien Danjou wrote: > On Tue, Mar 04 2014, James E. Blair wrote: > >> If there aren't objections to this plan, I think we can propose a motion >> to the TC with a date and move forward with it fairly soon. > > That plan LGTM, and +1 for OFTC. :) Same over here, +1 for OFTC. Thomas ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
>#1) do we believe OFTC is fundamentally better equipped to resist a >DDOS, or do we just believe they are a smaller target? The ongoing DDOS >on meetup.com the past 2 weeks is a good indicator that being a smaller >fish only helps for so long. It seems like we would need a answer to this question. If the main reason to switch is to avoid DDoS interruptions, the question would really boil down to whether the OFTC is actually more resilient to DDoS or if they just haven't had to deal with it. Jarret smime.p7s Description: S/MIME cryptographic signature ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
On 03/04/2014 05:01 AM, Thierry Carrez wrote: James E. Blair wrote: Freenode has been having a rough time lately due to a series of DDoS attacks which have been increasingly disruptive to collaboration. Fortunately there's an alternative. OFTC http://www.oftc.net/> is a robust and established alternative to Freenode. It is a smaller network whose mission statement makes it a less attractive target. It's significantly more stable than Freenode and has friendly and responsive operators. The infrastructure team has been exploring this area and we think OpenStack should move to using OFTC. There is quite a bit of literature out there pointing to Freenode, like presentation slides from old conferences. We should expect people to continue to join Freenode's channels forever. I don't think staying a few weeks on those channels to redirect misled people will be nearly enough. Could we have a longer plan ? Like advertisement bots that would advise every n hours to join the right servers ? [...] 1) Create an irc.openstack.org CNAME record that points to chat.freenode.net. Update instructions to suggest users configure their clients to use that alias. I'm not sure that helps. The people who would get (and react to) the DNS announcement are likely using proxies anyway, which you'll have to unplug manually from Freenode on switch day. The vast majority of users will just miss the announcement. So I'd rather just make a lot of noise on switch day :) Finally, I second Sean's question on OFTC's stability. As bad as Freenode is hit by DoS, they have experience handling this, mitigation procedures in place, sponsors lined up to help, so damage ends up *relatively* limited. If OFTC raises profile and becomes a target, are we confident they would mitigate DoS as well as Freenode does ? Or would they just disappear from the map completely ? I fear that we are trading a known evil for some unknown here. In all cases I would target post-release for the transition, maybe even post-Summit. Indeed, I can't help but feel like the large amount of effort involved in changing networks is a bit of a riverboat gamble. DDoS has been an unfortunate reality for every well-known/trusted/stable IRC network for the last 15-20 years, and running from it rather than planning for it is usually a futile effort. It feels like we'd be chasing our tails trying to find a place where DDoS couldn't cause serious disruption; even then it's still not a sure thing. I would hate to see everyone's efforts to have been in vain once the same problem occurs there. -- Brian Cline br...@linux.vnet.ibm.com ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
-1 to the switch from me. this question from Sean is of fundamental value: On 03/03/2014 03:19 PM, Sean Dague wrote: > #1) do we believe OFTC is fundamentally better equipped to resist a > DDOS, or do we just believe they are a smaller target? The ongoing DDOS > on meetup.com the past 2 weeks is a good indicator that being a smaller > fish only helps for so long. until we can say that *fundamentally* OFTC is not going to suffer disruptions in the future I wouldn't even remotely consider a painful switch like this one. /stef -- Ask and answer questions on https://ask.openstack.org ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
I agree with Stefano. Migrating the entire community to a new service would be incredibly painful. It seems the pain of moving is not justified if we don’t know for a fact that OFTC would be more resilient to DDoS attacks. -1 to the switch as well. -Doug Mendizabal On 3/4/14, 2:48 PM, "Stefano Maffulli" wrote: >-1 to the switch from me. > >this question from Sean is of fundamental value: > >On 03/03/2014 03:19 PM, Sean Dague wrote: >> #1) do we believe OFTC is fundamentally better equipped to resist a >> DDOS, or do we just believe they are a smaller target? The ongoing DDOS >> on meetup.com the past 2 weeks is a good indicator that being a smaller >> fish only helps for so long. > >until we can say that *fundamentally* OFTC is not going to suffer >disruptions in the future I wouldn't even remotely consider a painful >switch like this one. > >/stef > >-- >Ask and answer questions on https://ask.openstack.org > >___ >OpenStack-dev mailing list >OpenStack-dev@lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev smime.p7s Description: S/MIME cryptographic signature ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
From: Brian Cline To: openstack-dev@lists.openstack.org, Date: 03/04/2014 12:29 PM Subject:Re: [openstack-dev] Proposal to move from Freenode to OFTC On 03/04/2014 05:01 AM, Thierry Carrez wrote: > James E. Blair wrote: >> Freenode has been having a rough time lately due to a series of DDoS >> attacks which have been increasingly disruptive to collaboration. >> Fortunately there's an alternative. >> >> OFTC http://www.oftc.net/> is a robust and established alternative >> to Freenode. It is a smaller network whose mission statement makes it a >> less attractive target. It's significantly more stable than Freenode >> and has friendly and responsive operators. The infrastructure team has >> been exploring this area and we think OpenStack should move to using >> OFTC. > There is quite a bit of literature out there pointing to Freenode, like > presentation slides from old conferences. We should expect people to > continue to join Freenode's channels forever. I don't think staying a > few weeks on those channels to redirect misled people will be nearly > enough. Could we have a longer plan ? Like advertisement bots that would > advise every n hours to join the right servers ? > >> [...] >> 1) Create an irc.openstack.org CNAME record that points to >> chat.freenode.net. Update instructions to suggest users configure their >> clients to use that alias. > I'm not sure that helps. The people who would get (and react to) the DNS > announcement are likely using proxies anyway, which you'll have to > unplug manually from Freenode on switch day. The vast majority of users > will just miss the announcement. So I'd rather just make a lot of noise > on switch day :) > > Finally, I second Sean's question on OFTC's stability. As bad as > Freenode is hit by DoS, they have experience handling this, mitigation > procedures in place, sponsors lined up to help, so damage ends up > *relatively* limited. If OFTC raises profile and becomes a target, are > we confident they would mitigate DoS as well as Freenode does ? Or would > they just disappear from the map completely ? I fear that we are trading > a known evil for some unknown here. > > In all cases I would target post-release for the transition, maybe even > post-Summit. > Indeed, I can't help but feel like the large amount of effort involved in changing networks is a bit of a riverboat gamble. DDoS has been an unfortunate reality for every well-known/trusted/stable IRC network for the last 15-20 years, and running from it rather than planning for it is usually a futile effort. It feels like we'd be chasing our tails trying to find a place where DDoS couldn't cause serious disruption; even then it's still not a sure thing. I would hate to see everyone's efforts to have been in vain once the same problem occurs there. -- Brian Cline br...@linux.vnet.ibm.com +1 I have not seen this as a frequent problem. I have been aware of it but it seems a bit excessive to move to a possibly less equipped provider. -Jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
Sean Dague writes: > #1) do we believe OFTC is fundamentally better equipped to resist a > DDOS, or do we just believe they are a smaller target? The ongoing DDOS > on meetup.com the past 2 weeks is a good indicator that being a smaller > fish only helps for so long. After speaking with a Freenode and OFTC staffer, I am informed that OFTC is generally and currently not the target of DDoS attacks, likely due to their smaller profile. If they were subject to such attacks, they would likely be less prepared to deal with them than Freenode, however, in that event, they would expect to extend their capabilities to deal with it, partially borrowing on experience from Freenode. And finally, Freenode is attempting to work with sponsors and networks that can help mitigate the ongoing DDoS attacks. I agree that this is not a decision to be taken lightly. I believe that we can effect the move successfully if we plan it well and execute it over an appropriate amount of time. My own primary concern is actually the loss of network effect. If you're only on one network, Freenode is probably the place to be since so many other projects are there. Nevertheless, I think our project is substantial enough that we can move with little attrition. The fact is though that Freenode has had significant service degradation due to DDoS attacks for quite some time -- the infra team notices this every time we have to chase down which side of a netsplit our bots ended up on and try to bring them back. We also had an entire day recently (it was a Saturday) where we could not use Freenode at all. There isn't much we can do about DDoS attacks on Freenode. If we stay, we're going to continue to deal with the occasional outage and spend a significant amount of time chasing bots. It's clear that Freenode is better able to deal with attacks than OFTC would be. However, OFTC doesn't have to deal with them because they aren't happening; and that's worth considering. -Jim ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
James E. Blair [mailto:jebl...@openstack.org] wrote: >significant amount of time chasing bots. It's clear that Freenode is >better able to deal with attacks than OFTC would be. However, OFTC >doesn't have to deal with them because they aren't happening; and that's >worth considering. Does anyone have any idea who is being targeted by the attacks? I assume they're hitting Freenode as a whole, but presumably the motivation is one or more channels as opposed to just not liking Freenode in principle. Honestly I tried IRC in the mid-nineties and didn't see the point (I spent all my free time reading Usenet (and even paid for Agent at one point after switching from nn on SunOS to Free Agent on Windows)) and never found any reason to go back to IRC until finding out that OpenStack's world revolves around Freenode. So I was only distantly aware of the battlefield of DDoSers trying to cause netsplits in order to "get ops" on contentious channels. Is there any chance that OpenStack is the target of the DDoSers? Or do you think there's some other target on Freenode and we're just collateral damage? ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Proposal to move from Freenode to OFTC
> The fact is though that Freenode has had significant service degradation >due to DDoS attacks for quite some time Rather than jumping ship, is there anything we as a community can do to help Freenode? This would obviously require a commitment of time/money, but it could be worth it for something we rely on so heavily. -Kurt ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
