Dear all,
I ponder using Cloudflare for squeak.org for two reasons: a) Faster site (faster download for files, for example, but website,too) b) SSL for free, no hassle.
People have expressed interest in that, and I went forth and created everything necessary at clouflare but one thing:
The master dns server entries have to be changed:
a.ns.squeak.org -> austin.ns.cloudflare.com b.ns.squeak.org -> elsa.ns.cloudflare.com
This has to be changed at the registrar (networksolutions). Currently, as per whois, Dan is owner of the site but I don't know wether he's the one turing the knobs for the domain. If so, we would need him to change those entries, if not, we would have to find out whom to talk to.
So Iff the board and the admins decide to go for cloudflare we need networksolutions to change the DNS-NS.
We need: - a decision - (mabye) contact Dan/Squeak.org-networksolutions-contact
Best regards -Tobias
Hi Tobias,
On Fri, 29 Jan 2016, Tobias Pape wrote:
Dear all,
I ponder using Cloudflare for squeak.org for two reasons: a) Faster site (faster download for files, for example, but website,too)
Is it slow? If yes, by what measure?
b) SSL for free, no hassle.
We could have a free certificate anytime now that letsencrypt is live.
People have expressed interest in that, and I went forth and
Who?
created everything necessary at clouflare but one thing:
The master dns server entries have to be changed:
a.ns.squeak.org -> austin.ns.cloudflare.com b.ns.squeak.org -> elsa.ns.cloudflare.com
This has to be changed at the registrar (networksolutions). Currently, as per whois, Dan is owner of the site but I don't know wether he's the one turing the knobs for the domain. If so, we would need him to change those entries, if not, we would have to find out whom to talk to.
I think Göran might have access to the DNS records.
So Iff the board and the admins decide to go for cloudflare we need networksolutions to change the DNS-NS.
I kinda dislike cloudflare, because if you use it, you'll give all control to them. They also tracks your users, even if you don't want them to, which is also something you are not allowed to do in the EU without the user's consent. The way I understand the law, every site using cloudflare breaks it, because they set the tracking cookie before the user could have a chance to opt-in.
Levente
We need:
- a decision
- (mabye) contact Dan/Squeak.org-networksolutions-contact
Best regards -Tobias
Hi,
On 29.01.2016, at 05:22, Levente Uzonyi leves@caesar.elte.hu wrote:
Hi Tobias,
On Fri, 29 Jan 2016, Tobias Pape wrote:
Dear all,
I ponder using Cloudflare for squeak.org for two reasons: a) Faster site (faster download for files, for example, but website,too)
Is it slow? If yes, by what measure?
Well, _I've_ got a very fast connection (German DFN) and the main web site takes 2.5 seconds for its 1.6MB to load[1].
Another example: Downloading the current All-in-One. This a typical thing, I think. This 40M file takes around 30 seconds to download here at University, similar times I hear from a server in the US.
To compare: When I put the file on my own server in Germany, it takes 8.6 seconds for the US server to download it.
Also, I expect people from south america to have even worse times. (There is, btw, a LatAm SqueakSource file mirror because of frequent timeouts).
If we can delegate global distribution of our files[2] and their caching, I wouldn't do it myself. They know their stuff.
Also, they have this nifty Always Online feature:
"If your server goes down, CloudFlare will serve your website's static pages from our cache."
We also won't have to run a DNS server ourselves…
b) SSL for free, no hassle.
We could have a free certificate anytime now that letsencrypt is live.
Yes. But we actually have to manage that. And it is not so easy if you don't have the environment they want. Also, our software is way too old to runs smoothly with their stuff. You can ask Bert for an experience report of letsencrypt.
I myself are all in favour of it, but it is an _increased_ effort compared to just switching it on.
People have expressed interest in that, and I went forth and
Who?
- Fabio, who did this exact thing to his website. - Marcel - Bert - Craig also seemed to like it.
created everything necessary at clouflare but one thing:
The master dns server entries have to be changed:
a.ns.squeak.org -> austin.ns.cloudflare.com b.ns.squeak.org -> elsa.ns.cloudflare.com
This has to be changed at the registrar (networksolutions). Currently, as per whois, Dan is owner of the site but I don't know wether he's the one turing the knobs for the domain. If so, we would need him to change those entries, if not, we would have to find out whom to talk to.
I think Göran might have access to the DNS records.
Ah! I cc him :)
So Iff the board and the admins decide to go for cloudflare we need networksolutions to change the DNS-NS.
I kinda dislike cloudflare, because if you use it, you'll give all control to them. They also tracks your users, even if you don't want them to, which is also something you are not allowed to do in the EU without the user's consent. The way I understand the law, every site using cloudflare breaks it, because they set the tracking cookie before the user could have a chance to opt-in.
o_O Ok these are valid concerns.
Let me look.
Cloutflare says they need the cookie to implement their security stuff, explained here: https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-Clo...
Therefore, I think they are legal:
http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm
However, some cookies are exempt from this requirement. Consent is not required if the cookie is: • used for the sole purpose of carrying out the transmission of a communication, and • strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service.
I think the first one fits here. They need the cookie to _not_ block you, apparently.
So, I don't want to push this onto anybody. I only think it would help us. If the general opinion is in disfavor, lets ditch it, otherwise, let's proceed.
Levente
We need:
- a decision
- (mabye) contact Dan/Squeak.org-networksolutions-contact
Best regards -Tobias
Best regards -Tobias
[1] Yes, there are different things to consider here, like decreasing size, etc, but I'm here for the DL speed :) [2] I am mainly concerned with the website and the file server atm.
On 29.01.2016, at 08:52, Tobias Pape Das.Linux@gmx.de wrote:
On 29.01.2016, at 05:22, Levente Uzonyi leves@caesar.elte.hu wrote:
On Fri, 29 Jan 2016, Tobias Pape wrote:
People have expressed interest in that, and I went forth and
Who?
- Fabio, who did this exact thing to his website.
- Marcel
- Bert
- Craig also seemed to like it.
I don’t think “express interest” is the same as “let’s do it” but more like “let’s discuss” ;)
In general, I think it’s preferable to reduce our admin load, and if something can be easily managed by someone else that’s a good thing. So if by using cloudflare we get https for free that’s a good thing, provided there are no significant downsides (which we need to discuss).
However, IIUC cloudflare would not really work to accelerate our downloads since .zip files are not cached?
https://support.cloudflare.com/hc/en-us/articles/200172516-What-file-extensi...
Or did I misunderstand?
- Bert -
On Fri, 29 Jan 2016, Bert Freudenberg wrote:
On 29.01.2016, at 08:52, Tobias Pape Das.Linux@gmx.de wrote:
On 29.01.2016, at 05:22, Levente Uzonyi leves@caesar.elte.hu wrote:
On Fri, 29 Jan 2016, Tobias Pape wrote:
People have expressed interest in that, and I went forth and
Who?
- Fabio, who did this exact thing to his website.
- Marcel
- Bert
- Craig also seemed to like it.
I don’t think “express interest” is the same as “let’s do it” but more like “let’s discuss” ;)
In general, I think it’s preferable to reduce our admin load, and if something can be easily managed by someone else that’s a good thing. So if by using cloudflare we get https for free that’s a good thing, provided there are no significant downsides (which we need to discuss).
However, IIUC cloudflare would not really work to accelerate our downloads since .zip files are not cached?
https://support.cloudflare.com/hc/en-us/articles/200172516-What-file-extensi...
Or did I misunderstand?
It might be possible to do it, because you get 3 Page Rules[1] with the free plan[2]. But cloudflare may still refuse to cache them.
Levente
[1] https://blog.cloudflare.com/introducing-pagerules-advanced-caching/ [2] https://www.cloudflare.com/plans/
- Bert -
Hi Tobias,
On Fri, 29 Jan 2016, Tobias Pape wrote:
Hi,
On 29.01.2016, at 05:22, Levente Uzonyi leves@caesar.elte.hu wrote:
Hi Tobias,
On Fri, 29 Jan 2016, Tobias Pape wrote:
Dear all,
I ponder using Cloudflare for squeak.org for two reasons: a) Faster site (faster download for files, for example, but website,too)
Is it slow? If yes, by what measure?
Well, _I've_ got a very fast connection (German DFN) and the main web site takes 2.5 seconds for its 1.6MB to load[1].
Same here. It takes 250-350 ms to download the html itself. The remaining 5 fonts, 4 js files, 23 images and 1 css file are responsible for the rest. But this only applies for the first page load. The second time, when everything is cached, it only takes 250 ms to load the page.
There are also a few ways to make it faster without cloudflare: - use spdy or http/2.0 with SSL - precompress files on the server - move to another host :)
Another example: Downloading the current All-in-One. This a typical thing, I think. This 40M file takes around 30 seconds to download here at University, similar times I hear from a server in the US.
That's because the virtual server is bandwidth limited. IIRC it's capped at 20 or 30 Mbit/sec.
To compare: When I put the file on my own server in Germany, it takes 8.6 seconds for the US server to download it.
Also, I expect people from south america to have even worse times. (There is, btw, a LatAm SqueakSource file mirror because of frequent timeouts).
That mirror was set up when the server was in Germany, I'm sure it's a bit more convenient to use it from there, but I don't think it's still that bad now.
If we can delegate global distribution of our files[2] and their caching, I wouldn't do it myself. They know their stuff.
Also, they have this nifty Always Online feature:
"If your server goes down, CloudFlare will serve your website's static pages from our cache."
We also won't have to run a DNS server ourselves…
Yep, it'd mean fewer things to care about.
b) SSL for free, no hassle.
We could have a free certificate anytime now that letsencrypt is live.
Yes. But we actually have to manage that. And it is not so easy if you don't have the environment they want. Also, our software is way too old to runs smoothly with their stuff. You can ask Bert for an experience report of letsencrypt.
We have set it up for a site using the acme-tiny client.
I myself are all in favour of it, but it is an _increased_ effort compared to just switching it on.
People have expressed interest in that, and I went forth and
Who?
- Fabio, who did this exact thing to his website.
- Marcel
- Bert
- Craig also seemed to like it.
created everything necessary at clouflare but one thing:
The master dns server entries have to be changed:
a.ns.squeak.org -> austin.ns.cloudflare.com b.ns.squeak.org -> elsa.ns.cloudflare.com
This has to be changed at the registrar (networksolutions). Currently, as per whois, Dan is owner of the site but I don't know wether he's the one turing the knobs for the domain. If so, we would need him to change those entries, if not, we would have to find out whom to talk to.
I think Göran might have access to the DNS records.
Ah! I cc him :)
So Iff the board and the admins decide to go for cloudflare we need networksolutions to change the DNS-NS.
I kinda dislike cloudflare, because if you use it, you'll give all control to them. They also tracks your users, even if you don't want them to, which is also something you are not allowed to do in the EU without the user's consent. The way I understand the law, every site using cloudflare breaks it, because they set the tracking cookie before the user could have a chance to opt-in.
o_O Ok these are valid concerns.
Let me look.
Cloutflare says they need the cookie to implement their security stuff, explained here: https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-Clo...
Therefore, I think they are legal:
http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm
However, some cookies are exempt from this requirement. Consent is not required if the cookie is: • used for the sole purpose of carrying out the transmission of a communication, and • strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service.
I think the first one fits here. They need the cookie to _not_ block you, apparently.
Well, you know, it could work without the cookie, but that would make it harder to prevent attacks. It's not like they couldn't provide the service without the cookie, they just won't do it. From the law's PoV this is probably enough to work it around.
So, I don't want to push this onto anybody. I only think it would help us.
It would make things easier for sure.
Levente
If the general opinion is in disfavor, lets ditch it, otherwise, let's proceed.
Levente
We need:
- a decision
- (mabye) contact Dan/Squeak.org-networksolutions-contact
Best regards -Tobias
Best regards -Tobias
[1] Yes, there are different things to consider here, like decreasing size, etc, but I'm here for the DL speed :) [2] I am mainly concerned with the website and the file server atm.
box-admins@lists.squeakfoundation.org