[Box-Admins] Squeak.org nameserver stuff

Levente Uzonyi leves at caesar.elte.hu
Fri Jan 29 14:41:21 UTC 2016


Hi Tobias,

On Fri, 29 Jan 2016, Tobias Pape wrote:

> Hi,
>
> On 29.01.2016, at 05:22, Levente Uzonyi <leves at caesar.elte.hu> wrote:
>
>> Hi Tobias,
>>
>> On Fri, 29 Jan 2016, Tobias Pape wrote:
>>
>>> Dear all,
>>>
>>> I ponder using Cloudflare for squeak.org for two reasons:
>>> a) Faster site (faster download for files, for example, but website,too)
>>
>> Is it slow? If yes, by what measure?
>
> Well, _I've_ got a very fast connection (German DFN)
> and the main web site takes 2.5 seconds for its 1.6MB to load[1].

Same here. It takes 250-350 ms to download the html itself. The remaining 
5 fonts, 4 js files, 23 images and 1 css file are responsible for the 
rest. But this only applies for the first page load. The second time, when 
everything is cached, it only takes 250 ms to load the page.

There are also a few ways to make it faster without cloudflare:
- use spdy or http/2.0 with SSL
- precompress files on the server
- move to another host :)

>
> Another example: Downloading the current All-in-One. This a typical
> thing, I think. This 40M file takes around 30 seconds to download
> here at University, similar times I hear from a server in the US.

That's because the virtual server is bandwidth limited. IIRC it's capped 
at 20 or 30 Mbit/sec.

>
> To compare: When I put the file on my own server in Germany,
> it takes 8.6 seconds for the US server to download it.
>
> Also, I expect people from south america to have even worse
> times. (There is, btw, a LatAm SqueakSource file mirror because
> of frequent timeouts).

That mirror was set up when the server was in Germany, I'm sure it's a bit 
more convenient to use it from there, but I don't think it's still that 
bad now.

>
> If we can delegate global distribution of our files[2] and
> their caching, I wouldn't do it myself. They know their stuff.
>
> Also, they have this nifty Always Online feature:
>
> 	"If your server goes down, CloudFlare will serve your website's static pages from our cache."
>
> We also won't have to run a DNS server ourselves…

Yep, it'd mean fewer things to care about.

>
>
>>
>>> b) SSL for free, no hassle.
>>
>> We could have a free certificate anytime now that letsencrypt is live.
>
> Yes. But we actually have to manage that. And it is not so easy if you
> don't have the environment they want. Also, our software is way too old
> to runs smoothly with their stuff.
> You can ask Bert for an experience report of letsencrypt.

We have set it up for a site using the acme-tiny client.

>
> I myself are all in favour of it, but it is an _increased_ effort compared
> to just switching it on.
>
>>
>>>
>>> People have expressed interest in that, and I went forth and
>>
>> Who?
>
> - Fabio, who did this exact thing to his website.
> - Marcel
> - Bert
> - Craig also seemed to like it.
>
>
>>
>>> created everything necessary at clouflare but one thing:
>>>
>>> The master dns server entries have to be changed:
>>>
>>> 	a.ns.squeak.org -> austin.ns.cloudflare.com
>>> 	b.ns.squeak.org -> elsa.ns.cloudflare.com
>>>
>>> This has to be changed at the registrar (networksolutions).
>>> Currently, as per whois, Dan is owner of the site but I
>>> don't know wether he's the one turing the knobs for
>>> the domain. If so, we would need him to change those entries,
>>> if not, we would have to find out whom to talk to.
>>
>> I think Göran might have access to the DNS records.
>>
>
> Ah! I cc him :)
>
>>>
>>> So Iff the board and the admins decide to go for cloudflare we
>>> need networksolutions to change the DNS-NS.
>
>> I kinda dislike cloudflare, because if you use it, you'll give all control to them. They also tracks your users, even if you don't want them to, which is also something you are not allowed to do in the EU without the user's consent. The way I understand the law, every site using cloudflare breaks it, because they set the tracking cookie before the user could have a chance to opt-in.
>
> o_O Ok these are valid concerns.
>
> Let me look.
>
> Cloutflare says they need the cookie to implement their security stuff,
> explained here:
> 	https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do-
>
> Therefore, I think they are legal:
>
> 	http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm
>
> 	However, some cookies are exempt from this requirement. Consent is not required if the cookie is:
> 		• used for the sole purpose of carrying out the transmission of a communication, and
> 		• strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service.
>
> I think the first one fits here. They need the cookie to _not_ block you, apparently.

Well, you know, it could work without the cookie, but that would make it 
harder to prevent attacks. It's not like they couldn't provide the service 
without the cookie, they just won't do it.
From the law's PoV this is probably enough to work it around.

>
>
> So, I don't want to push this onto anybody. I only think it would help us.

It would make things easier for sure.

Levente

> If the general opinion is in disfavor, lets ditch it, otherwise,
> let's proceed.
>
>>
>> Levente
>>
>>>
>>> We need:
>>> 	- a decision
>>> 	- (mabye) contact Dan/Squeak.org-networksolutions-contact
>>>
>>> Best regards
>>> 	-Tobias
>
>
> Best regards
> 	-Tobias
>
> [1] Yes, there are different things to consider here, like decreasing size, etc,
> but I'm here for the DL speed :)
> [2] I am mainly concerned with the website and the file server atm.


More information about the Box-Admins mailing list