[WF-Infra] What next

Bob Racko bobr at dprc.net
Sat Jun 23 13:55:56 PDT 2001


At 01:22 PM 6/13/01 -0700, Jack Cummings wrote:
>On Wed, Jun 13, 2001 at 08:00:23PM -0000, anubis wrote:
><stuff>


            WHAT YOU DO FOR ME

You folks have been good to page me when IRC acts up
and I appreciate the synergy of having folks on IRC
be my coal-mine-canary when the ISP (concentric) fails to notify me.



            WHAT I CAN DO FOR YOU

I can host additional IRC services in another datacenter/webfarm
geographically separate from the main IRC server. irc.worldforge.org is in
NewYork/NewJersey.  The datacenter I am talking about is in MA.

I have very fast machines in the datacenter
but only a modest allotment of bandwidth I can use
for "monitoring" via IRC.   These are the same machines that
helped boost me into a top position in seti.
There is enough space to hold a brenda or 4 as well.

I would put brenda on the same machine as one of the irc servers
to lower bandwidth demand.  Multiple people here would be given IRC reboot 
authority.
(Jack + cerebus + myself and perhaps others).




            WHAT THE MACHINES DO FOR ME

The machines are all DMZ webhosts for news services or honey-pots
which means that if a compromise/cracker is detected, they get
overwritten and re-initialized.  Logs are saved on a filesystem that
does not allow exec or bounced through a one-way wire out the back
to another append-only area on an airline style "black-box" datalogger.
[
  its not painted black but it does do a wiring trick --
  remember RS232?  what happens if only pin2 and 7 are connected at one end?
  data can only go IN!
]

All the machines already run wiki (in fact a very advanced wiki installation)
though they will not be able to run zope.


            NO ZOPE? WHY NOT?

Its not a wiki-loyalty thing.  I am probably the most mercenary of any of 
us.  I may
author wiki but I have moved on to write wiki capabilities over into other 
languages/systems.
The perl one is indeed sluggish in a stock configuration where apache does 
nothing to
assist the cgi.   The machines in this webfarm have multiple small 
"enhancements" that
take them far away from a stock configuration.

Its more an issue on entrustment and $ from the folks who pay me to admin 
the farm.
I do not voluntarily give my time to them and they are conservative about 
allowing
other executables onto the system.  They are not willing to pay someone else
to give zope a security audit.  I do not have time to do it nor will I 
lower my integrity
to claim I have.

Would they permit a wf on zope if they were already using/trusting zope? 
Probably.

They are also monitoring your UI redevelopment effort though. I admit that
your efforts to convert your own site from wiki to zope are non-trivial.
The more you spend on it the less my backers
are interested in going anywhere near it.
Oh well.  I keep telling them its a second-system-effect.


            WHAT ELSE THE MACHINES COULD DO FOR YOU BESIDES IRC?

On these machines, Port 80 is already busy and it monitors and counts traffic.
Another port number will have to be used if you
would have it get (low bandwidth) web traffic.


several of the machines are slated to be  DNS hosts
so I am interested in the "ice" direction too.
If a machine were to run DNS for worldforge it would sit in
its own chrooted area with only a few executables handy.

;# mailto: bobr at dprc.net




More information about the Infra mailing list