Today's irc.perl.org Maintenance

2016-11-09 19:16 EST

As mentioned on Twitter, irc.perl.org had a big maintenance today. It was probably the most noisy maintenance we've had in a long time.

So, what did you get?

  • Two old crusty servers were retired and three brand spanking new ones were brought into service. That brings our publicly-accessible node count to 5.

  • New SSL cert. It's still self-signed but all nodes now have a non-expired cert for ssl.irc.perl.org on port 7062.

  • IPv6. We have two nodes available via IPv6 via irc.perl.org and ssl.irc.perl.org. We hope to add more in the near future.

  • Less sungo-SPOFs. The backend details are boring and tedious but I spent a bunch of time enabling more people to help build, deploy, and maintain our servers. The network is in much better shape now, should I disappear.

Security

I want to take a moment to address network security. Right now, every irc.perl.org node offers SSL on port 7062. That's fantastic and makes me happy. There is bad news, however, and I want to make sure I'm crystal clear on this.

Despite client-to-server encryption, the links between the servers are NOT encrypted. By default, do NOT treat this network as a secure safe place from network sniffing.

I was really hoping to be able to announce the opposite today but it didn't work out. There's a lot of work ahead of us to build a secure network for you but that work is underway now that this maintenance is behind us.

The End

With today's work, I'm happier with the state of our infrastructure than I have been in a while. The lack of server link encryption makes me sad. But we know now what needs to be done. That's progress.

As always, if you have questions or concerns or if you have an irc issues following today's work, please hit me up on irc or twitter.