/operate/ - Endchan Operations

Let us know what's up

Posting mode: Reply

Check to confirm you're not a robot
Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom

Expand All Images

New infrastructure ordered odilitime 03/08/2017 (Wed) 09:48:54 [Preview] No. 5773
After a long period researching a new host and waiting for the right inventory to become available. We have found one. We're getting the keys tomorrow. Our new set up is $100USD/mo, a little more than our old server but it's much better hardware (3 times the cpus and ram, double the disk space) and we believe this is a better arrangement moving forward.

This includes an $85USD/mo 12 cores (24 threads) of 2.6ghz and 2x2tb HDD set up (HW RAID) in RAID 1. It has 6 bays and it is rent/lease to own, which means after 12 months we can reduce our monthly cost. It'll be a little slower than what we're on now (3.5ghz) but service levels should be more consistent.

Then the remaining $15USD/mo. is a front end caching VPS with encrypted disks (root and swap). We will use this to hide our backend server better, prevent DDoS and help put the nail in Cloudflare's coffin.

We'll be migrating to these new servers over the next week. Please hang with us and let us know any problems you may have.

We rely on your donations to stay independent and have our own hardware. This is a first major step in improving our infrastructure and having a long term plan to ensure we'll be around when needed. While we have a couple months buffer, I'd like to ask if you like what we're doing, to see if you can help kick down some bitcoin to ensure our continued existence.

Edited last time by odilitime on 03/08/2017 (Wed) 09:55:58.

Anonymous 03/14/2017 (Tue) 08:54:02 [Preview] No. 5801 del
Anyone else notice the site seems slower?

Anonymous 03/14/2017 (Tue) 13:24:34 [Preview] No. 5803 del

We're busy raiding 8chan.

We'll be back.

odilitime Board owner 03/15/2017 (Wed) 00:00:18 [Preview] No. 5804 del
We're not on the new server yet. It's going to take a couple weeks to transfer the data apparently.

Anonymous 03/15/2017 (Wed) 05:49:53 [Preview] No. 5805 del
When you get mobile app support I'll be back. Idgaf about your servers. Ads always help. Cya

Anonymous 03/18/2017 (Sat) 07:10:06 [Preview] No. 5823 del
Your mobile page sucks

Anonymous 03/18/2017 (Sat) 09:04:23 [Preview] No. 5824 del
Good. Either get the fuck off your iphone or get off the board, normie.

Anonymous 03/18/2017 (Sat) 23:16:42 [Preview] No. 5834 del
Does the ridiculously high 350 MB file size affect the server cost? There aren't any cheaper servers you can find? Can you replace all existing animated GIFs with thumbnails so they don't auto-play when people load the page to reduce a bit of unnecessary bandwidth usage?

odilitime Board owner 03/19/2017 (Sun) 10:32:32 [Preview] No. 5837 del
We're trying to avoid ads. We have one android app currently:

Ok, why is it bad? How can we make it better? Buttons/links too small? Zoom problems? For bonus point include some screenshots.

>Does the ridiculously high 350 MB file size affect the server cost?
Yes and no. It does effect the cost because we have to have a 2nd disk of the same size for RAID1 and then we have to back it up. Even with 350 MB files and being online over 1 year, we've never hit 1TB nor had to run the vacuum script. 1TB drives are so cheap these days, it's hard to find anything smaller (for example the old server we're leaving has 8tb hard drives). Also we got such a great deal on our new set up, it's hard to compete with the value.

>There aren't any cheaper servers you can find?
In the short term, yes. We looked at VPSes, $35/mo for 1TB but it was with a provider that fucked us over originally, so I didn't feel confident they're not going to increase that price either. The are other providers will cheap solutions but we ran out of time to research and vet them. Plenty of shit-tier VPS providers that over ratio their boxes and have lots of problems (See troubles with NextChan, LibreChan, Kiwifarms and 8ch.pl)
In the long term, no. This lease to own option allows us to purchase the server hardware (a very nice dual hexcore box) at $20/mo more than we were paying previously for our dedicated server. In a year this will allow us to have really nice hardware and drop our costs to VPS levels.

>Can you replace all existing animated GIFs with thumbnails so they don't auto-play when people load the page to reduce a bit of unnecessary bandwidth usage
Yes, I've put in a lot of work to make this a user selectable option. However it's still not ready yet. GIFs really don't use much bandwidth (especially with how LynxChan optimizes the thumbs for them).
The thing that saves us the most bandwidth is people using infinow.net domain, that uses CloudFlare's CDN caching to save bandwidth but CloudFlare hasn't had a great track record and we're considering removing them as bandwidth is not a large cost center for us. In fact in this new infrastructure set up, we optimize our packages bandwidth from 20TB down to 5TB (while still making it to flip the switch if we get hit with a lot of users all of a sudden). But it's hard to find a month when we're using even that.

Anonymous 03/25/2017 (Sat) 17:50:12 [Preview] No. 5865 del

Anonymous 04/02/2017 (Sun) 07:12:01 [Preview] No. 5928 del
Is this implemented yet?

odilitime Board owner 04/02/2017 (Sun) 07:35:46 [Preview] No. 5929 del
No, it's all set up but we haven't migrated. First due to the krautchan migration, and now we'll dealing with 8ch refugees. I need a good 2-3 hours of downtime to move the database, I think we'll wait until the weekdays when it's much slower but I'd like to move over this week.

Anonymous 04/02/2017 (Sun) 10:55:56 [Preview] No. 5931 del
Wait until 8ch is back up... might aswell make endchan look decent while they are here being guests.

odilitime Board owner 04/02/2017 (Sun) 19:23:08 [Preview] No. 5937 del
Since 8ch was down for more than 24 hours and our old server was having weird network problems, we decided to eat the 4 hours of downtime to improve things and I'm really impressed with the results.

odilitime Board owner 04/02/2017 (Sun) 19:31:37 [Preview] No. 5939 del
(101.18 KB 620x350 xl-2016-encryption-1.jpg)
Also should mention we're now completely encrypted end to end. All entire backend including the disks are encrypted with diverse passwords.

Only Balrog can be bring the database online.
Only Odili can be bring the lynxchan application online.
But Odili doesn't know Balrog's and Balrog's doesn't know Odili.
So it takes two keys to get the server working and requires both our blessing to bring the site back online.

We also established exactly one set of back up personnel incase one of us gets hit by a bus.

EDIT: fix horrible typo
Edited last time by odilitime on 04/02/2017 (Sun) 19:32:10.

Anonymous 04/02/2017 (Sun) 20:05:30 [Preview] No. 5940 del

Anonymous 04/02/2017 (Sun) 20:08:25 [Preview] No. 5941 del
>When you get mobile app support I'll be back. Idgaf about your servers. Ads always help. Cya

>pro advertisements
>pro mobile apps
>cell phone gamer
>normie cuck

Your mobile page sucks

>browsing image boards on a "smart" phone

>Good. Either get the fuck off your iphone or get off the board, normie.


FUCK OFF PHONE NORMIES. you are cancerous SCUM. go back to 4chan, no, REDDIT.

we want real people here. real critical thinkers who aren't glued to an Iphone and hopped up on fluoride.

Anonymous 04/02/2017 (Sun) 20:11:42 [Preview] No. 5942 del

the shills are busy, wew.

Anonymous 04/02/2017 (Sun) 20:14:36 [Preview] No. 5943 del
8chan is majorly cucked BO. worse than 4chan. things got really nasty before the april 1st hack, shills everywhere. spamming so so bad.

Anonymous 04/02/2017 (Sun) 20:35:15 [Preview] No. 5944 del
Great job!

Now, what is the threat we are trying to defend against or mitigate with this? Somebody having only cold (not run-time) but physical access to the hard disks? This is not rhetorical, btw, I'm just not seeing it.

Anonymous 04/02/2017 (Sun) 20:43:47 [Preview] No. 5945 del
It's probably a rare edge case but it was suggested to us by a security researcher. It just gives accountability to each other, it will likely mean more downtime when things fuck up but I think that will be rare and the added safety and trust will be worth it.

Anonymous 04/04/2017 (Tue) 11:15:52 [Preview] No. 5958 del

What happens if Balrog or Odili dies and the site crashes?

Anonymous 04/04/2017 (Tue) 16:27:55 [Preview] No. 5961 del

How will that help when the CPUs are backdoored? The crypto keys are stored XORd in ram. Intel management engine and AMD's trust zone etc let the women's christian temperance religion the entire world lives under now (ie: no female children as brides, good is what is good for women, men must have selfless love, not posessive love, etc: IE: Opposite of God of Deuteronomy etc: IE: Pro jesus/zoroaster/bhuddist philisophy)

Anonymous 04/04/2017 (Tue) 16:29:01 [Preview] No. 5962 del
... exfiltrate all data from ram etc.

Anonymous 04/05/2017 (Wed) 01:34:44 [Preview] No. 6044 del
>>5939 atta boy!
Now recall to have someone externally keep the private keys away from the servers, and one other person (please come back Snake dude!) maintain the VPN settings between the three!
I also hope your backup keys are not only encrypted but have a steganographed backup externally, like I do on "my cat blog". Bitcoin blockchain might come handiest in the future.
And soon to have deadman switches ( >>5958 ). Mines rotate monthly, since I barely have time to connect online at all.
>>5961 >>5962
That's not within the threat model of lynxchan & most IBs: If the hardware is already compromised host level, nothing much you can do: which many are (softserv, KVM, Xen, etc.)
But do actually summon me when you've designed a kernel-IB server that can auto validate compromise within hardware! (no irony, for real!)
I mean that extremely positively:

Anonymous 04/05/2017 (Wed) 20:38:34 [Preview] No. 6054 del
>But do actually summon me when you've designed a kernel-IB server that can auto validate compromise within hardware! (no irony, for real!)

"The mortal can only see what the gods show"

A function running on the host CPU cannot peer into the pipeline of the hypervisor CPU (unless Intel, AMD, etc really implemented it poorly).

Top | Return | Catalog | Post a reply