Proposal: Infrastructure - Datacenter (Sept)

Ryan Taylor

Well-known Member
Foundation Member
Jul 3, 2014
550
1,649
263
Scottsdale, AZ, USA
This is a cross-post from www.dashcentral.org/p/infra-general-201609

This proposal is to fund our ongoing infrastructure costs. We are requesting additional funding starting this cycle at an updated exchange rate. The overall effect is a reduction in requested Dash.

As you may be aware, dash.org was recently subject to a sizable 9 GB DDOS attack that disabled the site for much of the day on August 5th. To make matters worse, our DNS provider was down in parallel. As we have experienced poor service during these outages and in the interests of taking preventative measures, we plan to make several changes to the infrastructure operations.

We plan to move frontend DNS and hosting of all content on dash.org (including the forum) from qhoster to Cloudflare’s business plan, which should improve the quality and responsiveness of services we receive during outages. The Business plan includes advanced DDOS attack protection and mitigation and 100% uptime guarantees.

New costs are as follows...

Cloud infrastructure costs:
$260 per month for AWS and Google services and administration
Roles:
- Route53 DNS zone management
- EC2 web server instances
- S3 for web server instances
- Backups and auditing
- Gmail for domains
- VPS for integrations support

Hosted Compile Server:
$150 per month for co-location and replacement parts for our Bamboo compile server

Cloudflare Business plan:
$200 per month
- Hosting of dash.org and all services hosted under that domain
- DDOS protection
- Web optimization services
- Real time statistics

Requested funding is as follows for the September 4th budget cycle:
Total: 51.73 Dash

Note: Should any funding remain after the project is complete, we will apply those funds toward future infrastructure funding needs

Manually vote YES on this proposal:
dash-cli mnbudget vote-many 448b9a267197551b63dd9b57b969052cccdeec3a08c67db3bc5f02308cfa6253 yes
OR from the qt console:
mnbudget vote-many 448b9a267197551b63dd9b57b969052cccdeec3a08c67db3bc5f02308cfa6253 yes

Manually vote NO on this proposal:
dash-cli mnbudget vote-many 448b9a267197551b63dd9b57b969052cccdeec3a08c67db3bc5f02308cfa6253 no
OR from the qt console:
mnbudget vote-many 448b9a267197551b63dd9b57b969052cccdeec3a08c67db3bc5f02308cfa6253 no
 

rustycase

Active Member
Apr 19, 2016
495
118
113
It's not a security issue, it's a DDOS and way too much money to be worrying about such things
Well, if protection against any particular sort of attack does not relate to security, perhaps you could explain it to me ?
I must be confused, or simply ignorant.
Tnx!
rc
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
3,137
1,226
1,183
Well, if protection against any particular sort of attack does not relate to security, perhaps you could explain it to me ?
I must be confused, or simply ignorant.
Tnx!
rc
Indeed. How much dash is at risk of loss from such an attack?

I'd much prefer solutions that leveraged our own cloud of 4000+ servers than use someone elses cloud
 

kot

Well-known Member
Foundation Member
Mar 17, 2015
747
1,940
263
Indeed. How much dash is at risk of loss from such an attack?
Imagine a scenario if the Dash website is compromised and attacker manages to replace binaries and signatures - a lot of Dash is compromised. Remember the latest attack on Mint website? And this is only one of potential attack scenarios.
Security of the Dash network is only one part of the project. Security of all digital assets of the project is another. I am pretty sure that in case of any successful attack, there would be a lot of comments like "Why don't we use our budget to protect this instead spending so much for PR (or whatever)?" So this is to prevent, not to deal with problems.

I'd much prefer solutions that leveraged our own cloud of 4000+ servers than use someone elses cloud
Well... I guess that building "solutions that leveraged our own cloud of 4000+ servers" to have solutions similar to Cloudflare would be MUCH more expensive (probably counted in millions) than this proposal... Correct me if I'm wrong (I'm kind of ignorant in this and could not fully understand how simple solutions are offered by Cloudflare).
 
Last edited:

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
3,137
1,226
1,183
So, basically, the dash binaries are not safe now? Really?

#worrying
 

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
3,137
1,226
1,183
FFS, I'm just realising how absurd this proposal is. The dash core team can't ensure the safety of our binaries but we can trust the security of a third party cloud provider?? More so, we must pay more money for the privilege because the security of our own network is just not good enough? So, the binaries get compromised and trashes the reputation and price of dash... but that's ok because now we can blame someone else for their lack of security... really???? Just remind me of this when the next upgrade is posted 'cause I'm wondering if I should upgrade....
 

kot

Well-known Member
Foundation Member
Mar 17, 2015
747
1,940
263
Absurd? Think again please...

@GrandMasterDash, I guess you are totally mixing two different worlds. Dash network is created to protect and maintain Dash blockchain. Our website and many other digital assets are located in the Internet (we don't have any intranet) and as any other website, it is exposed to attacks - this is obvious I guess. What is also obvious is the fact that we use different infrastructure components provided by other companies/projects like operating systems, web servers, firewalls etc. No matter how great developers and admins we have, we need to rely on 3rd party software (which is of course a risk but we are not able to develop everything by ourselves). So to minimize the risks we have skilled admins to properly configure and monitor infra and soft + we use best security solutions we could find and afford. This is exactly what we do to ensure safety of our binaries and other assets. Would you propose anything more? How could the team protect the website better than with a dedicated security software - with muscles and guns???
Can you give me an example of one website in the Internet that is for sure 100% safe and you can say that it won't be ever compromised? I do not understand why it is so surprising for you that we want to have possibly the best solution on the market to protect our assets?
Going further - digital currency networks were not designed to protect websites as far as I know, therefore I am not sure how you could see our website being protected by the Dash network.

Anyway - if you are able to propose any reliable solution that uses Dash network to protect our digital assets, I promise I will be the first to vote for your proposal and when it is implemented and tested, other solutions (like this one) will be decommissioned. But for now we will keep the best solution that we can buy for the budget we have.
 
Last edited:

GrandMasterDash

Grizzled Member
Masternode Owner/Operator
Jul 12, 2015
3,137
1,226
1,183
Are the hashes for the binaries signed and placed on the dash blockchain?