[liberationtech] query

[Chris Palmer]

Well, recall that my advice hinged on the assumption that the cloud
provider was not your threat actor. Maybe that's not looking like too
good an assumption these days. :) (For certain users, for certain
threats, for certain providers. And remember, yesterday's Amazon
excitement was not the first: When Google got popped, the Chinese went
straight for the Gmail of dissenters.)

One size does not fit all, as always.

No promises --- Conan the Barbarian himself would quail at my TODO list
--- but keep an eye on https://ssd.eff.org/ for updates, hopefully
coming Real Soon Now.


On 12/02/2010 03:18 AM, Adam Fisk wrote:

> I'd like to re-emphasize Chris's original answer to this thread -- use
> the cloud. To me, the likelihood of thousands of competent sysadmins
> appearing in organizations that are typically notorious for lacking
> tech expertise is low, despite everyone's best intentions. To
> accomplish this would also put a strain on the resources of
> organizations that typically don't have resources to spare.
> 
> I'd strongly recommend using cloud solutions, and especially Google
> App Engine, as Chris recommended. In most cases it's much easier to
> deploy your sites to the cloud even outside of DDoS attacks. GAE is
> also free for the amount of traffic most of these sites get, not to
> mention the amount of money you'll save employing fewer programmers,
> and it saves immense amounts of time in areas such as not having to
> back up your database, not worrying about scalability, etc. Not
> worrying about DDoS attacks is just another reason among many. I'd
> also strongly recommend GAE over Amazon because it's much less work
> and requires even less expertise to handle something like a DDoS
> attack. You still have to know what you're doing on that front with
> Amazon. With GAE you don't.


-- 
Chris Palmer
Technology Director, Electronic Frontier Foundation