Rubygems.org down for more that 5(?) hours now

Any alternative or workaround for this problem?

It’s probably the outage/ddos attack at dnsimple. They’re supposedly
close to a fix.

Eigil


Sent from Mailbox

Yes. It’s because of that. So? The community should be prepare for
something like this. Immediately offer a workaround that let people
continue working. Am I so wrong in been shock about this silence?

Thanks,

2014-12-01 20:56 GMT-03:00 Eigil S. [email protected]:

They did. See
https://twitter.com/rubygems_status/status/539513292105187328

http://rubygems.org/ is online again.

2014-12-01 21:24 GMT-03:00 Justin C. [email protected]:

On Mon, Dec 1, 2014 at 3:59 PM, Juanjo C. [email protected] wrote:

Yes. It’s because of that. So? The community should be prepare for something
like this. Immediately offer a workaround that let people continue working.

You’re part of “the community” – what’s your plan?

Is Still Down.


Rajeev N B
Sent with Sparrow (http://www.sparrowmailapp.com/?sig)

I got burned by this, just like many other people. While it is
unfortunate
that Rubygems.org was impacted and the nature in which it happened
appears
to be malicious, honestly this is a fairly simple infrastructure and
tooling problem. It is an infrastructure problem in that your
application/server/whatever shouldn’t be dependent on data coming from
Rubygems.org, and if it must, then use a local cache of Rubygems. It is
a
tooling problem, IMO, in that things like bundler and perhaps even
rubygems
itself don’t make this caching functionality on by default.

-jon

Hi! How do I go about setting up a local gem cache? Every time I’ve
googled it in the past (I have firewall issues at work which make this
something desirable), it’s seemed much more complex than I would have
thought, making me think I’m simply missing something. I guess it
really boils down to three questions:

  1. How do I (batch) retrieve the gems?

  2. Is there any magic to how I “reveal” them to my local network?
    (E.g., HTTP, I assume; is the hierarchy obvious? Etc.)

  3. How do I tell my “gem install”, etc., to go and hit up the local
    repo?

Thanks for any pointers…

-Ken

Yeah… I’m new in the community, but I’m already feeling part. I plat
to a
a mirror under the company where I work domain. Point our tools to that
domain and let it be used by the community. It’s all that I can think of
for my actual knowledge/resources.

2014-12-01 22:35 GMT-03:00 Hassan S.
[email protected]:

2014-12-01 22:49 GMT-03:00 Ken D’Ambrosio [email protected]:

  1. How do I tell my “gem install”, etc., to go and hit up the local repo?

I can help with this part.

If you use bundler, edit the Gemfile, if not:

gem source -r https://rubygems.org
gem source -a you_source

Greets!

On Monday 01 December 2014, 20:59:58, Juanjo C. wrote:

Yes. It’s because of that. So? The community should be prepare for
something like this. Immediately offer a workaround that let people
continue working. Am I so wrong in been shock about this silence?

Well, their status updates have been pretty clear on what was going on:
DNS
failure because of DDoS.

There’s not much anybody can do against DDoS, except for providing even
more
machines/bandwidth to raise the bar in terms of bogus requests a DDoS
needs to
be successful.

From what I gathered, the RubyGems.org infrastructure is already quite
good,
i.e., dedicated DNS hosting and servers running on AWS, so in theory, it
should scale. Still, it seems like a SPOF.

Actual, complete mirrors of rubygems.org would probably help. There’s
only a
draft wiki site on
https://github.com/rubygems/rubygems-mirror/wiki/Mirroring-2.0, but it
was lastly edited 2012, so I’ve got no idea
how far the efforts on this front actually went. I imagine that there’s
a
chicken-egg-problem.

For me, since I’ve got neither time nor resources for setting up a real
production mirror of rubygems.org that would be publicly accessible, its
simply trusting the rubygems.org team and not complaining.

  --- Eric

You can use rubygems-mirror along with a local copy of bundler-api

On 01/12/2014 23:52, Juanjo C. wrote:

Any alternative or workaround for this problem?

cpan.org

I can’t understand why with Ruby inherited so much from Perl but left
behind it’s best feature.

gvim

On Dec 1, 2014, at 17:41, Jon H. [email protected] wrote:

I got burned by this, just like many other people. While it is unfortunate that
Rubygems.org was impacted and the nature in which it happened appears to be
malicious, honestly this is a fairly simple infrastructure and tooling problem.
It is an infrastructure problem in that your application/server/whatever shouldn’t
be dependent on data coming from Rubygems.org, and if it must, then use a local
cache of Rubygems. It is a tooling problem, IMO, in that things like bundler and
perhaps even rubygems itself don’t make this caching functionality on by default.

% ls $(gem env gemdir)/cache
benchmark-ips-2.0.0.gem minitest-autotest-1.0.0.gem
gist-4.3.0.gem minitest-bisect-1.2.0.gem
hoe-3.13.0.gem minitest-server-1.0.0.gem
hoe-seattlerb-1.3.3.gem racc-1.4.12.gem
isolate-3.2.4.gem rake-10.3.2.gem
json-1.8.1.gem rdoc-4.1.2.gem
minitest-5.4.3.gem rubygems-cleanroom-1.0.1.gem