Re: Sustainable funding and maintenance for our infrastructure

[Tomas Volf <~@wolfsden.cz>]

[-- Attachment #1: Type: text/plain, Size: 3421 bytes --]

On 2024-07-08 18:28:23 +0000, Vincent Legoll wrote:
> Hello,
>
> On Mon, Jul 8, 2024 at 3:47 PM Vagrant Cascadian <vagrant@debian.org> wrote:
>
> > This may be a little wild, but what are the downsides to doing some
> > combination of all of the above?
> >
> > A mixed strategy could reduce ... the upfront cost of buying and hosting
> > hardware (#1), the ongoing costs of renting (#2), and dependence on the
> > generosity of a third party for sponsored hardware & hosting (#3).
> >
> > It seems like any strategy should have some redundancy (e.g. multiple
> > independent build farms) so that a failure in one datacenter does not
> > effectively take down the whole network...
> >
>
> That would be my opinion too.
>
> But for the cloud renting I would first research if there are associated
> network or other costs,

Yes, there are other costs.  You in general pay for the egress used.  I have no
idea how much traffic does our current farm use.  I will speak of AWS, because
that is the one I know, but other will be likely similar.  If we would have
setup just in one "Availability Zone" (think data center), traffic between VMs
is free.  Traffic to the internet however is not.  First 100 GB is free each
month, and after that (source [0]):

First 10 TB / Month		$0.09 per GB
Next 40 TB / Month		$0.09 per GB
Next 100 TB / Month		$0.07 per GB
Greater than 150 TB / Month	$0.05 per GB

The prices differ by region a bit, but Europe and US are the "cheap" ones.

Interesting point is that someone can just decide to download a lot from you,
and *you* would pay for it.  It is nice way to drive up bill of someone you do
not like.

You also pay for storage and various other things.  Doing cost estimates in the
cloud is hard, because everything is complex and there are lot of options to
spend on.

Than there also is the "moral" side of the clouds.

> because the computing is cheap only to lure you into the (sometimes
> prohibitive) hidden costs.

Even the computing is not cheap by itself, if you just want compute, Hetzner is
cheaper.  Clouds give the nice things on top, like storage snapshots, backups,
... (ignoring the cost).  But, at least in my experience, not cost saving,
unless you radically re-design your application/stack to match the cloud
providers infrastructure.

Naive "lift and shift" migrations to the cloud can have tangible benefits, but
cost saving is rarely one of them.

Now, this all describes just actual "clouds".  Hetzner, for example, does not
charge for traffic (with some exceptions[1]).  You pay 2 EUR for public IPv4,
but other than that, I did not notice any unexpected charges on my invoices.

I personally think that renting actual physical servers might be a reasonable
idea.  One issue to consider is that (Hetzner in particular) has a history of
MitM attacks against their customers (assumption is that it was due to court
order, but it was never confirmed AFAIK).  So I would expect physical compromise
(signing keys) to be possible as well.  I have no idea how that would compare to
the security in the current hosting.

Have a nice day,
Tomas

0: https://www.cloudflare.com/learning/cloud/what-is-aws-data-transfer-pricing/
1: https://docs.hetzner.com/robot/general/traffic/

--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]