Dear nerds,
The nic.cz mirror [1] has been acting somewhat strange the past
few days. It's using about 50-250mbps of our bandwidth, totaling
more than the size of distfiles, meaning that even if they were
to have deleted their copy and started fresh, there is some kind
of configuration issue on their end.
None of the other mirrors have been behaving abnormally. Here is
where the nic.cz mirror is:
mirrormaster:~/distfiles# for k in $(pidof rsync); do
echo $k; lsof | grep ${k};
done \
| grep -v /dev/null \
| grep -v socket: \
| grep /usr/bin/rsync \
;
53908 /usr/bin/rsync 4 /var/www/archive
/adelie/1.0-beta1/user/ppc64/qemu-dbg-3.0.0-r1.apk
41812 /usr/bin/rsync 4 /var/www/archive
/adelie/1.0-beta1/user/ppc64/qt-creator-dbg-4.7.2-r0.apk
This has been making "forward progress" since I last checked,
but I've reached out to their admins to ask what's going on.
They are also using multiple connections, started 6 hours apart
(which is their cron interval), so it is clear that they are not
using `flock` or a similar mechanism to prevent redundant reads.
Additionally I noticed that they do not use the '--delete' flag
so (if it's not intentional) they are wasting their disk space
by keeping stale copies of our ISO media and anything we delete.
This is all to say:
* I do not know what the state of their mirror is. Our website
checks for the presence of a "heartbeat" file (timestamp)
and shows that they are up-to-date. If you notice missing
files with this mirror, please let us know.
* The extra bandwidth is not an issue for us; there should be
no noticeable performance degradation for any of our other
services. I will provide updates if this changes.
* If this becomes a problem I will temporarily block their
network and de-list their mirror from our website. Existing
installations using this mirror should not be affected.
Note that we updated our own rsync daemon to mitigate some nasty
CVEs [2] within mere hours of this going public. We have no
reason to believe our mirror has been compromised.
While the protocol version has been updated to make it easy for
admins to verify that a server has been updated, I would be
surprised if this would cause such behavior.
It is also possible that the nic.cz team noticed their own
public mirror was compromised and that they are re-downloading
all content from their upstreams (us) to be safe. I'll provide
an update once I hear back from their team.
ZV
[1]:
https://mirrors.nic.cz/adelie/ (http, https, rsync)
[2]:
https://kb.cert.org/vuls/id/952657
Received on Tue Jan 21 2025 - 05:31:58 CET