You are not logged in.

#1 2016-03-25 14:22:19

dot|not
Member
From: /dev/urandom
Registered: 2016-02-04
Posts: 93
Website

What would YOU want?

Got your attention? Excellent. devil

I need the community's opinion and input on something I'm (together with friends) currently designing and planning to build in the near future.

Ever since I've read "The Cuckoo's Egg" by Clifford Stoll I've been fascinated by the idea of many people interactively using one big computer. I'm not talking about THE CLOUD here, but about a more traditional approach - publicly accessible UNIX-systems.

And while the days of these beasts are long gone, the idea of running such a thing has been in the back of my mind for a long time, and I've repeatedly done it for a small circle of friends, and while it was sometimes exhaustive ("You have deleted your configuration file AGAIN? For f***s sake!") it was generally a quite fun experience, with a steep learning curve that brought me a lot of knowledge.

Talking about it over and over again (combined with the fact that moving out of systems administration and into security made me lazy) we came to the conclusion to build the exact thing mentioned above, a server that runs a flavour of Unix, accessible for everyone.

Other people that have done similar things are, for example devio.us, freeshells.org or blinkenshell.org - most of these sites / systems are run semi-professionally with a team behind them, we're just a bunch of nerds with (somewhat) beefy hardware at hand. All of this is not intended to be a replacement for these fine folks, it's a merely a playground to toy with technology.

If you would be interested in or use such a service, what would it be that you are looking for? It can be anything from a specific service you'd like to see (for example fingerd or a proxy for accessing gopher-sites or a looking-glass-esque service) or a specific feature (for example that you yourself get access to your backups and aren't dependent on anyone with administrative privileges) or specific community features. I'm even glad for things you specifically don't want to see - whatever that may be. If it's something you don't want to voice in public, feel free to hit me up on Freenode (dot|not) or drop me a private message.

Thank you very much!

Offline

#2 2016-03-25 14:41:32

twoion
ほやほや
Registered: 2015-08-10
Posts: 3,135

Re: What would YOU want?

Well-managed publicly accessible IRC bouncers are rare.

Mini-System-as-a-service: User SSHes into the box and gets dropped into an LXC container, created on-demand (fast because of LVM thin provisioning and cloning), running the OS of choice: OpenBSD, Arch, Fedora, CentOS, FreeBSD--you name it. Based on their pubkey, the users can log into the same container again after logging off; the container itself gets destroyed after some time of inactivity (24hours or so). The maximum (concurrent?) number of LXC containers per pubkey should be limited. Disk quota, memory quota, CPU share quota are enforced via LVM policy, bandwidth quota, you name it.

ssh freebsd@lxc.dotnot.org # gets a new freebsd container!
ssh archlinux@lxc.dotnot.org # gets a new arch container!
ssh bunsenlabs@lxc.dotnot.org # gets a new BL container!
# and so on

This project has some interesting challenges re. system design, and getting all the edge cases covered. Bonus points for a public IPv6 per container (should be easy, considering that everybody gets a /64 IPv6 net for free.


Music makes us braver

Offline

#3 2016-03-25 15:20:06

dot|not
Member
From: /dev/urandom
Registered: 2016-02-04
Posts: 93
Website

Re: What would YOU want?

Well-managed publicly accessible IRC bouncers are rare.

Which is probably because most bouncers out there don't really scale / have good command line interfaces or interfaces one could possibly script. Not even znc, being the de-facto standard, has that.

Mini-System-as-a-service: User SSHes into the box and gets dropped into an LXC container, created on-demand (fast because of LVM thin provisioning and cloning), running the OS of choice: OpenBSD, Arch, Fedora, CentOS, FreeBSD--you name it. Based on their pubkey, the users can log into the same container again after logging off; the container itself gets destroyed after some time of inactivity (24hours or so). The maximum (concurrent?) number of LXC containers per pubkey should be limited. Disk quota, memory quota, CPU share quota are enforced via LVM policy, bandwidth quota, you name it.

I just thought this through in my head. That's definitely doable, but potentially very complex.

Extract SSH-key fingerprint from the authentication process would, to my knowledge, require running in debug-mode all the time, which somewhat sucks. I have to admit, much of the limitations I currently see (How would I detect the inactivity?) are due to my very limited knowledge of LXC. I like the idea.

// Edit: Another problem I see is the amount of IPv4-addresses I have available. With a /56, that's nothing to worry about. But two /27 get tight pretty quickly.

Last edited by dot|not (2016-03-25 15:34:30)

Offline

#4 2016-03-27 17:17:54

dot|not
Member
From: /dev/urandom
Registered: 2016-02-04
Posts: 93
Website

Re: What would YOU want?

A gentle PUSH. Come on folks.

Offline

#5 2016-03-30 08:20:23

ohnonot
...again
Registered: 2015-09-29
Posts: 5,383
Website

Re: What would YOU want?

dot|not wrote:

If you would be interested in...

you only just made me realize how far this could go.
so, basically one could even run their own server from that? i'm not saying that i want to do that, just testing your limits ;-)
or, their own firefox (or just general) sync?
and what do you mean when you say UNIX? i understand that You decide which system it runs (unless the user wants to use some virtualization)?

i cannot right now see a usage scenario for myself that i couldn't realize from my own server, but interested, yes.

doesn't it mean i have to trust the admins completely with my stored data?

Last edited by ohnonot (2016-03-30 08:20:55)


Please use CODE tags for code.
Search youtube without a browser: repo | thread
BL quote proposals to this thread please.
my repos / my repos

Offline

#6 2016-03-30 11:50:40

pvsage
Internal Affairs
Registered: 2015-09-29
Posts: 1,433

Re: What would YOU want?

@.!:  One possibility I see for such a system is using the host machine as a "mainframe" from a MID, with the mobile device as an ersatz dumb terminal.  Suppose, for example, someone wants to build a Live ISO or do some BLendering or video transcoding: open a session, upload the source files, and let the host do the heavy lifting.  Is this the kind of thing you had in mind?


Be excellent to each other, and...party on, dudes!
BunsenLabs Forum Rules
Tending and defending the Flame since 2009

Offline

#7 2016-04-01 11:32:12

dot|not
Member
From: /dev/urandom
Registered: 2016-02-04
Posts: 93
Website

Re: What would YOU want?

ohnonot wrote:

so, basically one could even run their own server from that? i'm not saying that i want to do that, just testing your limits ;-)

You'd get full shell-access with a set of pre-installed tools - that includes a compiler. So while you won't have access to any sort of package management, you are basically free to compile your webserver of choice yourself and run it on a high port of your choice, obviously given that you don't abuse the resources of the server unnecessarily.

ohnonot wrote:

and what do you mean when you say UNIX? i understand that You decide which system it runs (unless the user wants to use some virtualization)?

Historically, most university systems or publicly available computer systems have run some kind of UNIX. HP-UX, SCO, whatever. We'd probably go with OpenBSD, which isn't a UNIX, but Unix. (Trademarks ftw!)

pvsage wrote:

@.!:  One possibility I see for such a system is using the host machine as a "mainframe" from a MID, with the mobile device as an ersatz dumb terminal.  Suppose, for example, someone wants to build a Live ISO or do some BLendering or video transcoding: open a session, upload the source files, and let the host do the heavy lifting.  Is this the kind of thing you had in mind?

Yes, however using Blender and transcoding videos is a bad idea. That's highly CPU-intensive and will impact other users. Which means the admin will visit you with torches and pitforks.

Offline

#8 2016-04-01 15:21:49

pvsage
Internal Affairs
Registered: 2015-09-29
Posts: 1,433

Re: What would YOU want?

dot|not wrote:

the admin will visit you with torches and pitforks.

Oh noes - Morlocks!  Run away!  Run away!!!

What's t3h use in having a powerful server at your disposal then?

EDIT:  I can easily envision a model in which such processor time would be available for a fee.  Of course, this isn't what you were asking for...

Last edited by pvsage (2016-04-01 15:54:51)


Be excellent to each other, and...party on, dudes!
BunsenLabs Forum Rules
Tending and defending the Flame since 2009

Offline

#9 2016-04-01 18:06:25

dot|not
Member
From: /dev/urandom
Registered: 2016-02-04
Posts: 93
Website

Re: What would YOU want?

What's t3h use in having a powerful server at your disposal then?

Equally sharing the resources. Of course you can use your share of CPU time to render stuff, .. but that most likely won't be a lot faster than rendering on your mobile phone.

Offline

#10 2016-04-02 13:01:35

pvsage
Internal Affairs
Registered: 2015-09-29
Posts: 1,433

Re: What would YOU want?

^ So resource allocation would be hard-limited to 1/n?

Have you attempted to do any rendering or transcoding on a mobile phone?  I haven't either, but I suspect that 1/n of a rocket ship would be more power than a full potato.


Be excellent to each other, and...party on, dudes!
BunsenLabs Forum Rules
Tending and defending the Flame since 2009

Offline

#11 2016-04-03 12:54:32

dot|not
Member
From: /dev/urandom
Registered: 2016-02-04
Posts: 93
Website

Re: What would YOU want?

^ So resource allocation would be hard-limited to 1/n?

Correct.

Have you attempted to do any rendering or transcoding on a mobile phone?  I haven't either, but I suspect that 1/n of a rocket ship would be more power than a full potato.

I actually have. Wasn't a fun experience. Still, I doubt that you would be too happy with the encoding performance. But feel free to try it out in the future. wink

Offline

Board footer

Powered by FluxBB