I run a public unix(openbsd) shell for fun, I call it my social network platform it sort of sucks, no users, ip6 only, a bunch of vm's on an old underpowered router running in my closet. But feel free to stop by and set up a .plan if you have nothing better to do.
It is pretty pointless, nobody needs or wants a unix shell account in this day and age. But I had fun setting it up, it started as an exercise to see what a shared multiuser postgres install would look like and got a little out of control. My current project is getting a rack of raspberry pi's(6 of them in a cute little case) hooked in as physical application nodes.
hanslub42 14 minutes ago [-]
> nobody needs or wants a unix shell account in this day and age
I do. But I do not need just any Unix shell account, I need old and weird ones! I develop and maintain a portable utility (rlwrap) that is aimed at users of older software, who are often also using older or even obsolete systems.
For years, I used Polarhome (http://www.polarhome.com/) as a "dinosaur zoo" of obsolete systems (thans, Zoltan!) For every new release, building it on a creaky Solaris or HP-UX machine would expose a few bugs.
Because older systems are being replaced by (much more uniform) newer ones, there is a diminishing need for such extreme portability. This is also the reason that Polarhome closed in 2022.
In spite of this, testing on many different systems improves general code quality, even for users of mainstream systems like linux, BSD or OSX.
Of course, I could setup a couple of virtual machines, but that is a lot of hassle, especially for machines with uncommon processor architectures.
kristopolous 2 hours ago [-]
Finally got to log into a vms system! I was looking to do that over 20 years ago but never could find one.
Somehow I still remembered most of the shell syntax in a book I read about it probably in 2001. Don't ask me ... I don't know how either.
Got bored in about 10 minutes but still, another box checked off!
avhception 1 hours ago [-]
I've only ever read about VMS in an historic context, like Wikipedia articles and blog posts. DEC and VMS are not well known. That's a shame, considering how much influence they had, especially on WinNT.
I've been fortunate enough to know Stephen Jones of SDF through his running of the local Seattle retro computing event (now rebranded as VCF PNW)
He's an absolutely kind soul who is deeply interested in all kinds of retro projects. I wish there were more folks like him in tech generally
iszomer 15 minutes ago [-]
Likewise, iirc @ VCF in MV 2005.
asimovDev 3 hours ago [-]
Named after the Super Dimension Fortress from the Macross anime series. If you like mecha i recommend checking out the original series (it might look dated in some regards but still worth a watch. And the Do You Remember Love is a must watch after you finished the series, a grandiose animated spectacle, one of the most impressive animated films I've seen)
If you are not feeling like watching a long series, I recommend checking out Macross Plus, from the author of Cowboy Bebop and Samurai Champloo
The series is known as Robotech in the USA. The original series is not available legally in the USA to my knowledge but should be available on Japanese blu rays with english subtitles or on your favorite Linux ISO sharing website. The rest of the entries are on Disney+ or the aforementioned websites.
trashb 1 hours ago [-]
SDF is cool, I commend their efforts of keeping a pub unix going! To me it feels like a stronghold of the "old school" web, similar to certain builtin board systems.
I regularly visit and enjoy reading the phlogs of their members as well.
just got my stickers from there yesterday! :-) i wish my less cs-oriented friends could see how cool i think the sdf is, lol; and, that some kind of "small-web" system, complete with the self-expression the sdf offers via web-hosting, a radio station(!), etc., was accessible to more people (not at the fault of anyone; just that there's a lot to the internet that most people will never see). :>
seblon 3 hours ago [-]
I found a way to escape their shell (so you can run whatever you want), if you're not verified, it involves multiple steps to archive this. I mailed them 2x to their membership address, but since today no reaction. I asked also in their IRC.
Just a question to HN: should I wait more, try again? Or should I simply publish the vulnerabilities somewhere? If yes, where? It's my first time that I found a vulnerability at my own, not sure how to deal with that.
bayindirh 3 hours ago [-]
You shall wait. It's a volunteer powered system and while the ops are silent and terse in their mails, they're nice people.
Their plate is already quite full and they operate a whole universe of services, so cut them some slack.
It's not an ordinary service which is exposed to internet trying to turn a profit. They run SDF, two Mastodon instances, a mail server, a Git server, trying to salvage/keep alive living computer museum (SDF Vintage Systems), etc. etc.
bezier-curve 1 hours ago [-]
I get that it's a volunteer system, but having donated for 2 years to help support their Lemmy instance, it's frustrating it's been down for 2 weeks without much of an update, just a hint "there's a good chance" it will come back. To me that seems lacking of transparency, not terse. How much disk space is it using? Maybe others in the community could help? How can they if they don't respond to emails? It was a nice thing while it lasted, but for federated social media, that kind of downtime hurts communities the most.
zorked 3 hours ago [-]
Don't publish. You already notified them, your shell escape isn't a big deal, publishing it will only be a pain for the volunteers running the service.
aboardRat4 2 hours ago [-]
I think you should create some visible but harmless nuisance using this shell escape, so that it's likely to get noticed, but doesn't damage anyone's valuable data.
Perhaps just run "bash -c 'stress --cpu 64 ; echo fix your shell escape'"l " or something like that.
yashasolutions 7 minutes ago [-]
Creating a nuisance is not a good way to go about it.
Some security practices sometimes feels like someone stabbing you just to prove you could be stabbed.
Then they point at the wound and say: "See? You should be more careful."
Yes, the risk is real, but creating harm to demonstrate it isnt the same as protecting people.
bayindirh 1 hours ago [-]
Well, ruining everyone's day on that particular host is not a nice way to "bring this to attention".
If I ever experienced something like that, I'd be banning the person (or limiting their resources drastically) for 60 to 90 days to bring the impact of this matter to their attention.
Anything affecting users on a system is not harmless.
nabogh 3 hours ago [-]
Definitely wait at least a few months if you've not already. There are legal risks with these kinds of things and some orgs move slowly.
anthk 2 hours ago [-]
I did it too but TBH as I used small tools such as tcc, jimsh, eforth+muxleq, sacc, smu, catpoint+pointtools, compilers from https://t3x.org... I didn't care a lot on the rest, I'm pretty happy with my current account.
You can do a lot with S9 Scheme and the Unix API/syscalls it supports.
Yesterday was NetBSD's 33rd Birthday. Nice time to share it :)
jbaber 1 days ago [-]
Still going strong. I started there when they were still on DEC alphas.
"this page was generated using ksh, sed and awk"
vjay15 52 minutes ago [-]
Omg, we can access even ancient OSes, this is amazing!
pestle 2 hours ago [-]
I had an account there years ago but never really saw the point. I was already SSHing in from a shell, just to end up at another, different one. Kind of whimsical I guess, but ultimately of scant practical use.
jbaber 1 days ago [-]
A great webhost, too. You can log in and edit html/index.html directly or scp stuff up.
hsnewman 3 hours ago [-]
I've been on it forever, it's such a great resource
user3939382 1 days ago [-]
I love SDF. Super reliable and awesome community.
adaptit 2 hours ago [-]
[dead]
Rendered at 10:15:46 GMT+0000 (Coordinated Universal Time) with Vercel.
ssh to applicant@register.public.outband.net
instructions at https://www.public.outband.net note that it's ip6 only.
It is pretty pointless, nobody needs or wants a unix shell account in this day and age. But I had fun setting it up, it started as an exercise to see what a shared multiuser postgres install would look like and got a little out of control. My current project is getting a rack of raspberry pi's(6 of them in a cute little case) hooked in as physical application nodes.
I do. But I do not need just any Unix shell account, I need old and weird ones! I develop and maintain a portable utility (rlwrap) that is aimed at users of older software, who are often also using older or even obsolete systems.
For years, I used Polarhome (http://www.polarhome.com/) as a "dinosaur zoo" of obsolete systems (thans, Zoltan!) For every new release, building it on a creaky Solaris or HP-UX machine would expose a few bugs.
Because older systems are being replaced by (much more uniform) newer ones, there is a diminishing need for such extreme portability. This is also the reason that Polarhome closed in 2022.
In spite of this, testing on many different systems improves general code quality, even for users of mainstream systems like linux, BSD or OSX.
Of course, I could setup a couple of virtual machines, but that is a lot of hassle, especially for machines with uncommon processor architectures.
Somehow I still remembered most of the shell syntax in a book I read about it probably in 2001. Don't ask me ... I don't know how either.
Got bored in about 10 minutes but still, another box checked off!
SDF Public Access Unix System - https://news.ycombinator.com/item?id=32340635 - Aug 2022 (29 comments)
SDF Public Access Unix System - https://news.ycombinator.com/item?id=31076886 - April 2022 (46 comments)
SDF Public Access Unix System - https://news.ycombinator.com/item?id=14940790 - Aug 2017 (29 comments)
SDF – Public Access Unix System - https://news.ycombinator.com/item?id=14134798 - April 2017 (51 comments)
He's an absolutely kind soul who is deeply interested in all kinds of retro projects. I wish there were more folks like him in tech generally
If you are not feeling like watching a long series, I recommend checking out Macross Plus, from the author of Cowboy Bebop and Samurai Champloo
The series is known as Robotech in the USA. The original series is not available legally in the USA to my knowledge but should be available on Japanese blu rays with english subtitles or on your favorite Linux ISO sharing website. The rest of the entries are on Disney+ or the aforementioned websites.
I regularly visit and enjoy reading the phlogs of their members as well.
https://sdf.org/plan9/
Side note: here's my workflow for running Plan 9 on Windows:
https://youtu.be/IzEa2L_Pgw0?si=unM5l2-_i_g-NYKP
Just a question to HN: should I wait more, try again? Or should I simply publish the vulnerabilities somewhere? If yes, where? It's my first time that I found a vulnerability at my own, not sure how to deal with that.
Their plate is already quite full and they operate a whole universe of services, so cut them some slack.
It's not an ordinary service which is exposed to internet trying to turn a profit. They run SDF, two Mastodon instances, a mail server, a Git server, trying to salvage/keep alive living computer museum (SDF Vintage Systems), etc. etc.
Perhaps just run "bash -c 'stress --cpu 64 ; echo fix your shell escape'"l " or something like that.
Some security practices sometimes feels like someone stabbing you just to prove you could be stabbed. Then they point at the wound and say: "See? You should be more careful."
Yes, the risk is real, but creating harm to demonstrate it isnt the same as protecting people.
If I ever experienced something like that, I'd be banning the person (or limiting their resources drastically) for 60 to 90 days to bring the impact of this matter to their attention.
Anything affecting users on a system is not harmless.
You can do a lot with S9 Scheme and the Unix API/syscalls it supports.
"this page was generated using ksh, sed and awk"