ssh to applicant@register.public.outband.net
instructions at https://www.public.outband.net note that it's ip6 only.
It is pretty pointless, nobody needs or wants a unix shell account in this day and age. But I had fun setting it up, it started as an exercise to see what a shared multiuser postgres install would look like and got a little out of control. My current project is getting a rack of raspberry pi's(6 of them in a cute little case) hooked in as physical application nodes.
I do. But I do not need just any Unix shell account, I need old and weird ones! I develop and maintain a portable utility (rlwrap) that is aimed at users of older software, who are often also using older or even obsolete systems.
For years, I used Polarhome (http://www.polarhome.com/) as a "dinosaur zoo" of obsolete systems (thans, Zoltan!) For every new release, building it on a creaky Solaris or HP-UX machine would expose a few bugs.
Because older systems are being replaced by (much more uniform) newer ones, there is a diminishing need for such extreme portability. This is also the reason that Polarhome closed in 2022.
In spite of this, testing on many different systems improves general code quality, even for users of mainstream systems like linux, BSD or OSX.
Of course, I could setup a couple of virtual machines, but that is a lot of hassle, especially for machines with uncommon processor architectures.
> I do. But I do not need just any Unix shell account, I need old and weird ones! I develop and maintain a portable utility (rlwrap) that is aimed at users of older software
Thank you, personally. I've used it in several contexts not just old systems, for example rlwrap is recommended with Clojure (okay, perhaps that's a comparatively small audience).
If you are not feeling like watching a long series, I recommend checking out Macross Plus, from the author of Cowboy Bebop and Samurai Champloo
The series is known as Robotech in the USA. The original series is not available legally in the USA to my knowledge but should be available on Japanese blu rays with english subtitles or on your favorite Linux ISO sharing website. The rest of the entries are on Disney+ or the aforementioned websites.
Somehow I still remembered most of the shell syntax in a book I read about it probably in 2001. Don't ask me ... I don't know how either.
Got bored in about 10 minutes but still, another box checked off!
Side note: here's my workflow for running Plan 9 on Windows:
He's an absolutely kind soul who is deeply interested in all kinds of retro projects. I wish there were more folks like him in tech generally
Just a question to HN: should I wait more, try again? Or should I simply publish the vulnerabilities somewhere? If yes, where? It's my first time that I found a vulnerability at my own, not sure how to deal with that.
Their plate is already quite full and they operate a whole universe of services, so cut them some slack.
It's not an ordinary service which is exposed to internet trying to turn a profit. They run SDF, two Mastodon instances, a mail server, a Git server, trying to salvage/keep alive living computer museum (SDF Vintage Systems), etc. etc.
SDF welcomed everyone openly during the initial Mastodon waves, so it was all very Eternal September.
If you're joining to make a spare account to participate with SDF people, awesome! But if you want it as your identity for all of Fedi, I think that would be a bad experience. I ended up getting my own MastoHost account for a while and it was a vastly better experience, until I burned out on Fedi.
SDF is a super fun place to experiment with Gopher though. I absolutely recommend getting your own Gopherhole on SDF. It's like the old Geocities days but in ASCII. (And make sure you grab Lagrange as your GUI Gopher / Gemini client. I liked Phetch as my terminal Gopher client.)
You can't have it both ways: if it's not a big deal, then he can publish it.
If you say "Don't publish", then you acknowledge that it's a big deal.
I say to GP: "Congrats for finding a shell escape, it's always a big deal. But don't publish it... Yet".
Give them a chance to fix it. But it they don't even answer to the emails, even just saying: "thx we're busy we can't fix right now but will do", then at some point you just publish.
It doesn't take long to answer an email saying "thanks, we'll fix it eventually".
If they can't commit to a hard timeline of less than a few days, then publish. What happens next is not your fault - it was inevitable anyway.
Edit for clarity: This is just in general, not specifically SDF or small orgs or large orgs. The internet does not care about the difference. The internet just does not care period. Nobody is going to give anyone else any breaks, and especially not a botnet.
Perhaps just run "bash -c 'stress --cpu 64 ; echo fix your shell escape'"l " or something like that.
Some security practices sometimes feels like someone stabbing you just to prove you could be stabbed. Then they point at the wound and say: "See? You should be more careful."
Yes, the risk is real, but creating harm to demonstrate it isnt the same as protecting people.
If I ever experienced something like that, I'd be banning the person (or limiting their resources drastically) for 60 to 90 days to bring the impact of this matter to their attention.
Anything affecting users on a system is not harmless.
You can do a lot with S9 Scheme and the Unix API/syscalls it supports.
I regularly visit and enjoy reading the phlogs of their members as well.
> While we did initially start out on a single computer in 1987, the
> SDF is now a network of 8 64bit enterprise class servers running
> NetBSD realising a combined processing power of over 21.1 GFLOPS!
Which piqued my interest about how that compares to today's computers. nVidia's venerable 1080Ti from 2017 measures about 11300 GFLOPS, or 11.3 teraFLOPS. About a fifty times increase.
SDF Public Access Unix System - https://news.ycombinator.com/item?id=32340635 - Aug 2022 (29 comments)
SDF Public Access Unix System - https://news.ycombinator.com/item?id=31076886 - April 2022 (46 comments)
SDF Public Access Unix System - https://news.ycombinator.com/item?id=14940790 - Aug 2017 (29 comments)
SDF – Public Access Unix System - https://news.ycombinator.com/item?id=14134798 - April 2017 (51 comments)
"this page was generated using ksh, sed and awk"
It’s much less needed now.