From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mirv.inri.net ([167.88.120.88]) by ur; Tue Apr 18 18:55:14 EDT 2017 Received: from [10.231.112.21] ([166.175.57.221]) by mirv; Tue Apr 18 18:55:13 EDT 2017 Content-Type: multipart/alternative; boundary=Apple-Mail-6360FFB8-53B4-4080-ABC6-4A0615B21866 Mime-Version: 1.0 (1.0) Subject: Re: [9front] aux/listen changes From: Stanley Lieber X-Mailer: iPhone Mail (14E304) In-Reply-To: Date: Tue, 18 Apr 2017 18:55:11 -0400 Content-Transfer-Encoding: 7bit Message-Id: References:

<20170418201206.GA40883@wopr>

To: 9front@9front.org List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: advanced basic property lifecycle locator --Apple-Mail-6360FFB8-53B4-4080-ABC6-4A0615B21866 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable > On Apr 18, 2017, at 6:39 PM, Steve Simon wrote: >=20 >=20 >> On 18 Apr 2017, at 21:23, Stanley Lieber wrote: >>=20 >>=20 >>=20 >>> On Apr 18, 2017, at 4:12 PM, Kurt H Maier wrote: >>>=20 >>> As it stands, on an unconfigured 9front: >>>=20 >>> 7/tcp open echo >>> 9/tcp open discard >>> 19/tcp open chargen >>> 21/tcp open ftp >>> 23/tcp open telnet >>> 25/tcp open smtp >>> 53/tcp open domain >>> 110/tcp open pop3 >>> 113/tcp open ident >>> 143/tcp open imap >>> 513/tcp open login >>> 993/tcp open imaps >>> 995/tcp open pop3s >>>=20 >>>=20 >>> this is super grody. >>=20 >> This, too, is still a problem: >>=20 >> http://bugs.9front.org/open/too_many_listeners_with_broken_configurations= _are_started_in_rcbinservice/ >>=20 >> sl >>=20 >=20 > Ah, I am still on the labs distort (sorry) - they used to prefix all the s= cripts in /rc/bin/service (and /rc/bin/service.auth) with a hash to make it i= nvalid and thus disable that listener. To enable the service > The administrator then has to rename the entries they want to enable. >=20 > Perhaps that is different on 9 front. >=20 > I agree that listen can get over-excited starting server processes - I use= d to run many services facing > The sewer, sorry, internet, and script kiddies could bring listen down by h= ammering it. I have a distant memory that Erik changed his listen to restric= t the number of children (perhaps per service) that it would start. >=20 > -Steve I think all versions of listen do ignore scripts that begin with the ! chara= cter, but what we've been talking about here are two different but related p= roblems: 1. Multiple systems sharing one disk who want to run (or not run) a differen= t mix of services. 2. Tracking a sane default set of enabled services in the Mercurial reposito= ry. Aiju's suggestion solves both. Of course, it's easy to just disable all services by default (as khm and I h= ave asked in the past: why do we enable services that are broken -- without f= urther configuration -- by default?). The net effect of aiju's suggestion is= analogous to the way cpurc sources /cfg/$sysname/cpurc: If nothing more spe= cific is found, devolve to the defaults. sl --Apple-Mail-6360FFB8-53B4-4080-ABC6-4A0615B21866 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

On Apr 1= 8, 2017, at 6:39 PM, Steve Simon <s= teve@quintile.net> wrote:

=
On 1= 8 Apr 2017, at 21:23, Stanley Lieber <sl@stanleylieber.com> wrote:

On Apr 18, 2017, at 4:12 PM, Kurt H Maier <khm@sciops.net> wrote:

As it stands, on an unconfigured 9front:

7/t= cp open echo
9/tcp &= nbsp; open discard
19/tcp &= nbsp;open chargen
21/tcp o= pen ftp
23/tcp open = telnet
25/tcp open smtp
53/tcp open domain110/tcp open pop3
113/tcp open ident
143/tcp open imap
513/tcp open= login
993/tcp open imaps<= /span>
995/tcp open pop3s

this is super grody.

This, too, is still a problem:

http://bugs.9front.org/open/too_many_listeners_with_= broken_configurations_are_started_in_rcbinservice/
=
sl

=

Ah, I am= still on the labs distort (sorry) - they used to prefix all the scripts in /= rc/bin/service (and /rc/bin/service.auth) with a hash to make it invalid and= thus disable that listener. To enable the service

The a= dministrator then has to rename the entries they want to enable.

Perhaps that is different on 9= front.

I agree th= at listen can get over-excited starting server processes - I used to run man= y services facing

The sewer, sorry, internet, and scrip= t kiddies could bring listen down by hammering it. I have a distant memory t= hat Erik changed his listen to restrict the number of children (perhaps per s= ervice) that it would start.

-Steve

I think all versions of li= sten do ignore scripts that begin with the ! character, but what we've been t= alking about here are two different but related problems:

1. Multiple systems sharing one disk who want to run (or not run) a d= ifferent mix of services.

2. Tracking a sane defaul= t set of enabled services in the Mercurial repository.

<= div>Aiju's suggestion solves both.

Of course, it's e= asy to just disable all services by default (as khm and I have asked in the p= ast: why do we enable services that are broken -- without further configurat= ion -- by default?). The net effect of aiju's suggestion is analogous to the= way cpurc sources /cfg/$sysname/cpurc: If nothing more specific is found, d= evolve to the defaults.

= --Apple-Mail-6360FFB8-53B4-4080-ABC6-4A0615B21866--