From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <9front-bounces@9front.inri.net> X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: from 9front.inri.net (9front.inri.net [168.235.81.73]) by inbox.vuxu.org (Postfix) with ESMTP id C1A1B25FAC for ; Wed, 8 May 2024 17:17:02 +0200 (CEST) Received: from mail-lj1-f175.google.com ([209.85.208.175]) by 9front; Wed May 8 11:10:34 -0400 2024 Received: by mail-lj1-f175.google.com with SMTP id 38308e7fff4ca-2e428242a38so27302891fa.2 for <9front@9front.org>; Wed, 08 May 2024 08:10:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1715181028; x=1715785828; darn=9front.org; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Bb3bBOPVXeTjTPRNn74xJg9ytMAoLHhXF3Waj/tq8Is=; b=eT1jYF5e5UyMdfOQh12K1LCmVh4t2RqOniuA6cPIkDH6oybxRvNConaI+/ZlpmPsFY g6Iwao7jpTIOGtBNUdKlTOQFsS2TVsOyKbia4oz3KJlHayfXtsVQy68q+qE1jz9Hwuz5 FAVzacKyn6u9FaIIuwMAWrky98FwHe4cdQtIF3PsuTFKoYQGRjPa4Hzs0DcEea8CldJ7 0dbtKLwgOcEg5PxwN1Ep+JKBWBCFpR++H0JCcAfI07lYvHgNLELrS9J2Xvy2tio2OJAk LVF/N8G5l7sfOhSHbgz8ns3eu2xLXfqcc1gk5ZaLZilb3z8HCyLFyJjap9aH3sQhCDJV yLRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715181028; x=1715785828; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Bb3bBOPVXeTjTPRNn74xJg9ytMAoLHhXF3Waj/tq8Is=; b=b6VM704Ixo3/RT6G2B/FTD56vQ4ynVc0xSUR1HA9ZWsm0u91Xu+HlUWt5dA1bNq5EY mY3MgnmM/mbhtQDkcQA0zwPWRIKKOYAmSPYQOrYjwgFRNYQ9Z1SUcud+jhEQVAcxrYJc 1+sHMW5SKBy5febA7+x49tqJkfVgINr8zByuPHCEhR6ndZPvM7AQ3izoOQfEXfQ41+vr a2opPRGihbt/HAJylUUQhoaNPVOy8HpXm8a3SI8GihRCJupMCIKiJ+ENUc4jPiFy2B6I tLHvGj6jMU/8w7s6+W+8uuzCAUkR9WcqC7ctgkE5iKE7W+gqtflo73VCc/sW/E6CVwmj l8rg== X-Gm-Message-State: AOJu0YweuS5pKKxkk+IEf/RtALOidQLYPu6Ky9UjgovggbA+lPzA3eZ0 mviQuY/HfHtxqK9RcYSqjZq+lrbNPR1cIqk6/umSROEPC5Bmv6iyYX1y3rdaGv90US8y+gLyRS8 m0L4XorfBfAouzSL5fCFITNiODVjrGkxj X-Google-Smtp-Source: AGHT+IE0TmlxkczoTAUaP6TKz+0nq5gP+AGcBIzO6VdqlUvcuzQ8qge5gW9HQLKjrBbmuawZM9L0tZ89ScMEkEjYnEg= X-Received: by 2002:ac2:5f01:0:b0:51f:c112:9d7d with SMTP id 2adb3069b0e04-5217c854dbdmr2104734e87.41.1715181028075; Wed, 08 May 2024 08:10:28 -0700 (PDT) MIME-Version: 1.0 References: <8557C94F-E6DF-42BA-B92E-6BBB0751116A@ecloud.org> In-Reply-To: From: an2qzavok Date: Wed, 8 May 2024 18:10:16 +0300 Message-ID: To: 9front@9front.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: content-addressed virtualized high-performance callback-scale ACPI over SOAP scripting factory Subject: Re: [9front] Enabling a service Reply-To: 9front@9front.org Precedence: bulk >being a node for a DDoS reflection attack I'm doing my part! (was running a socks proxy on my 9front VPS and discovered ~100% network load after a month) =D1=81=D1=80, 8 =D0=BC=D0=B0=D1=8F 2024=E2=80=AF=D0=B3. =D0=B2 18:02, Lucas= Francesco : > > > As for "half-assed network services", I assume that means security conc= erns; ok so not enough faith in how secure the services are by default (wel= l that ought to be fixable eventually?), and not enough faith in users not = to realize that they should try experiments on a local LAN before connectin= g the services to the Internet (which usually involves some router work any= way, assuming the machine is behind one)? People who take excessive risks = are mainly risking their own files; they should know better, but they proba= bly aren=E2=80=99t going to have a lot of files on Plan 9 anyway. What=E2= =80=99s the worst risk besides data theft? A mail server getting used as a= spam relay or something like that? I agree that setting up a mail server = should be more effort. > > Yes, we have NO faith in you or any other user whatsoever, making > those services even more trivial to set up without understanding would > be harmful since there are multiple risks involved and one of them is > being a node for a DDoS reflection attack for example. > > On Wed, 8 May 2024 at 02:22, Shawn Rutledge wrote: > > > > And yet, the FQA recommends laptops. Usually the assumption with a lap= top is you can take it on the subway or to the coffee shop and keep working= . That implies that you want to have some relevant files with you. (So it= =E2=80=99s good the default install has a local filesystem.) Then later yo= u get back to the home/office and maybe want to use a machine with a bigger= monitor and more files available, but some work in progress is on the lapt= op so maybe you want to rcpu to it for a while. Eventually files get synce= d up again (manually or automatically). Maybe at home there is a file serv= er, sure it=E2=80=99s good to have the dumps. That=E2=80=99s probably how = I=E2=80=99d use it as soon as I get to the point of depending on Plan 9 for= any particular task, not just trying things. (It reminds me of learning h= ow to use Linux, 30 years ago. It was at a similar level of development ba= ck then.) > > > > So obviously there=E2=80=99s a tradeoff between 9front being usable by = a laptop user today vs. trying to preserve the labs experience, and having = to answer the same questions over and over (how do I start a service, why d= o I have to reboot into a different mode to make that possible). I won=E2= =80=99t ask how to do that; but others will. > > > > As for "half-assed network services", I assume that means security conc= erns; ok so not enough faith in how secure the services are by default (wel= l that ought to be fixable eventually?), and not enough faith in users not = to realize that they should try experiments on a local LAN before connectin= g the services to the Internet (which usually involves some router work any= way, assuming the machine is behind one)? People who take excessive risks = are mainly risking their own files; they should know better, but they proba= bly aren=E2=80=99t going to have a lot of files on Plan 9 anyway. What=E2= =80=99s the worst risk besides data theft? A mail server getting used as a= spam relay or something like that? I agree that setting up a mail server = should be more effort. > > > > > 9p vs latency is a losing battle. trying to run a diskless terminal > > > over the internet really, REALLY sucks. even drawterm is not great > > > in this context. > > > > I left a 9front machine running on my LAN in Norway while I=E2=80=99m i= n Phoenix for a while, and set up a wireguard vpn on the openwrt router in = Norway so that I can connect to home. Latency in Phoenix is worse than nor= mal (Verizon wireless internet: it's only meant to be temporary). Despite = that, the performance I see connecting with rcpu or drawterm halfway around= the world is comparable to connecting to Linux over VNC: not bad for an ex= periment (as long as wifi on 9front is not in the path! ;-) I don=E2=80= =99t expect to play video over that link. But I also have qualms about let= ting the router connect 9p over the Internet to that Plan 9 machine, since = I don=E2=80=99t know yet all the varieties of half-assedness to expect by d= efault. I think I have to try the Plan 9 network forwarding at some point = though, see if the claim that it=E2=80=99s as good as a VPN really holds up= . But I have to learn enough about security before even trying, it seems. > >