"That which is overdesigned, too highly specific, anticipates outcome; the anticipation of outcome guarantees, if not failure, the absence of grace."
-- William Gibson, All Tomorrow's Parties
Open Hosting

For the past several weeks I've been working as an admin for the metawire.org project, a free shell/hosting service. It's been an interesting experience so far.

I saw the undeadly.org story and signed up. zerash remembered TDYC! and the happybox, which I mentioned in my signup application, and we got to talking. I wrote a couple quick specs for a planned upgrade, and have been helping out with administration tasks since.

It's something of a challenge. The machine is running OpenBSD (3.5, as zee upgraded it over the weekend), and overall is set up okay. They're running custom user admin utilities, which we're slowly working on re-writing to be more abstract and portable (which reminds me, I need to get working on Unix::Admin this week, it's still very larval). I wrote a "hardening" script for OpenBSD, and we ran that on the box, locking file perms down pretty tightly.

metawire has a couple dozen domains attached to it, so users have a pretty good choice of "where" they want their stuff served from. We aren't doing actual virtual domains for mail yet, but that'll come along in a few weeks. There are some issues with CGI and PHP (namely, it's not running as CGI), but those will also be fixed as we have more time to work on the machine. It's already very popular (I'd guess ~100 applications a day), and now it's just a matter of defining where the issues lie and repairing them.

The challenge for me really comes in once you take the users into account. About 80% of the kids are using the machine to good purpose, but the rest are punks from various countries around the world. The majority of them are just script kiddies, but there have been one or two with some amount of skill. Finding the smart ones has proven to be a bit of a luck thing, which bothers me. The kiddies are simple to find. They all use the same stupid tricks, and seem to go from not having a clue how to use a shell to downloading exploits and running them (after some work) against remote hosts.

There've been a few problems with mailbombing as well, which annoys the crap out of me. Luckily Postfix is love, so it throttles and just keeps on trucking no matter what you throw at it.

I think zee, blister, mjc (someone also new to the project I suggested be added as an admin) and I will eventually start working on a known-sploit finder. mjc had the idea of doing binary checks for shellcode, which is a good idea, but might be sort of slow considering the number of files we're going to have to be checking (~2500 users on the box, perhaps a tenth who actually use it on a regular basis; that's still a lot of users). My idea was to just maintain an archive of MD5 sums of found exploit code and binaries. There's a lot of problems with this method, unfortunately. I can't think of anything better without figuring out how to do fuzzy matching, and I'm pretty damn sure I'm not smart enough for that. O'Donnell will have some good suggestions, I'm sure.

Anyway, I've been meaning to write about this for a while, but hadn't been able to find the time. If you're interested in shell communities at all, check out #metawire on irc.metawire.org, and sign up for an account.

Try to make sure that your signup application reason doesn't involve running BNC or "learning Linux", and you should be okay. ;-)

The planned upgrade is going to take some donations, which we seem to be doing okay on. If after a few weeks you find the service useful, try to drop us a few bucks to make it better. Jordan also had the idea of throwing a logo contest and start selling metawire.org wares, which is a pretty good idea. That's on-going. I haven't seen any of the submissions yet, but hopefully someone will hook us up with something good.

I'm enjoying working on metawire; it's going to get me to actually write useful software, I think, and it's a big boon to my actually learning stuff I haven't had a lot of access to in the past for whatever reason.

Anyway, check it out.

May 10, 2004 4:46 AM