[Rack] webserver access

Patrick Keys citizenkeys at gmail.com
Wed Dec 29 17:48:28 PST 2010


(benny and Patrick both wrote this posting)

On 12/29/2010 5:14 PM, Jacob Appelbaum wrote:
> On 12/29/2010 05:05 PM, Patrick Keys wrote:
>> benny and me started setting up a diaspora pod last night on pony.
>> we should have it finished tonight sometime.
>> for those interested, diaspora does not require a dedicated vm. but it
>> does basically require nginx and thinn for its ruby on rails.
>>
>
> You should consider a vm not because it is "required" but because
> compartmentalization is a reasonable practice.
>
compartmentalization is a good idea, but where would we run the vm?
also, pony is already pwned by everybody.

>> there was also discussion with others at the meeting last night about
>> setting up a forum system (like phpbb).
>
> Talk is cheap.
>
agreed - would install the phpbb myself (or an alternative forum system) 
if I knew where to install it (which is why I asked).
we could just use pony for the phpbb.


>> the forum system would be a potential alternative for the mailing lists,
>> particularly given the discussion list already has way too much traffic.
>>
>
> Subscribe with a digest option?
>
digest option doesn't work very well.
also, can't really post in threads for digest option.
digest option doesn't solve the larger problem of too much traffic.


>> not sure that pony is stable enough for an official diaspora pod or
>> official noisebridge forum system.
>>
>
> What does that even mean? official?
>
"official" in this case means "only", "preferred", and "central".


>> what do we gotta do to get access to the "real" web server?
>
> Run your own web server?
>
why decentralize noisebridge infrastructure when the rack is mostly 
idling all the time.

> phpbb, nginx and other crap software will get your box owned quickly.
In phpBB there are a lot of known issues regarding security and 
basically you can solve a lot of them using a secure configuration of 
the PHP installation. Benny is running phpBB3 installations and a lot of 
other "insecure" software on his server without trouble.

in terms of nginx I have to object: I'd rather trust nginx than Apache 
even thou nginx is the newer one of both. Basically nginx is a fast 
webserver which is used by a lot of well-known websites. Just labelling 
it crap because you don't know it is the wrong way to approach system 
security.

Furthermore I'd be more worried about the Diaspora security itself {the 
source is not of good quality as confirmed by several independent 
audits}. Also I trust Ruby less than I do for PHP.

Also: Installing Diaspora on Pony is basically the most honest thing to 
do: "we will publish your private data" - thus being more direct than 
Facebook in the first place.

BTW: Diaspora runs as a non-root user without sudoers access ... Same 
with all the other components required to run it.

> Good luck.
Thanks.
>
> All the best,
> Jake
Regards,
Benny and Patrick



More information about the Rack mailing list