[Rack] webserver access

Patrick Keys citizenkeys at gmail.com
Wed Dec 29 19:21:19 PST 2010


On 12/29/2010 7:09 PM, Rubin Abdi wrote:
> Hi there. As a member of Noisebridge I would appreciate it if you did not setup a Diaspora server, or anything else to use inplace of the mailing list for communication for the space. Please stop before I rm -Rf /* pony. Thanks.
>

Where's your spirit of "do-ocracy"?
Doesn't something belong to noisebridge once its donated to noisebridge?
If that's the case, pony should be fair game for whatever anybody wants 
to hack on it.



>
>
> "Patrick Keys"<citizenkeys at gmail.com>  wrote:
>
>> (benny and Patrick both wrote this posting)
>>
>> On 12/29/2010 5:14 PM, Jacob Appelbaum wrote:
>>> On 12/29/2010 05:05 PM, Patrick Keys wrote:
>>>> benny and me started setting up a diaspora pod last night on pony.
>>>> we should have it finished tonight sometime.
>>>> for those interested, diaspora does not require a dedicated vm. but
>> it
>>>> does basically require nginx and thinn for its ruby on rails.
>>>>
>>>
>>> You should consider a vm not because it is "required" but because
>>> compartmentalization is a reasonable practice.
>>>
>> compartmentalization is a good idea, but where would we run the vm?
>> also, pony is already pwned by everybody.
>>
>>>> there was also discussion with others at the meeting last night
>> about
>>>> setting up a forum system (like phpbb).
>>>
>>> Talk is cheap.
>>>
>> agreed - would install the phpbb myself (or an alternative forum
>> system)
>> if I knew where to install it (which is why I asked).
>> we could just use pony for the phpbb.
>>
>>
>>>> the forum system would be a potential alternative for the mailing
>> lists,
>>>> particularly given the discussion list already has way too much
>> traffic.
>>>>
>>>
>>> Subscribe with a digest option?
>>>
>> digest option doesn't work very well.
>> also, can't really post in threads for digest option.
>> digest option doesn't solve the larger problem of too much traffic.
>>
>>
>>>> not sure that pony is stable enough for an official diaspora pod or
>>>> official noisebridge forum system.
>>>>
>>>
>>> What does that even mean? official?
>>>
>> "official" in this case means "only", "preferred", and "central".
>>
>>
>>>> what do we gotta do to get access to the "real" web server?
>>>
>>> Run your own web server?
>>>
>> why decentralize noisebridge infrastructure when the rack is mostly
>> idling all the time.
>>
>>> phpbb, nginx and other crap software will get your box owned quickly.
>> In phpBB there are a lot of known issues regarding security and
>> basically you can solve a lot of them using a secure configuration of
>> the PHP installation. Benny is running phpBB3 installations and a lot
>> of
>> other "insecure" software on his server without trouble.
>>
>> in terms of nginx I have to object: I'd rather trust nginx than Apache
>> even thou nginx is the newer one of both. Basically nginx is a fast
>> webserver which is used by a lot of well-known websites. Just labelling
>>
>> it crap because you don't know it is the wrong way to approach system
>> security.
>>
>> Furthermore I'd be more worried about the Diaspora security itself {the
>>
>> source is not of good quality as confirmed by several independent
>> audits}. Also I trust Ruby less than I do for PHP.
>>
>> Also: Installing Diaspora on Pony is basically the most honest thing to
>>
>> do: "we will publish your private data" - thus being more direct than
>> Facebook in the first place.
>>
>> BTW: Diaspora runs as a non-root user without sudoers access ... Same
>> with all the other components required to run it.
>>
>>> Good luck.
>> Thanks.
>>>
>>> All the best,
>>> Jake
>> Regards,
>> Benny and Patrick
>>
>> _______________________________________________
>> Rack mailing list
>> Rack at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/rack
>
>
> --
> Rubin Abdi
> rubin at starset.net


More information about the Rack mailing list