Rendered at 21:56:51 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
somat 2 days ago [-]
I run a public unix(openbsd) shell for fun, I call it my social network platform it sort of sucks, no users, ip6 only, a bunch of vm's on an old underpowered router running in my closet. But feel free to stop by and set up a .plan if you have nothing better to do.
It is pretty pointless, nobody needs or wants a unix shell account in this day and age. But I had fun setting it up, it started as an exercise to see what a shared multiuser postgres install would look like and got a little out of control. My current project is getting a rack of raspberry pi's(6 of them in a cute little case) hooked in as physical application nodes.
hanslub42 1 days ago [-]
> nobody needs or wants a unix shell account in this day and age
I do. But I do not need just any Unix shell account, I need old and weird ones! I develop and maintain a portable utility (rlwrap) that is aimed at users of older software, who are often also using older or even obsolete systems.
For years, I used Polarhome (http://www.polarhome.com/) as a "dinosaur zoo" of obsolete systems (thans, Zoltan!) For every new release, building it on a creaky Solaris or HP-UX machine would expose a few bugs.
Because older systems are being replaced by (much more uniform) newer ones, there is a diminishing need for such extreme portability. This is also the reason that Polarhome closed in 2022.
In spite of this, testing on many different systems improves general code quality, even for users of mainstream systems like linux, BSD or OSX.
Of course, I could setup a couple of virtual machines, but that is a lot of hassle, especially for machines with uncommon processor architectures.
sureglymop 1 days ago [-]
Wow! I hope you know you are having a real impact in the world. Rlwrap has made my life easier so many times, it's in my top 3 most useful CLI tools. Thank you :)
rlonstein 1 days ago [-]
> nobody needs or wants a unix shell account in this day and age
> I do. But I do not need just any Unix shell account, I need old and weird ones! I develop and maintain a portable utility (rlwrap) that is aimed at users of older software
Thank you, personally. I've used it in several contexts not just old systems, for example rlwrap is recommended with Clojure (okay, perhaps that's a comparatively small audience).
marttt 1 days ago [-]
+1, same here, I've used line editors a fair bit (and enjoying line-oriented interface in general), so rlwrap has been an essential tool for me. Many thanks for your work!
mghackerlady 1 days ago [-]
how does it compare to ex? ex is line oriented vi, can't go wrong there
mghackerlady 1 days ago [-]
one of these days, I want to buy:
a powerpc xserve (running OSX server)
a sparc box (on solaris)
an alpha box (on either VMS or Digital Unix)
a pa-risc box (hp-ux)
a modern power box (Rocky or AIX)
an itanium box (running either VMS or NT depending on what the alpha is running)
a pi cluster (plan 9)
and a commodity x86 server (running OpenBSD, FreeBSD, Debian, Hurd, Redox, Serenity, reactos, and AROS).
and make a MOAP (mother of all pubnixes). if anyone has any hardware they'd like to donate, get in contact :)
icedchai 1 days ago [-]
What, no SGI?
I have a Sparc, Alpha, NextStation, and SGI in my collection.
I'd like to add an AIX system, ideally with PowerVM/LPAR support. I used to work at a place that built everything on AIX (this was 20+ years ago) and the virtualization functionality was pretty neat.
mghackerlady 1 days ago [-]
ay, knew I was forgetting something. In fairness those were always more specialty machines that happened to run unix on a cool arch than unix machines on a cool arch. You bought a sun because you wanted solaris on sparc, you bought an sgi because your art department outgrew their macs
zie 1 days ago [-]
I have had many of these machines at various points in time, some even running on the public internet. They are a giant PITA to keep running and alive. This is why they don't usually last very long if they ever even get to public access(most don't).
Unless it's a super fun hobby for you, I wouldn't plan on this being very fun after the first dozen random crashes.
mghackerlady 1 days ago [-]
I'm mainly doing it for selfish reasons, I want build farms for these platforms. The pubnix is just a way of giving back to this wonderful community
zie 24 hours ago [-]
I wish you lots of success. That's a giant amount of work though. Good Luck!
electroly 1 days ago [-]
I'm curious, do you know which virtual machines (i.e. what emulator and what OS) you would want? Does the software exist and it's just a matter of the time to set it up? Or is it harder to get ahold of all the necessary old software (even if you have the emulator)?
Maybe in the modern age someone could make a "polarhome in a box" that offers a similar gamut of systems, but via preconfigured emulators that you can simply download and run.
hanslub42 1 days ago [-]
On Polarhome, I used QNX, SunOS/Solaris, HP-UX, AIX and OSX. Having those running under qemu would be quite the challenge.
Until now, I have used qemu (or rather qemu-system-aarch64 in combination with binfmt-misc) on Linux to emulate e.g a Raspberry pi running on arm64. This works very well, but for e.g. Solaris or HP-UX there is the extra hurdle of getting hold of bootable media that will not freak out in the unfamiliar surroundings of a qemu virtual machine.
I have never tried, and it is possible that I overestimate the difficulty...
wmlavender 1 days ago [-]
Emulators can take you quite far, though you need to research some of them on the net to figure out working combinations of OS versions and emulator versions. Here are examples of things that I have managed to get to work at some point in time. Some for real software development and some for amusement.
KVM (x86 and x86_64): Linux, BSD, OSX, Hurd, Haiku, MSDOS, Minix, QNX, RTEMS, Xenix, Solaris, UnixWare, Windows 95 through 11.
QEMU (for non-x86): AIX 4, Linux (m68k, arm, sparc, powerpc, mips, riscv), OSX (ppc), Solaris 8 (sparc), SunOS 4.1.4 (sparc), Windows NT 4 (mips)
SIMH (for old DEC computers): NetBSD, VMS, Ultrix, RSX-11M, RT-11
Some of them can be quite finicky to get to work. Xenix was especially hard.
Solaris 11 is quite easy to get running in QEMU/KVM though. You can download the media from Oracle.
The only real hardware I routinely run has either Debian Linux, macOS, or Raspberry Pi.
hanslub42 10 hours ago [-]
Thanks for the summary! This looks more doable than I thought....
NoSalt 1 days ago [-]
> "It is pretty pointless, nobody needs or wants a unix shell account in this day and age."
This is not true at all. I have been a member of SDF for over 15 years now and I use it all the time. Most recently, when HostPapa tried to tell me my sftp issue was on my end, and I told them that I was able to recreate the problem from the west coast and the east coast; my home on the east coast and SDF on the west coast. Finally they listened and fixed my issue ... that was on THEIR side, not mine. I like having the ability to compute from different parts of the country, as it lets me do things like that.
assimpleaspossi 1 days ago [-]
At least you're running something with direct and real Unix roots.
asimovDev 2 days ago [-]
Named after the Super Dimension Fortress from the Macross anime series. If you like mecha i recommend checking out the original series (it might look dated in some regards but still worth a watch. And the Do You Remember Love is a must watch after you finished the series, a grandiose animated spectacle, one of the most impressive animated films I've seen)
If you are not feeling like watching a long series, I recommend checking out Macross Plus, from the author of Cowboy Bebop and Samurai Champloo
The series is known as Robotech in the USA. The original series is not available legally in the USA to my knowledge but should be available on Japanese blu rays with english subtitles or on your favorite Linux ISO sharing website. The rest of the entries are on Disney+ or the aforementioned websites.
lizknope 1 days ago [-]
I first saw it when I was 10 in 1985 and it changed my life. I never knew that "cartoons" could be so serious. Lisa Hayes was such an incredible character. I didn't really know what anime was until I went to college and then I learned what Robotech really was and how it was created.
0x264 1 days ago [-]
Thank you for mentioning those! I saw both Robotech and Macross Plus (in French) when I was a teenager. I still think about the SDF more often I would admit and the soundtrack is a regular occurrence in my work playlist :)
CursedSilicon 2 days ago [-]
I've been fortunate enough to know Stephen Jones of SDF through his running of the local Seattle retro computing event (now rebranded as VCF PNW)
He's an absolutely kind soul who is deeply interested in all kinds of retro projects. I wish there were more folks like him in tech generally
incanus77 1 days ago [-]
I recently joined ICM and was in Seattle (from Portland) for another event and pinged him about maybe, possibly getting let in to see things on a random Saturday — I’d stay out of the way, not touch anything, and at least see what’s going on there. Despite him preparing for the Portland Retro Gaming Expo, he spent an hour and a half with me, showing me around the place in detail. We booted up micros, we looked through books, we talked about decades of UNIX history, and we even played Spacewar on original hardware. What a generous curator.
buildbot 1 days ago [-]
TIL there’s such a thing in Seattle! That’s very good to know!
CursedSilicon 1 days ago [-]
We're actually hosting it in just under two weeks! Free event, but donations to SDF are appreciated
(Disclaimer: I'm an exhibitor. So I'd love more attendees!)
iszomer 1 days ago [-]
Likewise, iirc @ VCF in MV 2005.
kristopolous 2 days ago [-]
Finally got to log into a vms system! I was looking to do that over 20 years ago but never could find one.
Somehow I still remembered most of the shell syntax in a book I read about it probably in 2001. Don't ask me ... I don't know how either.
Got bored in about 10 minutes but still, another box checked off!
fleeno 1 days ago [-]
I had access to a VMS system in my BBS days, and I had no idea it wasn't just some hard to use BBS software. When it clicked that it was a real operating system on a giant machine (I believe 11/380) it changed everything for me!
Suzuran 1 days ago [-]
There was no 11/380 but there was an 11/780.
ButlerianJihad 1 days ago [-]
Apparently, the only place the VAX 380 exists is in a writing sample by Pearson Education. Otherwise, there is no evidence of DEC ever producing something called "VAX 380".
It looks entirely made up because the procedure described is also entirely alien to me, and I had professional experience with both VMS and Ultrix when they were still supported by DEC. (And it's certainly not BSD...)
fleeno 1 days ago [-]
I know I just made it up! I have an 11/23+ and I'm guessing I was thinking of that 3!
Suzuran 1 days ago [-]
Could be. You could also have been thinking of the 11/730, which was a cost-reduced 11/750 and thus the second-slowest VAX model DEC ever sold.
The slowest would be the 11/725, which was a cost-reduced 11/730 that had a reduced clock speed and half of the bus slots filled with epoxy to limit expansion. The 11/725 was so slow that using it was an act of masochism; It was slower than your 11/23+.
Those models were pretty rare though. Even though they were cheaper than an 11/750 the performance drop from the 750 to the 730 was too severe to justify even the reduced cost. If that were all then maybe replacing PDP-11s being used in industrial applications might have saved it but the 730 was still too expensive versus the existing PDP-11 products, and the 725's limited expansion made it less attractive than those same PDP-11 products. The PDP-11 thus outlived both the 725 and the 730.
icedchai 1 days ago [-]
I have a VMS system running under simh! I also have an actual AlphaServer (DS10) running OpenVMS but it's very loud so I don't turn it on often.
mghackerlady 1 days ago [-]
the VMS shell had so many good ideas. If i ever write a shell, I'm including VMS style abbreviations. If there is any modern POSIX shell that implements such a feature, let me know, because if there isn't I have to write one
kstrauser 1 days ago [-]
Not quite the same, but fish shell has programmable abbreviations. I type “tf<space>” and it expands that inline to “opentofu”. It use to say “terraform” before we upgraded; I didn’t even have to change the commands I type.
mghackerlady 1 days ago [-]
fish isn't POSIX though, I'm guessing ZSH can probably do something similar but command completion just isn't the same as being shortening "mkdir test" to "mkd test"
avhception 2 days ago [-]
I've only ever read about VMS in an historic context, like Wikipedia articles and blog posts. DEC and VMS are not well known. That's a shame, considering how much influence they had, especially on WinNT.
mghackerlady 1 days ago [-]
I don't know about VMS specifically (more people will just know it as the thing the VAX runs), but DEC is very well known to anyone in the computer space.
The PDP series brought us Unix and GNU, and the VAX was the only mainframe capable of competing with IBM. DEC was the largest terminal manufacturer (they made the vt100 and vt220. if you've ever run a terminal emulator, chances are it's emulating one of those or a machine that did). They created CP/M (and by extension DOS). DEC is very well known
icedchai 1 days ago [-]
CP/M was created by Digital Research, a completely different company. There is no direct relation to DEC (Digital Equipment Corp.)
mghackerlady 1 days ago [-]
well nevermind
icedchai 1 days ago [-]
Even without CP/M, DEC still had incredible influence!
The first multi-user system I used was a VAX, back in the late 80's.
mghackerlady 1 days ago [-]
Oh, I'm not in any way saying it didn't haha. Every other point still stands. Besides, even if it didn't directly influence DOS it did heavily influence another Microsoft operating system (NT)
I found a way to escape their shell (so you can run whatever you want), if you're not verified, it involves multiple steps to archive this. I mailed them 2x to their membership address, but since today no reaction. I asked also in their IRC.
Just a question to HN: should I wait more, try again? Or should I simply publish the vulnerabilities somewhere? If yes, where? It's my first time that I found a vulnerability at my own, not sure how to deal with that.
bayindirh 2 days ago [-]
You shall wait. It's a volunteer powered system and while the ops are silent and terse in their mails, they're nice people.
Their plate is already quite full and they operate a whole universe of services, so cut them some slack.
It's not an ordinary service which is exposed to internet trying to turn a profit. They run SDF, two Mastodon instances, a mail server, a Git server, trying to salvage/keep alive living computer museum (SDF Vintage Systems), etc. etc.
dwedge 1 days ago [-]
I tried signing up to their mastodon three times and just never received the email accepting me. It's a shame because I wanted to be part of their community
SyneRyder 1 days ago [-]
Unless things have changed recently (last year or so), the SDF Mastodon servers are really slow and terrible at federating. They even had an incident where the servers failed, everyone lost their posts and had to start over again. Downtime was terrible.
SDF welcomed everyone openly during the initial Mastodon waves, so it was all very Eternal September.
If you're joining to make a spare account to participate with SDF people, awesome! But if you want it as your identity for all of Fedi, I think that would be a bad experience. I ended up getting my own MastoHost account for a while and it was a vastly better experience, until I burned out on Fedi.
SDF is a super fun place to experiment with Gopher though. I absolutely recommend getting your own Gopherhole on SDF. It's like the old Geocities days but in ASCII. (And make sure you grab Lagrange as your GUI Gopher / Gemini client. I liked Phetch as my terminal Gopher client.)
bayindirh 1 days ago [-]
The performance hit was due to database work they were doing on the instance. Now it's a lot faster. The latest announcement reads as follows:
We've completed our first phase of database clean up, thank you for your patience. The impact on performance was heavy, but it was a necessary step. All active users and their posts, profile, connections and media will be migrated to the new servers. Once that has been completed, any remaining data will stay online for further migration and clean up. Our instance is nearly 10 years old of constant daily operation, but we ran into a migration wall which held us back on 4.1.x. Now that it is deprecated, we will do our best to jump to the latest version rather than migrate through. Your support and patience has been greatly appreciated.
bayindirh 1 days ago [-]
Which one? There are two instances, one for members, and one for everyone.
dwedge 1 days ago [-]
I didn't know there were two, so probably the one for everyone. Maybe I should join and try the other one
bezier-curve 2 days ago [-]
I get that it's a volunteer system, but having donated for 2 years to help support their Lemmy instance, it's frustrating it's been down for 2 weeks without much of an update, just a hint "there's a good chance" it will come back. To me that seems lacking of transparency, not terse. How much disk space is it using? Maybe others in the community could help? How can they if they don't respond to emails? It was a nice thing while it lasted, but for federated social media, that kind of downtime hurts communities the most.
beej71 1 days ago [-]
Their notification says they're out of disk for Lemmy. For my part, I sent them $50 for more.
I agree with you that the social downtime is bad. People just won't use the service.
zorked 2 days ago [-]
Don't publish. You already notified them, your shell escape isn't a big deal, publishing it will only be a pain for the volunteers running the service.
TacticalCoder 1 days ago [-]
> your shell escape isn't a big deal
You can't have it both ways: if it's not a big deal, then he can publish it.
If you say "Don't publish", then you acknowledge that it's a big deal.
I say to GP: "Congrats for finding a shell escape, it's always a big deal. But don't publish it... Yet".
Give them a chance to fix it. But it they don't even answer to the emails, even just saying: "thx we're busy we can't fix right now but will do", then at some point you just publish.
It doesn't take long to answer an email saying "thanks, we'll fix it eventually".
Suzuran 1 days ago [-]
"We'll fix it eventually" is not good enough. If a human can find a flaw, then a bot can find the same flaw, and the bots are always watching and always testing. If someone can't commit to immediate security response when running a public-facing internet service then they should not be running that service, because the rest of the internet will not forgive them when their machine gets popped and becomes everyone else's problem.
If they can't commit to a hard timeline of less than a few days, then publish. What happens next is not your fault - it was inevitable anyway.
Edit for clarity: This is just in general, not specifically SDF or small orgs or large orgs. The internet does not care about the difference. The internet just does not care period. Nobody is going to give anyone else any breaks, and especially not a botnet.
nabogh 2 days ago [-]
Definitely wait at least a few months if you've not already. There are legal risks with these kinds of things and some orgs move slowly.
glitchc 1 days ago [-]
Can you share more detail on the exploit itself? Does the shell escape give you access to programs that require a paid account, or does the shell escape give you root access?
seblon 15 hours ago [-]
When escaping, you can invoke custom commands and binaries. If a tool is not available, just place them (mail yourself there, use zmodem, ...), via chmod. But you have a disk quota of 20mb, so you're limited as unverified account.
But the whole thing is: if you can escape as non verified user, than you can mass automate it to do ddos etc...
pratyahava 1 days ago [-]
maybe try to fix it for them as soon as you have the root access?
seblon 15 hours ago [-]
Shell escape != Unix account escape :-)
pratyahava 9 hours ago [-]
oops, sorry, so it is not as bad as i imagined :) is it just a way to have an unlimited account for free?
aboardRat4 2 days ago [-]
I think you should create some visible but harmless nuisance using this shell escape, so that it's likely to get noticed, but doesn't damage anyone's valuable data.
Perhaps just run "bash -c 'stress --cpu 64 ; echo fix your shell escape'"l " or something like that.
yashasolutions 1 days ago [-]
Creating a nuisance is not a good way to go about it.
Some security practices sometimes feels like someone stabbing you just to prove you could be stabbed.
Then they point at the wound and say: "See? You should be more careful."
Yes, the risk is real, but creating harm to demonstrate it isnt the same as protecting people.
bayindirh 2 days ago [-]
Well, ruining everyone's day on that particular host is not a nice way to "bring this to attention".
If I ever experienced something like that, I'd be banning the person (or limiting their resources drastically) for 60 to 90 days to bring the impact of this matter to their attention.
Anything affecting users on a system is not harmless.
justsomehnguy 1 days ago [-]
Just leave a note in root's motd.
anthk 2 days ago [-]
I did it too but TBH as I used small tools such as tcc, jimsh, eforth+muxleq, sacc, smu, catpoint+pointtools, compilers from https://t3x.org... I didn't care a lot on the rest, I'm pretty happy with my current account.
You can do a lot with S9 Scheme and the Unix API/syscalls it supports.
trashb 2 days ago [-]
SDF is cool, I commend their efforts of keeping a pub unix going! To me it feels like a stronghold of the "old school" web, similar to certain builtin board systems.
I regularly visit and enjoy reading the phlogs of their members as well.
just got my stickers from there yesterday! :-) i wish my less cs-oriented friends could see how cool i think the sdf is, lol; and, that some kind of "small-web" system, complete with the self-expression the sdf offers via web-hosting, a radio station(!), etc., was accessible to more people (not at the fault of anyone; just that there's a lot to the internet that most people will never see). :>
Yesterday was NetBSD's 33rd Birthday. Nice time to share it :)
bombcar 1 days ago [-]
That’s an awful lot of birthdays for something Netcraft confirmed dead 20 years ago …
jbaber 3 days ago [-]
Still going strong. I started there when they were still on DEC alphas.
"this page was generated using ksh, sed and awk"
buildbot 1 days ago [-]
SDF inspired me to start setting up my own retro computing lab for fun; to experiment with actual working history is very entertaining! Since SDF mostly has older systems (https://wiki.sdf.org/doku.php?id=vintage_systems:start) I tried to get the later ones - Sparc M10, M7 & Ultrasparc, HP-C9000, etc.
I remember seeing the TOAD systems when I visited in 2016 long before they closed, it’s very sad that people no longer get to experience computer history in person the same way.
jbaber 3 days ago [-]
A great webhost, too. You can log in and edit html/index.html directly or scp stuff up.
bombcar 1 days ago [-]
I still use ~/public_html even for users that will never ever login. Loved that feature.
miggol 1 days ago [-]
From the FAQ: "What is SDF"
> While we did initially start out on a single computer in 1987, the
> SDF is now a network of 8 64bit enterprise class servers running
> NetBSD realising a combined processing power of over 21.1 GFLOPS!
Which piqued my interest about how that compares to today's computers. nVidia's venerable 1080Ti from 2017 measures about 11300 GFLOPS, or 11.3 teraFLOPS. About a fifty times increase.
Narishma 1 days ago [-]
The original Raspberry Pi had a 24 GFLOPS GPU for comparison.
pailingems 1 days ago [-]
Longtime SDF user. I have one of their 30th anniversary stickers on my Dell laptop. It's the only sticker I have deemed cool enough to have ever had, on any laptop.
Excellent Pubnix! I just wish SDF would fix their LE-SSL for validated accounts. I ran mkhomepg -p and -a a week ago and the SSL cert delivered with my sdf subdomain still is for rie.sdf.org. I‘m just gonna be patient. :-)
pestle 2 days ago [-]
I had an account there years ago but never really saw the point. I was already SSHing in from a shell, just to end up at another, different one. Kind of whimsical I guess, but ultimately of scant practical use.
bombcar 1 days ago [-]
In the 90s and even into the 2000s getting an email account that had shell access was really nice; there were things you could do that would have been hard to do locally.
It’s much less needed now.
trbleclef 1 days ago [-]
But where am I gonna run my eggdrop bot??
hsnewman 2 days ago [-]
I've been on it forever, it's such a great resource
vjay15 2 days ago [-]
Omg, we can access even ancient OSes, this is amazing!
user3939382 3 days ago [-]
I love SDF. Super reliable and awesome community.
anthk 1 days ago [-]
I miss Jynx from SDF, he will be missed, btw.
whalesalad 1 days ago [-]
anyone remember silence is defeat? looks like the domain was donated to SDF.
ssh to applicant@register.public.outband.net
instructions at https://www.public.outband.net note that it's ip6 only.
It is pretty pointless, nobody needs or wants a unix shell account in this day and age. But I had fun setting it up, it started as an exercise to see what a shared multiuser postgres install would look like and got a little out of control. My current project is getting a rack of raspberry pi's(6 of them in a cute little case) hooked in as physical application nodes.
I do. But I do not need just any Unix shell account, I need old and weird ones! I develop and maintain a portable utility (rlwrap) that is aimed at users of older software, who are often also using older or even obsolete systems.
For years, I used Polarhome (http://www.polarhome.com/) as a "dinosaur zoo" of obsolete systems (thans, Zoltan!) For every new release, building it on a creaky Solaris or HP-UX machine would expose a few bugs.
Because older systems are being replaced by (much more uniform) newer ones, there is a diminishing need for such extreme portability. This is also the reason that Polarhome closed in 2022.
In spite of this, testing on many different systems improves general code quality, even for users of mainstream systems like linux, BSD or OSX.
Of course, I could setup a couple of virtual machines, but that is a lot of hassle, especially for machines with uncommon processor architectures.
> I do. But I do not need just any Unix shell account, I need old and weird ones! I develop and maintain a portable utility (rlwrap) that is aimed at users of older software
Thank you, personally. I've used it in several contexts not just old systems, for example rlwrap is recommended with Clojure (okay, perhaps that's a comparatively small audience).
a powerpc xserve (running OSX server)
a sparc box (on solaris)
an alpha box (on either VMS or Digital Unix)
a pa-risc box (hp-ux)
a modern power box (Rocky or AIX)
an itanium box (running either VMS or NT depending on what the alpha is running)
a pi cluster (plan 9)
and a commodity x86 server (running OpenBSD, FreeBSD, Debian, Hurd, Redox, Serenity, reactos, and AROS).
and make a MOAP (mother of all pubnixes). if anyone has any hardware they'd like to donate, get in contact :)
I have a Sparc, Alpha, NextStation, and SGI in my collection. I'd like to add an AIX system, ideally with PowerVM/LPAR support. I used to work at a place that built everything on AIX (this was 20+ years ago) and the virtualization functionality was pretty neat.
Unless it's a super fun hobby for you, I wouldn't plan on this being very fun after the first dozen random crashes.
Maybe in the modern age someone could make a "polarhome in a box" that offers a similar gamut of systems, but via preconfigured emulators that you can simply download and run.
Until now, I have used qemu (or rather qemu-system-aarch64 in combination with binfmt-misc) on Linux to emulate e.g a Raspberry pi running on arm64. This works very well, but for e.g. Solaris or HP-UX there is the extra hurdle of getting hold of bootable media that will not freak out in the unfamiliar surroundings of a qemu virtual machine.
I have never tried, and it is possible that I overestimate the difficulty...
KVM (x86 and x86_64): Linux, BSD, OSX, Hurd, Haiku, MSDOS, Minix, QNX, RTEMS, Xenix, Solaris, UnixWare, Windows 95 through 11.
QEMU (for non-x86): AIX 4, Linux (m68k, arm, sparc, powerpc, mips, riscv), OSX (ppc), Solaris 8 (sparc), SunOS 4.1.4 (sparc), Windows NT 4 (mips)
SIMH (for old DEC computers): NetBSD, VMS, Ultrix, RSX-11M, RT-11
Some of them can be quite finicky to get to work. Xenix was especially hard.
Solaris 11 is quite easy to get running in QEMU/KVM though. You can download the media from Oracle.
The only real hardware I routinely run has either Debian Linux, macOS, or Raspberry Pi.
This is not true at all. I have been a member of SDF for over 15 years now and I use it all the time. Most recently, when HostPapa tried to tell me my sftp issue was on my end, and I told them that I was able to recreate the problem from the west coast and the east coast; my home on the east coast and SDF on the west coast. Finally they listened and fixed my issue ... that was on THEIR side, not mine. I like having the ability to compute from different parts of the country, as it lets me do things like that.
If you are not feeling like watching a long series, I recommend checking out Macross Plus, from the author of Cowboy Bebop and Samurai Champloo
The series is known as Robotech in the USA. The original series is not available legally in the USA to my knowledge but should be available on Japanese blu rays with english subtitles or on your favorite Linux ISO sharing website. The rest of the entries are on Disney+ or the aforementioned websites.
He's an absolutely kind soul who is deeply interested in all kinds of retro projects. I wish there were more folks like him in tech generally
https://vcfpnw.org/
(Disclaimer: I'm an exhibitor. So I'd love more attendees!)
Somehow I still remembered most of the shell syntax in a book I read about it probably in 2001. Don't ask me ... I don't know how either.
Got bored in about 10 minutes but still, another box checked off!
https://www.pearsonhighered.com/assets/samplechapter/0/2/0/5...
The slowest would be the 11/725, which was a cost-reduced 11/730 that had a reduced clock speed and half of the bus slots filled with epoxy to limit expansion. The 11/725 was so slow that using it was an act of masochism; It was slower than your 11/23+.
Those models were pretty rare though. Even though they were cheaper than an 11/750 the performance drop from the 750 to the 730 was too severe to justify even the reduced cost. If that were all then maybe replacing PDP-11s being used in industrial applications might have saved it but the 730 was still too expensive versus the existing PDP-11 products, and the 725's limited expansion made it less attractive than those same PDP-11 products. The PDP-11 thus outlived both the 725 and the 730.
The PDP series brought us Unix and GNU, and the VAX was the only mainframe capable of competing with IBM. DEC was the largest terminal manufacturer (they made the vt100 and vt220. if you've ever run a terminal emulator, chances are it's emulating one of those or a machine that did). They created CP/M (and by extension DOS). DEC is very well known
https://sdf.org/plan9/
Side note: here's my workflow for running Plan 9 on Windows:
https://youtu.be/IzEa2L_Pgw0?si=unM5l2-_i_g-NYKP
Just a question to HN: should I wait more, try again? Or should I simply publish the vulnerabilities somewhere? If yes, where? It's my first time that I found a vulnerability at my own, not sure how to deal with that.
Their plate is already quite full and they operate a whole universe of services, so cut them some slack.
It's not an ordinary service which is exposed to internet trying to turn a profit. They run SDF, two Mastodon instances, a mail server, a Git server, trying to salvage/keep alive living computer museum (SDF Vintage Systems), etc. etc.
SDF welcomed everyone openly during the initial Mastodon waves, so it was all very Eternal September.
If you're joining to make a spare account to participate with SDF people, awesome! But if you want it as your identity for all of Fedi, I think that would be a bad experience. I ended up getting my own MastoHost account for a while and it was a vastly better experience, until I burned out on Fedi.
SDF is a super fun place to experiment with Gopher though. I absolutely recommend getting your own Gopherhole on SDF. It's like the old Geocities days but in ASCII. (And make sure you grab Lagrange as your GUI Gopher / Gemini client. I liked Phetch as my terminal Gopher client.)
I agree with you that the social downtime is bad. People just won't use the service.
You can't have it both ways: if it's not a big deal, then he can publish it.
If you say "Don't publish", then you acknowledge that it's a big deal.
I say to GP: "Congrats for finding a shell escape, it's always a big deal. But don't publish it... Yet".
Give them a chance to fix it. But it they don't even answer to the emails, even just saying: "thx we're busy we can't fix right now but will do", then at some point you just publish.
It doesn't take long to answer an email saying "thanks, we'll fix it eventually".
If they can't commit to a hard timeline of less than a few days, then publish. What happens next is not your fault - it was inevitable anyway.
Edit for clarity: This is just in general, not specifically SDF or small orgs or large orgs. The internet does not care about the difference. The internet just does not care period. Nobody is going to give anyone else any breaks, and especially not a botnet.
But the whole thing is: if you can escape as non verified user, than you can mass automate it to do ddos etc...
Perhaps just run "bash -c 'stress --cpu 64 ; echo fix your shell escape'"l " or something like that.
Some security practices sometimes feels like someone stabbing you just to prove you could be stabbed. Then they point at the wound and say: "See? You should be more careful."
Yes, the risk is real, but creating harm to demonstrate it isnt the same as protecting people.
If I ever experienced something like that, I'd be banning the person (or limiting their resources drastically) for 60 to 90 days to bring the impact of this matter to their attention.
Anything affecting users on a system is not harmless.
You can do a lot with S9 Scheme and the Unix API/syscalls it supports.
I regularly visit and enjoy reading the phlogs of their members as well.
SDF Public Access Unix System - https://news.ycombinator.com/item?id=32340635 - Aug 2022 (29 comments)
SDF Public Access Unix System - https://news.ycombinator.com/item?id=31076886 - April 2022 (46 comments)
SDF Public Access Unix System - https://news.ycombinator.com/item?id=14940790 - Aug 2017 (29 comments)
SDF – Public Access Unix System - https://news.ycombinator.com/item?id=14134798 - April 2017 (51 comments)
"this page was generated using ksh, sed and awk"
Very cool how they tried to move and preserve many of the living computer museum’s computers before Paul Allens sister could sell them all off. https://wiki.sdf.org/doku.php?id=vintage_systems:lcml_collec...
I remember seeing the TOAD systems when I visited in 2016 long before they closed, it’s very sad that people no longer get to experience computer history in person the same way.
> While we did initially start out on a single computer in 1987, the
> SDF is now a network of 8 64bit enterprise class servers running
> NetBSD realising a combined processing power of over 21.1 GFLOPS!
Which piqued my interest about how that compares to today's computers. nVidia's venerable 1080Ti from 2017 measures about 11300 GFLOPS, or 11.3 teraFLOPS. About a fifty times increase.
https://sdf.org/store/?3;sdf41
It’s much less needed now.