Re: [cobalt-users] telnet access to users?

[cfb@xxxxxxxxxxx]

Kris Dahl wrote:
> 
> This is my whole point really.  I'm not worried about the casual user.
> I'm worried about the hard core guy that is going to get in one way or
> another.

10% effort will eliminate of 90% of the "problem".  

A simple quality control mindset does wonders in this regard:
   You must expect failure, but work reasonably hard to prevent it.

> Any of these 'precautions' seem silly to me, because they WILL find a
> way to get into your system if they really want.

I'll tell you what's not silly; quite serious actually:  Having one of
your customers get their door kicked in as the police execute their
search warrant because some dork-ass-man-in-the-middle hijacked their
telnet session and stole Los-White-Ridge's sekrit squril files.  And 
that kind of thing DOES happen (with telnet more often than not)... 

STFW w/ keywords +hijack and +juggernaught or +hunt.

> There is nothing wrong with people being able to 'snoop' around a
> server.  Typically, you aren't able to read stuff that is in other
> users directory unless its world readable.  There is nothing wrong
> with the ablitity to look [...]

FUD for Thawt:
   http://www.newdimensions.net/headlines/j04.htm

...anyway...

Even in these post gold rush years, everyone thinks they've got the
great American next best killer-app since sliced bread.  More often 
than not, they discover otherwise and occasionally they look for a
scapegoat.  Even so, a lot of good ideas start out on the cheap (hosted
on a RaQ with 100s of others, say) and I can point to numerous 
situations where business plans, floated by other people's noses 
without the benefit of a signed NDA, end up spawning off 2 or more
copycats (sometimes on the same server... how odd...).

Can you say litigation?  If you can't, I guarantee you that your 
customer's lawyers can.  It's all meaningless without patents, 
copyrights, signed agreements and other legal instruments of torture,
but it can be a bit hassle for the provider to get caught up 
in the legal system's technology illiterate vortex of confusion.

Then there's the business side of the equation.  As you grow and 
more sites are added onto a single box, a bone headed sysadmin 
misconfiguration/ hardware failure/ hack/ whatever can be devastating.
Do you really build and grow under something with that kind of 
dynamic?

>Its just doesn't make sense to share servers anymore (IMHO).  I'm 
>kinda excited about the Cursoe chips--think instead of having a 
>virtual host, you have a real web server that is no larger than a 
>3.5" hard drive.  Cheap too.

In my neck of the woods, it cost $400 per month to get 128kbps of 24/7 
connectivity with a static IP/subnet... and there are NO other options
except co-location/web hosting.  Rack spaces goes for about $5000/month
for 380mm of 10bT internet connected bandwidth.  1U shared is not only
attractive, it's required.

Of course, we all know that you can fit 4 netwinders in the space of a
singe 1U RaQ with exactly the same functionality; however, lower power,
always on isn't going to mean a thing until flat-rate wireless happens
with over 50% coverage.  In Japan, this is already happening; it's
called iMode... but that's probably more than you wanted to know.

> I would really like to see cobalt get into the 
> per-micro-server--single, dedicated host per site.  Single Board 
> Computers, etc.

Yeah, they should make them the shape of a STU III key
http://www.wired.com/wired/archive/7.05/what.html (so you can
"turn-off" a customer when they don't pay), have 30 of them 
across per 1U rack space with a load balancing gigabit ethernet layer 3
switch featuring geographic site migration based on an Akamai-like 
throughput requirement heuristic.... or something like that.

However, I begin to typith out my arstechnia, so I leave you (and
promise not to post to this thread again) with the following, mildly on
topic URL:

   http://www.freshmeat.net/appindex/2000/01/07/947263781.html

-cfb