[Libre-soc-dev] Freenode IRC and the future

Luke Kenneth Casson Leighton lkcl at lkcl.net
Thu May 20 22:39:47 BST 2021 

On Thursday, May 20, 2021, Jacob Lifshay <programmerjake at gmail.com> wrote:

>
>
>
> Don't confuse Element with Matrix, the reference Matrix server itself is
> relatively simple to install, relatively lightweight, written in Python3,
> and available on Debian testing:
> sudo apt install matrix-synapse


 ok, so if you have not run an internet-facing service before, there is one
hell of a lot behind "just run this command".

the implications are:

* that a full code review is needed
* that the attack surface of all incoming connections needs to be analysed
* that the expected resource utilisation needs to be assessed
* that someone needs to take responsibility for ongoing attack mitigation,
updates, recovery, backups, and more

this latter is a LONG TERM committment where you need to be prepared to
literally drop absolutely amything you are doing, any hour of day or night,
and scramble IMMEDIATELY to resolve issues.

for example 3 days ago i was in the middle of doing something for Lauri,
Mythic-Beasts inform me that they have had reports of net abuse made
against the Libre-SOC Server.

i had to IMMEDIATELY spend 90 minutes non-stop to add captchas otherwise
they would have been perfectly within their rights to TERMINATE OUR
OUTGOING SMTP.

no mailing lists, not just for libre-soc but also for a client that i had
to move onto there in an emergency last week.


the additional issue is that it is nowhere near as simple as "sure i can
volunteer for that", you actually have to actually know what you're doing
and be trustworthy and demonstrate experience in systems administration.

right now that basically means me for the security audit and code review,
and resource utilisation review, and Alain as backup for service recovery.


do we have time for me to cease all other activities and spend at least 2
weeks on this *additional* task?

no we do not.


so on that basis, it simply cannot at this time be considered.

dynamic services are radically different from static ones.  ikiwiki was
*specifically* chosen because it generates *static* HTML.  this minimises
the attack surface to *only* one well-written cgi program, and to nginx.

l.



-- 
---
crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68

More information about the Libre-soc-dev mailing list