Hacker News new | past | comments | ask | show | jobs | submit login
Public access Linux system: Your non-profit shell provider since 2002 (freeshell.de)
159 points by doener on Dec 27, 2018 | hide | past | favorite | 40 comments

There are a lot of good shell systems out there. I first used SDF. Then circumlunar.space (which is still a mainstay for me). I also now run a micro-pubnix off of a raspberry pi zero (featuring a custom built shell and software suite for gopher phlogging, chat, bbs, and gaming) at gopher://colorfield.space:70/

I do not know much about freeshell.de, but can say that I have found the type of internet community that I have missed since the early 90s ont hese shells.

The tilde crew is really awesome as well.

I used to be on SDF and at the time (99-02) recommended it to everyone who needed a place to put a webserver for a small website.

I've been a user of SDF for many years, and even though it may be irrelevant form a technical standpoint, even with all its faults I am thankful for its continued existence.

At least in the case of SDF, it can be a "social" community just as much as a platform for various hosted services.

It features a custom BBS of sorts called 'bboard' - which lets users post messages about any and all conceivable topics - from Unix to ham radio to philosophy and old telephones.

It also has its own chatroom called 'com' in addition to various channels on its own irc.sdf.org server.

There is an active ham radio "club" within SDF, and there are regular "partyline" voice chats (conference calls) offered through its VoIP service.

It also hosts a huge gopher/phlog community - where users not only post interesting and unique content, but often make a point of writing posts in response to other users' posts.

As someone who first got online in the mid-1990s via AOL on a Macintosh, I largely missed out on the early days of the Internet, before it came to be dominated by the WWW. I truly appreciate SDF because it is a nice space for folks to get a small taste of what life used to be like on the net, before it became dominated by commercial interests, relentless invasion of privacy, and proprietary services.

I'd encourage all to create an account and take a look around. The one-time $36 donation to get lifetime ARPA membership status is well worth it, in my opinion.

There's a network of shell providers called the Tildeverse: https://tildeverse.org/members

This is a bit off-topic but I'm wondering about this since I had a shell acount at university many years ago.

Is it safe to ssh into an untrusted host? What are the things to watch out? I know that ssh -X is not a good idea but are there other options that are potentially dangerous?

Or is it just that people trust their shell providers?

One attack vector is your terminal emulator’s interpretation of escape sequences. Some of them allow code execution.

E.g.: https://www.proteansec.com/linux/blast-past-executing-code-t...

> Its important to emphasize that escape sequences used in up-to-date terminal emulators used today most likely don't have such vulnerabilities, since they have been mitigated in the past. However, terminal emulators developed recently and used on other devices, like on embedded devices, Android, iOS can still contain such vulnerabilities.

You shouldn't connect to an untrusted host via SSH with SSH agent forwarding enabled. From the man page:

> Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's UNIX-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.

My first experience with a free UNIX shell on a public machine was http://grex.cyberspace.org/ and it seems that they're still up.

Wow! I also used to use that system, for many years my primary email was kevstev@cyberspace.org. I never used the actual shell for much, but I did use it for email until gmail came along.

Interesting, that is a blast from the past I had nearly forgotten about.

Not my first experience, but I still have a fond if faint memory of prairienet. Out of UIUC (University of Illinois Urbana-Champaign, IIRC.

Back when connecting the world was viewed as (and often experienced as) a good thing.

Also http://nyx.net/ which, at least when I joined, was free to sign up. An existing member could verify your ID face to face, and you just had to provide a photocopy, envelope and stamp(s) so they could send a copy to nyx.

Fond memories of nyx. I made the "quick reference" card, and it looks like it's still around: https://www.nyx.net/help.html#QUICK%20REFERENCE

I tried out SDF when I wanted to give someone some basic intros to how to use the shell and do shell scripting, and was looking around for something that provided some kind of free shell access.

The problem is, unless you donate or find someone to sponsor you, you don't actually get shell access; you get some very limited BBS functionality. And even once you do donate to get the basic access level, there are a number of basic programs (like Python and a C compiler) that aren't executable without getting a higher access level.

I wound up installing my own local version of pkgsrc in my home directory just to see if I could use that work around the issue, but that's not really a good option for the "teach someone how to use a Unix shell" use case.

It's easier to just spin up a free tier VM on one of the cloud providers than it is to use the "Public Access Unix" on SDF.

The SDF system was created at a time (1987) when accessing to a timesharing Unix system was a rarity for the majority of PC users who's outside of an institution, thus "Public Access Unix System".

At that time, the creation of a public minicomputer running Unix, which you can telnet into was groundbreaking. And in the late 90s when the WWW was taking off, it offered a wide ranges of community services, including a shell, access to newsgroups, Gopher, E-mail, IRC, and being an ISP with dial-up and DSL network connection, that served as a great platform to your online presence.

The time has changed and today it doesn't have the significance that it was. Running a system by yourself or renting a virtual server makes more sense.

Although SDF itself is still a good community, and now has a Minecraft server and a Mastodon server in addition to the technical BBS.

One other benefit of experiencing this system instead of a random cloud VM is that one can experience what a properly managed 'classic' unix system is like - e.g:

- multinode / shared nfs homedirs / multiuser

- CLI mail is wired up properly

- publish www via ~/public_html

- finger/whois

- system from source, 3rd party stuff in ports

the modern 'random ubuntu laptops + dhcp on wifi' network feels hugely impoverished by comparison as far as network cohesion (but yes there are positives to this tradeoff too)

cli mail, finger and talk could be a great initiation to traditional tools!

As for the random ubuntu laptops, try to do the dhcp on wifi using a debootstrap of a minimal debian on a separate partition, then configure wpa_supplicant to start dhcp by systemd dependancy, and detect wifi card to start wpa_supplicant@wifi_card_device_name. This could give you a great introduction to modern tools! (bonus points if you setup a native wayland)

Understand the old and the new ways gives a better picture of the overall system, and will help you make education decisions.

(And it's not forbidden to setup CLI mail on your modern system, or a systemd-based classic unix! mix and match to your tastes!)

> The problem is, unless you donate or find someone to sponsor you, you don't actually get shell access; you get some very limited BBS functionality. And even once you do donate to get the basic access level, there are a number of basic programs (like Python and a C compiler) that aren't executable without getting a higher access level.

Eh? It takes a minute of dropping in on com to get someone to verify you, and after that you have access to everything in the 'basic' user level -- which does indeed give you access to compilers and the like.

SDF appears to be down right now (maybe too much attention from this thread?), but according to the archive https://web.archive.org/web/20180503065444/http://sdf.org:80..., you need the ARPA membership level ($36) for "outbound telnet, ssh, sftp, ftp, ytalk, irc, snarf, wget" and "gcc, elisp, perl, php, python, ruby", and this matches what I recall from when I tried.

There are the "instructor" and "student" levels, but since this wasn't an official course I was running but just "I want to show someone the ropes of Bash scripting," I found it a lot easier to just spin up a free-tier VM on Google than try to find someone who could give me the appropriate membership level.

It's back up again, and I checked. Right now gcc and some versions of Python are usable for people in the "users" group, but others are not:

  lrwxr-xr-x  1 root  wheel     9 Jan  2  2018 /usr/pkg/bin/python -> python2.7
  -rwx---r-x  1 root  users  5952 Nov 12 17:13 /usr/pkg/bin/python2.7
  -rwx---r-x  1 root  users  1685 Nov 12 17:14 /usr/pkg/bin/python2.7-config
  lrwxr-xr-x  1 root  wheel     9 Jan 18  2018 /usr/pkg/bin/python3 -> python3.6
  -rwx---r-x  1 root  users  7728 Feb  9  2018 /usr/pkg/bin/python3.6
  -rwx---r-x  1 root  users  3132 Feb  9  2018 /usr/pkg/bin/python3.6-config
  -rwxr-xr-x  1 root  wheel  5984 Dec 24 01:27 /usr/pkg/bin/python3.7
  -rwxr-xr-x  1 root  wheel  3132 Dec 24 01:27 /usr/pkg/bin/python3.7-config
They seem to use the "users" group to deny execute access to members of that group, but they have some more recently installed/updated packages that they haven't applied such permissions to.

There is the additional membership level MetaARPA, at $9/month which you need to have to have access to tools like git:

  $ ls -l /usr/pkg/bin/git
  -rwxr-x---  1 root  MetaARPA  2481424 Sep 11 13:50 /usr/pkg/bin/git
The motd mentions that they're testing a NetBSD 8 upgrade right now, which may be why the permissions aren't set up correctly for some of the tools that are supposed to be restricted at the "user" level.

But anyhow, this kind of restriction of use of basic development tools for the free tier makes it kind of useless for what I wanted to use it for, even if the restriction isn't enforced all that well. I could understand if they restricted usage, like disk or CPU, or things like TLS for your home page, and I can understand restricting some outbound networking to prevent abuse, but not providing access to Python and Git in the free tier?

Definitely agree on just spinning up a free tier VM for very mild use cases or for a jump box or testing, or for troubleshooting network/provider/access issues. Google's always(?)-free tier 600M F1 Micro instance works nicely for this. Be aware only 1G transfer in the free tier though.

I suppose this shows my age; for me, it will always be sdf.lonestar.org and the fastest way to get a better access level will be to take a hardware donation to an address in a suburb of Dallas.

(I wonder if my account still works...wow, it does. I should really change that password.)

I have always wondered how they manage security on these systems.

My long term hobby project is a web desktop for Linux. Security wise it is much the same as letting people use a shell from https. It would be nice to have a system to allow people to try it out and have a couple of hundred meg or so of persistent storage.

It's quite a daunting prospect, and such fun if you get it wrong.

Back in the day you would use grsecurity. It was very impressive. It pre-empted virtually every bug you'd hear about.

It has gone private/premium since. Nowadays perhaps you can achieve the same with SELinux or AppArmor?

Something like https://repl.it?

I can go back further. My first experience with a free non profit shell provider was nyx.net in 1992.


I could dialup to Peachnet - a free Gopher server provided by the University System of GA and somehow navigate to it. It was a six step process to get there and I had a macro to automate it.

It was a 7 bit connection and I could only use Kermit to transfer files. I still haven’t found an interface as clean as the “nn” news reader I use to use to read Usenet.

Amazing they aren't abused out of existence.

Having to send in a physical postcard before account activation probably helps with that.

This sort of thing got me into unix based operating systems. Such a fantastic service.

As shells go, I used to pay for FreeBSD hosting on pair.com. The problem with free (I like free stuff, just not free shells) is, if it ever becomes popular, some people will abuse it and a Tragedy of the Commons is a likely result... it's better to pay for what you use so that:

a) survival of the service is more likely assured

b) there's someone to file a ticket with and an SLA/SLO when things break

c) doesn't enable jerks to ruin something for everyone, i.e., draconian limits or taking a service offline

I was surprised recently how cheap low end *nix VPS are.

Like 2 bucks for a year. Sure it's a crappy 128mb system but that's enough to do a lot of things.

2usd/year with a public IP? Link?

At that price range it'll be IPv6s and NAT'd ipv4. The v4s are specific port ranges (and to SSH). I bought a 5 pack multi country one recently to experiment with distributed stuff. :)

A more respectable machine is probably like 15 usd a year (1gig w/ ipv4).

Keeping in mind that you get what you pay for

Relevant linkages...

2USD ones... https://lowendspirit.com/locations.html

ipv4s... https://alphavps.bg/clients/cart.php?gid=33

More... https://www.lowendtalk.com/discussions

That first link redirects to spam on mobile. I sure wouldn’t trust them with my credit card.

oh wow. Yeah that is indeed rather dodgy. Sorry about that.

Yeah I'm not giving anyone in this price class a credit card. Paypal & disposable credit cards only.

It's also quite possible that they close shop fly-by-night style so I wouldn't rely on them for anything serious. Still for the price I find them useful for experimenting & learning.

Since people are recommending other projects of this kind, allow me to throw in https://hashbang.sh/ which is IMHO the slickest one.

freeshell.de, however, has this great oldschool feel without being too crowded. Very hipster, highly recommended.

reminiscing about hobbiton.org now :P

Any examples of what people might use these systems for? Is it mostly socializing?

Playing around on a Unix box that someone else can administer? An alternative social network? Or even just retrocomputing.

Applications are open for YC Winter 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact