Metawire.org Admin On OpenBSD Hosting

hext0r writes "Open Hosting provider metawire.org administrator Daniel Selans recently wrote an informative article for the OpenBSD Journal about the difficulties and successes in running a free hosting provider using OpenBSD. It's an informative read for anyone considering starting any type of hosting company using free technologies."

*BSD IS UNDYING

[Leffe]

Maybe *BSD died back then... but it's most surely coming back! Just take a look at the latest NetCraft survey and you'll see that they have come back a little.

I think this article confirms it. Just check where it's posted: http://undeadly.org/, doesn't that light some lights!?

One thing that I can most definatelly note is that with the use of OpenBSD, the experience was made by far simpler, and headache free. The common belief out there is that OpenBSD is best used for security gateways, firewalls, routers and etc. Well, I personally do not believe so. The capability of this OS is only admin deep. The more you know, the more you can achieve. I have personally ran OpenBSD in large enterprise environments as web servers, file servers, database servers, and frankly, it's resource management and speed is uncomparable to most other operating systems out there, multiply that with the security standards, and you've got an amazing OS.

I feel like installing OpenBSD!

Nitpick

[sreeram]

about the difficulties and successes in running a free hosting provider using OpenBSD

I didn't see anything negative in that article. Nor any major "difficulties". He made it sound like it was a breeze - just put together a bunch of scripts and it's all done.

PS: I love OpenBSD. Like Daniel, I also use it as both a server and a desktop workstation. I just wish people would RTFA.

Re:Nitpick

Especially disappointing was that there weren't any explanations of why OpenBSD would be better than FreeBSD or NetBSD. I'm looking hard at moving from Linux to BSD, and I've got more questions that need answering than I had when I moved from Windows to Linux.

How does OpenBSD handle package management? Is it conducive to compiling everything by hand? Are there any serious packages that OpenBSD lacks? Will I have a lot of trouble if I want to use example_package-3.1.5 but the package system only has example_package-3.2.2 in it?

The BSDs have several advantages over Linux, especially the way the systems are engineered, but it's also very nice to be able to pick and choose the versions of software I want to run, rather than needing to rely on a package manager for them.

Re:Nitpick

[bl1st3r]

As one of the two co-owners of Metawire I must agree. Overall, the OpenBSD situation for us has been extremely positive. The difficulties that we had that were not mentioned in the article were mostly the cause of inproper configuration allowing local users (we are a shell provider) accessing services that we didn't expect, causing situations we couldn't avoid in time.

All in all though, it has been extremely smoothe and the users all seem to be appreciative.

One of the biggest challenges for us was getting a good userbase. We found that the majority of our users were from countries like Romania and Poland who just wanted a shell account to run a BNC and then never log in again. This went against everything we created Metawire FOR, which was to create a community of like-minded computer enthusiasts.

There have been some problems, but OpenBSD has helped to aleviate the majority of them.

Re:Nitpick

[bl1st3r]

One of the main reasons for selecting OpenBSD is that it handles local security better than some of the other flavors. FreeBSD is my personal favorite for servers, but as a server that handles local users, I would never go with anything other than OpenBSD ever again.

The package system is also very nice. OpenBSD audits the packages that are included to protect against retarded local exploits. OpenBSD doesn't trust third party packages and this shows in its track record of local and remote root priveledge escalation's. Third party software is often overlooked as a flaw with Open Source software. Every day we hear about a new Microsoft Outlook hole, but nothing ever gets mentioned on slashdot on how XMMS allows arbitrary code execution. This kind of stuff happens all the time, but is often overlooked because most people running servers don't let their users do anything.

As a free hosting provider like we try to be, we wanted to give the users as much access to the system as we could safely allow. This has been both a hinderance and a help. Having a truely open provider available for users has helped us grow at an exponential rate. But we have to be very concerned about every local vulnerability that exists.

Re:Nitpick

[MikeX]

What do you want to know? As long as you post to the correct list, people are very nice. Stay away from the developer list with questions, the tolerance for that is apparantly fairly low.

Package management? The ports collection is awesome. Installation is, honestly, very easy. The pkg_add command takes care of everything (at least in my experience).

Compiling _everything_? I can't answer this one. Compiling all your programs (minus the libraries, etc) went very smoothly for me.

As for lacking serious packages...I haven't found anything that I needed that I couldn't get, but that's me. Most of the time, if you're package won't work on OpenBSD, there is some sort of BSD licensed equivalent that works well.

If the package version you want is not available, you can always recompile, but the amount of packages and their different available versions is astoundingly huge.

One of the biggest advantages of OpenBSD? The documentation is beautiful. They really weren't messing around with this. Not only is the documentation abundant, the quality is really nice. There are examples and troubleshooting tips all over the place (in the man pages).

It runs on essentially anything, so grab an old machine and play with it, I think you'll find most things are intuitive.

--Mx

Re:Nitpick

[bl1st3r]

It's a proxy. Allows users to just leech bandwidth. A lot of the foreigners are using it on our system to get onto IRC networks that their ISP's get banned from for warez abuse and things of that nature.

Re:Nitpick

[styrotech]

If you want cutting edge software then OpenBSD may not be for you, because it stresses stability over recency. It's so conservative in this regard it makes Debian-stable seem daring.

Even as a big Debian fan, I still have to admit OpenBSD has newer software than Debian Woody.

OpenBSD ain't bad, it comes out every 6 months and is usually fairly up to date.

Re:Nitpick

[acidtripp101]

OpenBSD is supposedly more secure than FreeBSD, but in terms of direct remote root exploits, they're just about the same as FreeBSD- both use Openssh which hasn't had that great a security track record. OpenSSH appears to be developed and maintained by the OpenBSD team. Whether OpenSSH's security/quality is representative of the rest of the OpenBSD team's work is up to you to figure out.

Wrong. 99% of the OpenSSH vulnerablities don't affect OpenBSD. I can't tell you the specifics, but the reason is basicly that the way OpenSSH is integrated into the system along with kernel specific security measures prevent exploits that would affect another POSIX OS. If you read the security announcements for the OpenSSH vulnerabilities, you'll usually see that OpenBSD is immune.

Re:The problem with BSD is its ports system

[Nimrangul]

I understand you are trolling, but incase someone takes an anonymous coward's words seriously I'll bite.

Because of the way ports and packages are designed this complation issue of yours does not happen.

You do not need to configure anything to compile a port, you need to run "make install" after enabling root permissions or getting sudo setup.

Packages are not the norm by any stretch of the imagination for anyone I know that uses a BSD. Installing a pkg works fine as long as you also have the dependancies it will just install the same as if you made from a port and I have never found a port in the 3.3 release that installs broken not bad for the 193 I use for my desktop.

The only messed up compile I've ever seen is xmame+xmess, which my machine could not handle cause it doesn't have enough resources to compile it.

OpenBSD is equally able to use the ports and pkgs in it's system because the system was designed for Open.

Amen.

I would just like to echo that Metawire is by far the best shell hosting I have ever used. I think I was one of the first signups, and since the beginning they allow alot of trust to their users and aren't restrictive.

Metawire is simply exactly what it says on the tin. Free, and amazing shell hosting, have them for an email account, or your website, for hosting scripts and whatever else you can think of.

Great service.

The cost is picked up by the administrators themselves, and it's ran extremely professionally with complete regard for their users.

Simply by the services they allow you can see that OpenBSD is a great OS for just about anything and everything.

Re:Amen.

[miryth]

Well, I have to say, I'm a bit less than pleased with the email service... it tends to work fine, just... late. Very late. Not all the time, though, just enough so I'm looking forward to G-mail or whatever :p

Ack!

[__aavhli5779]

Metawire.org, my precious server, slashdotted!

I guess we can consider the fact that it's still up a testament to OpenBSD :)

In all seriousness, though, OpenBSD has been a blessing for running Metawire. I joined the admin team a few months ago, after having been a lowly user and an active member of the community since last year, and have found (as Danny put so well in his article) that the biggest challenges in terms of maintaining a secure and stable server with thousands of users are well met by a system with a philosophy like OpenBSD's.

The challenges that OpenBSD and a proper user management system (which I have been an active developer on since I was made an admin) can not handle are those that plague any provider of a free service, namely the ages-old Tragedy of the Commons.

Garret Hardin's prophetic essay deals mainly with the human tendency for one to maximize the usage of any communal space for his own personal gain, and at the same time to shirk the responsibilities of its upkeep since it is not "his". As this applies to being a free shell provider on the Internet, you have to deal constantly with users who apply, abuse the service, are given the boot, and then show up again. As far as they are concerned it is a common space, freely available, for which they are not responsible. Since they do not take ownership in any sense, what responsibility to they have to keep things OK for others?

The "tragedy of the commons" manifests itself in the biggest administrative headaches the team has had to face so far. People signing up to use bandwidth-hogging psyBNCs/IRC proxies to get past bans on networks or keep nicknames alive, people using our service to mailbomb, people using it to host illegal materials... Had they been using a paid shell (which are widely available) for which they had some degree of "ownership" and at least an implied responsibility to follow the rules, their behavior might be less destructive, but because they are using a free resource, they feel unburdened by any responsibility towards other users and the administrative staff.

I could let these failings of human nature get me down, but thankfully there is another tool which can fill in where OpenBSD fails. Perhaps even the vagaries of man can be overcome...

by Perl :P

Re:Agreed and please donate

[Taxman457]

They also place very little restrictions on what you can do. SSL access to webmail will be online soon too.

I just signed up for an account and have been very pleased. It sounded to good to be true, but its been great. But if people don't eventually donate, it may not be able to continue in the long run, so please consider that. They seem fine now, but lets keep it that way.

Sign up, contribute, and eventually donate if you like at:
http://metawire.org/donate.php