[walrus01]

As a network engineer, with 'enable' on a lot of the bare metal devices that actually run the cloud...

This is why I don't put anything that I care about on a service or system I don't control. If I want to host videos I care about staying online, they live on a VM configured for a pretty common LAMP stack which exists on a hypervisor that I own and control down to the bare metal and the contract for the colo rack space and 208VAC power.

Using this example, that same 1RU system has a connection to an ISP that I know and trust. It's not going to go offline unless I were to do something so terribly abusive (in terms of network abuse) or illegal that it would cause them to admin down the 1000BaseT port facing it. Or it could theoretically go offline if I used it for illegal outbound network activity and somebody from the local FBI field office showed up with a warrant to take it (again highly unlikely, because I don't do that shit). Those are just about the only circumstances in which a third party could bring it offline.

[ddtaylor]

There is also dtube / peer tube / ipfs as well if these things continue to get worse we'll see a rise in those technologies.

[excalibur]

> Those are just about the only circumstances in which a third party could bring it offline.

This sounds like a challenge. Does the winner get a bottle of scotch?

[walrus01]

Well I'm certainly not going to post the IP addresses of its public netblock for anyone to DDoS. Though my upstream, and its upstreams, do have DDoS mitigation services in place.

:)

edit: actually, yes, the winner would get a bottle of scotch. I have had people that I know and trust, with my permission, attempt to gain external access to it, without success. Not claiming I'm any sort of netsec wizard, just that I have a layered defense of most common security precautions for anything that has a public static IP address these days. Nobody has been successful yet. It could theoretically be brought down by:

a) social engineering the ISP it's hosted at (unlikely, they know me, I know them)

b) physical removal (its reverse DNS gives no indication of where it's physically located other than within a major metro area, could be at one of about twenty different datacenters. all of which have reasonably good physical security in place).

c) false legal claims causing some legal authority to bring it down, theoretically possible, but unlikely given the strong EFF/ACLU supporting political stance of the owners of the ISP it's hosted at. They would fight anything short of a court order that they could be held in contempt of.

d) Extensive sustained DDoS. I don't have any enemies that would be interested in wasting a DDoS on this, but its upstreams have a LOT of extra peering and transit capacity to absorb DDoS up to the 150Gbps range.

e) hardware failure, it's not perfectly 1+1 redundant in everything. but I have backups of every VM that can be brought up fairly quickly on a temporary dedicated server in a new, different, geographically diverse location fairly quickly.

f) some terrible unknown zero day exploit on one of the few daemons that listens to the public interface, through which some method of accomplishing a user and then su/sudo root shell might be possible.

[dragonwriter]

> terribly abusive (in terms of network abuse) or illegal that it would cause them to admin down the 1000BaseT port facing it. Or it could theoretically go offline if I used it for illegal outbound network activity and somebody from the local FBI field office showed up with a warrant to take it (again highly unlikely, because I don't do that shit). Thos

It is a mistake to think that consequences that come with other businesses or the government believing you are doing something illegal can only occur if you actually do something illegal. (It's also a mistake to think that the government could o my seize your computer if it thought you did something illegal with it; though if they didn't but thought it had relevant evidence they might ask nicely before getting a warrant, rather than jumping straight to compulsory process. But that's politeness, not a legal mandate.)

[walrus01]

I have been on the side of an ISP implementing court orders, search warrants and subpoenas against customer equipment and customers' services, so I'm quite familiar with the process.

Yes, there is also danger in civil lawsuits.

[nvr219]

"So, what are you gonna use it for?" "IDK, minecraft server probably."

[walrus01]

"Teledildonics over RESTful HTTPS APIs"

[nasredin]

One definetely must use HTTPS as opposed to HTTP when teledildonicing.