Named after the Super Dimension Fortress from the Macross anime series. If you like mecha i recommend checking out the original series (it might look dated in some regards but still worth a watch. And the Do You Remember Love is a must watch after you finished the series, a grandiose animated spectacle, one of the most impressive animated films I've seen)
If you are not feeling like watching a long series, I recommend checking out Macross Plus, from the author of Cowboy Bebop and Samurai Champloo
The series is known as Robotech in the USA. The original series is not available legally in the USA to my knowledge but should be available on Japanese blu rays with english subtitles or on your favorite Linux ISO sharing website. The rest of the entries are on Disney+ or the aforementioned websites.
I found a way to escape their shell (so you can run whatever you want), if you're not verified, it involves multiple steps to archive this. I mailed them 2x to their membership address, but since today no reaction. I asked also in their IRC.
Just a question to HN: should I wait more, try again? Or should I simply publish the vulnerabilities somewhere? If yes, where? It's my first time that I found a vulnerability at my own, not sure how to deal with that.
Don't publish. You already notified them, your shell escape isn't a big deal, publishing it will only be a pain for the volunteers running the service.
You shall wait. It's a volunteer powered system and while the ops are silent and terse in their mails, they're nice people.
Their plate is already quite full and they operate a whole universe of services, so cut them some slack.
It's not an ordinary service which is exposed to internet trying to turn a profit. They run SDF, two Mastodon instances, a mail server, a Git server, trying to salvage/keep alive living computer museum (SDF Vintage Systems), etc. etc.
I think you should create some visible but harmless nuisance using this shell escape, so that it's likely to get noticed, but doesn't damage anyone's valuable data.
Perhaps just run "bash -c 'stress --cpu 64 ; echo fix your shell escape'"l " or something like that.
just got my stickers from there yesterday! :-) i wish my less cs-oriented friends could see how cool i think the sdf is, lol; and, that some kind of "small-web" system, complete with the self-expression the sdf offers via web-hosting, a radio station(!), etc., was accessible to more people (not at the fault of anyone; just that there's a lot to the internet that most people will never see). :>
Finally got to log into a vms system! I was looking to do that over 20 years ago but never could find one.
Somehow I still remembered most of the shell syntax in a book I read about it probably in 2001. Don't ask me ... I don't know how either.
Got bored in about 10 minutes but still, another box checked off!
Previously...
SDF Public Access Unix System - https://news.ycombinator.com/item?id=32340635 - Aug 2022 (29 comments)
SDF Public Access Unix System - https://news.ycombinator.com/item?id=31076886 - April 2022 (46 comments)
SDF Public Access Unix System - https://news.ycombinator.com/item?id=14940790 - Aug 2017 (29 comments)
SDF – Public Access Unix System - https://news.ycombinator.com/item?id=14134798 - April 2017 (51 comments)
Named after the Super Dimension Fortress from the Macross anime series. If you like mecha i recommend checking out the original series (it might look dated in some regards but still worth a watch. And the Do You Remember Love is a must watch after you finished the series, a grandiose animated spectacle, one of the most impressive animated films I've seen)
If you are not feeling like watching a long series, I recommend checking out Macross Plus, from the author of Cowboy Bebop and Samurai Champloo
The series is known as Robotech in the USA. The original series is not available legally in the USA to my knowledge but should be available on Japanese blu rays with english subtitles or on your favorite Linux ISO sharing website. The rest of the entries are on Disney+ or the aforementioned websites.
I found a way to escape their shell (so you can run whatever you want), if you're not verified, it involves multiple steps to archive this. I mailed them 2x to their membership address, but since today no reaction. I asked also in their IRC.
Just a question to HN: should I wait more, try again? Or should I simply publish the vulnerabilities somewhere? If yes, where? It's my first time that I found a vulnerability at my own, not sure how to deal with that.
Definitely wait at least a few months if you've not already. There are legal risks with these kinds of things and some orgs move slowly.
Don't publish. You already notified them, your shell escape isn't a big deal, publishing it will only be a pain for the volunteers running the service.
You shall wait. It's a volunteer powered system and while the ops are silent and terse in their mails, they're nice people.
Their plate is already quite full and they operate a whole universe of services, so cut them some slack.
It's not an ordinary service which is exposed to internet trying to turn a profit. They run SDF, two Mastodon instances, a mail server, a Git server, trying to salvage/keep alive living computer museum (SDF Vintage Systems), etc. etc.
I think you should create some visible but harmless nuisance using this shell escape, so that it's likely to get noticed, but doesn't damage anyone's valuable data.
Perhaps just run "bash -c 'stress --cpu 64 ; echo fix your shell escape'"l " or something like that.
I've been fortunate enough to know Stephen Jones of SDF through his running of the local Seattle retro computing event (now rebranded as VCF PNW)
He's an absolutely kind soul who is deeply interested in all kinds of retro projects. I wish there were more folks like him in tech generally
just got my stickers from there yesterday! :-) i wish my less cs-oriented friends could see how cool i think the sdf is, lol; and, that some kind of "small-web" system, complete with the self-expression the sdf offers via web-hosting, a radio station(!), etc., was accessible to more people (not at the fault of anyone; just that there's a lot to the internet that most people will never see). :>
I've been on it forever, it's such a great resource
Yesterday was NetBSD's 33rd Birthday. Nice time to share it :)
Still going strong. I started there when they were still on DEC alphas.
"this page was generated using ksh, sed and awk"
A great webhost, too. You can log in and edit html/index.html directly or scp stuff up.
I love SDF. Super reliable and awesome community.