Comment by π lars_the_bear
Re: "Iβm pondering about self hosting a small gopher hole on myβ¦"
I guess it depends on how robust the Gopher server is, and how easily an intruder could get from the Pi to the rest of your computers if it wasn't robust enough.
For me, the risk just isn't worth it -- not when I can get a cloud VPS for $12 per year. The risk is probably a very small one, but it's not so small that it merits saving $12.
Apr 16 Β· 3 weeks ago
6 Later Comments β
π SavaRocks Β· Apr 16 at 06:59:
use docker containers as I do ... this way ... even if the gopher is "hacked" the attacker will gain access only to the docker container
π astrowat [OP] Β· Apr 16 at 08:30:
Thanks for the advice from both of you. I think isolation (vps) is probably the way forward for now. Iβm not confident that once someone has got into my home network they will have limited access, but that a separate problem.
π lars_the_bear Β· Apr 16 at 12:13:
@SaveRocks : I would have thought Docker would be a bit of a burden for a Raspberry Pi, although I appreciate that it's supported.
I have mixed feelings about Docker/Podman/LXC for this kind of thing. On the one hand their isolation is pretty strong. On the other, their widespread use in the online services world makes them a viable target for hackers.
Still, I guess if anybody does find a way to subvert docker, they're going to have more lucrative targets than somebody's home gopher server.
π astrowat [OP] Β· Apr 16 at 17:25:
Re: with docker - you want to make sure you donβt elevate access unnecessarily and have a non-root user to run the process. I know itβs possible to escape the container if itβs not secured.
π norayr [mod] Β· Apr 20 at 00:20:
there's old good chroot, back in decades ago people were running servers in chroots when they weren't sure. and chroots could be very small.
if the binary was statically compiled it basically needed just a kernel and its own configs.
but i am much more interested in how do you run a gopher bbs for meshtastic?
can i guess? you have a program that presents itself as socks proxy for your gopher browser. then instead of proxying it talks to a meshtastic device. on the other side a similar program gets a request and passes it to a gopher server.
i am writing such a program, have it half baked, need to concentrate and continue. how do you do this? can you explain what you do?
π astrowat [OP] Β· Apr 20 at 11:24:
Iβm using MeshGopher (not mine - https://github.com/jmansell90/meshgopher) which has a very basic gopher server built in, the builtin client chats via DM and will chunk text to get around the 200 byte limit. I was thinking about using gophernicus to add a bit of dynamic content (weather, etc).
Original Post
Iβm pondering about self hosting a small gopher hole on my raspberry pi. Itβs mostly for #meshtastic (Iβm using it as a BBS), but Iβd like to show it off to people without a mesh of their own. Would it be a bad idea to open port 70 on my firewall? Iβm intentionally avoiding any cgi so the surface area of attack in smallish.