This looks cool, but really really don't run something like on a system which has any data you care about on it :)
I don't mean to be negative about this project, but it feels worth a reminder of the risks that this kind of install mechanism present.
Whilst this is a common install mechanism, blindly piping shell scripts to bash from a remote source is really not a good idea, in general.
It's not even that easy to review to confirm what's happening as it first runs a shell script that runs a Docker compose script that then runs a Docker image
which mounts the Docker Socket (effectively giving control over the host) into the container.
It's nice to be able to start up an ephemeral instance so quickly, and to be able to install packages too. Wouldn't it be fairly open to abuse though? You could make any kind of requests you like from these.
I'd like a service like this, but which I could just SSH to and automatically connect to a fresh Linux instance each time.
It seems like it'd be pretty simple accomplish. You could continually pre-boot a number of Linux containers proportional to the amount of traffic you expect. When a user attempts to connect via SSH, just pop them into the next available instance, FIFO style.
Users could either log in as 'anon' with no password, or they could pick a username and then set up an account just by SCPing their public key, allowing them to persist their instance or save the state for later.
Come to think of it, I basically just described Google Cloud shell, which I really never use, but maybe a lite version with a very simple usage model would be more desirable. I know there's also Docker, but I think the appeal of this idea to me is that I don't need to use any of my local system resources, and I can log in instantly rather than waiting for a container to spin up.
I am not affiliated with RedHat in anyway, but you can set this up very easily on your own with Cockpit by RedHat. Its free as in beer and libre as its under the LGPL licence and gives you basically full access to the machine via a gui. You can view statistics on disk usage, network usage, processes, etc, and can also connect to a terminal in browser with full sudo privileges. Any changes you make in the gui are immediately reflected in the terminal and vice versa. I don't use it for large scale deployments, but its perfect for managing personal systems. I even have a docker extension set up on it and I can search and set up docker images right there from the gui. Fun and easy way to test out new software
> We are in urgent need for donations in the form of server resources. Please contact us at team@instantbox.org if you are able to help. We appreciate it!
And I can choose CPU cores, Memory and duration (default 24 hours). No surprises there.
I don't mean to be negative about this project, but it feels worth a reminder of the risks that this kind of install mechanism present.
Whilst this is a common install mechanism, blindly piping shell scripts to bash from a remote source is really not a good idea, in general.
It's not even that easy to review to confirm what's happening as it first runs a shell script that runs a Docker compose script that then runs a Docker image which mounts the Docker Socket (effectively giving control over the host) into the container.