Re: Idea: 'ethical hosting' [formerly mailman service (free for FOSS projects)]

[Ludovic Courtès]

Pjotr Prins  skribis:

> This is one example for hosting mailman: https://www.mailmanhost.com/.
> They host it on some other VPS service.
>
> What I want to do is provide something similar with a slick web
> interface where people click on a service, say a VPS with mailman,
> configure it and launch it on a VPS hoster of their choice - we can
> offer multiple solutions on multiple hosting parties. Then the client
> has a running and configured server. We charge a fee on top of the VPS
> fee.

For the record, YunoHost develops such a Web interface that allows
people to select services to run on their machine:

  https://yunohost.org/

It’s designed to drive a Debian system, but I guess making something
similar for GuixSD would be easier.  We could have Exim, Mailman,
MediaGoblin, and all that!

> No consulting required unless something goes wrong. So we need to
> probably factor in monitoring and minimal support for paying clients.

Heh, sounds like a plan.  :-)

Thanks for the brainstorming session!

Ludo’.

Re: Idea: 'ethical hosting' [formerly mailman service (free for FOSS projects)]

[Pjotr Prins]

On Tue, Apr 18, 2017 at 07:52:58PM +, ng0 wrote:
> (I am not a lawyer, and I haven't read every bit and piece of the German 
> Vereinsrecht
> so far)
> With a registered non-profit under the Vereinsrecht in Germany it would not
> conflict with the non-profit status as long as the work supports the mission
> and structures of Guix Europe.

Exactly. It would confuse things. Guix-Europe has its own agenda,
currently hosting the build farm.

There is also the administrative overhead and choices one has to make.
I think any company has to be focused on its offerings.

> I haven't read the charta of GE in a while and haven't compared the two 
> countries.
> 
> > I believe in fairness, so we'd have to come up with a way of
> > distributing any income fairly and giving some back to Guix. But that
> > is a separate discussion with the people who want to do this. That
> > does probably not belong on the mailing list. It needs thought.
> 
> It's difficult. Maybe where you have your permanent residence it is easier,
> I've had some expedition into legal entities in Germany for the last few
> weeks with the result that I delayed it for now (TL;DR: get professional
> advice offered by the state). Still some useful outcome in the process,
> you can contact me off list if you are interested.

I have set up limited companies in the past. Not hard and you need
about 2-3K per year in administrative costs. One interesting option is
Estonia. When you become an e-citizen you can set up a limited company
remotely with a group. It is within the EU and all legal. Estonia only
taxes 20% on dividend - which you can avoid paying when you have
enough expenses. 

My idea is that if we have an interesting business case we can
register a company any time. Estonia, NL and UK are interesting
possibilities. Anyway, this is a bit beyond the scope of this ML.

This is an example of a mailman setup I just had to analyse: 

* Mailman

I installed htop, mc and git.

** Ad hoc management

I don't think any form of software deployment is in place (other than
yum) - let alone deterministic software deployment. 

** No git in /etc (fixed)

Especially with shared sys admin I suggest to run git in /etc. I have done
it for you (after installing git with yum)

: cd /etc
: git init
: chmod 0600 .git
: git add .
: git commit -a -m init

Anyone doing updates should check git and commit changes.

** Firewall

Firewall rules are basic. Only ssh gets checked by fail2ban:

: iptables -L
:   fail2ban-SSH  tcp  --  anywhere anywhere tcp dpt:ssh

fail2ban is actually a running daemon. The /etc/hosts.deny file keeps
getting edited (currently 7K lines which means lookups get
slower!). There are multiple fail2ban's running - maybe that is by
design. fail2ban does not modify the firewall rules.

Also running is denyhosts.py - is it part of fail2ban? - which takes
25.7% of RAM(!?).

: 11061 root  30  10  344m 151m 2348 S  0.0 25.7  19:50.20 denyhosts.py

: root 27642  0.0  0.8 429812  5348 ?Sl   Apr15   0:21 
/usr/bin/python2.7 /usr/bin/fail2ban-server -b -s 
/var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x

which can be replaced by the following firewall rules which do not put the 
load, nor the
complexity beyond the firewall:

:tcp  --  anywhere anywhere tcp dpt:ssh 
flags:FIN,SYN,RST,ACK/SYN recent: SET name: ssh side: source
: DROP   tcp  --  anywhere anywhere tcp dpt:ssh 
flags:FIN,SYN,RST,ACK/SYN recent: CHECK seconds: 127 hit_count: 10 name: ssh 
side: source
: ACCEPT tcp  --  anywhere anywhere tcp dpt:ssh

** CRON

Virus checker gets restarted every day (apparently it crashes)

: 0 7 * * * /sbin/service restart mimedefang

** ssh

No password login allowed, good.

Root can access ssh with remote commands (but not shell and using keys only).

** RAM

RAM is fully in use which means SWAP is used quite a bit.

The following python processes

: 11061 root  30  10  344m 151m 2348 S  0.0 25.7  19:50.20 denyhosts.py
: 21223 defang20   0  272m 116m 4624 S  0.0 19.8   3:28.71 mimedefang.pl
:  1643 mailman   20   0  338m  61m 1964 S  0.0 10.3  98:22.97 python2.7
: 23823 defang20   0  182m  55m 4536 S  0.0  9.5   0:17.10 mimedefang.pl

take up more than half the RAM. denyhosts is part of sshd screening
(see firewall). Mimedefang does mail filtering of virusses (see CRON).

** CPU

Running htop for a while is interesting. The single core instance is
maxed out regularly every time a mail comes in.

Mailman qrunner and mimedefang.pl are the main culprits.

: Example:
:
:  CPU[|||100.0%] Tasks: 84, 44 
thr; 10 running
:  Mem[525/589MB] Load average: 
6.49 3.69 2.00
:  Swp[|  738/4095MB] Uptime: 8 days, 
11:40:46
:
:   PID USER  PRI  NI  VIRT   RES   SHR S CPU% MEM%   TIME+  

Re: Idea: 'ethical hosting' [formerly mailman service (free for FOSS projects)]

[Pjotr Prins]

On Tue, Apr 18, 2017 at 10:13:23PM +0200, Hartmut Goebel wrote:
> Am 18.04.2017 um 19:59 schrieb Pjotr Prins:
> > there is actually a business case for something like ethical hosting.
> 
> I also see some demand for ethical hosting, esp. for collaboration
> services like mailman, chat, file-share, a simple web-site, etc. I get
> questions about this quite often. But most times the people are neither
> capable to setup and maintain a server at all – or they don't want to
> spend the money.

We provide the actual images for free, so they could start up anywhere.

> E.g. at 1blu.de you can get a vServer with Plesk admin interface for 8 €
> per month. This includes KVM virtualization (or virtuozzo if you
> prefer), a web-mailer, mailinglists via plesk (mailman in the
> background) and a domain.
> 
> So I don't see a business case here :-(

Heh. It is actually proof that there is a business there, otherwise
they would not do it. The underlying VPS costs 3/m, so their markup is
5/m. And that is without any monitoring or tuning - just a simple
installation.

For a 2-person business you need about 10K/m. So you can compute how
many clients we need. And taking over a company mail server with
webmail and mailman, I am sure we can ask 5-10K per year. 

You can grow in either direction. Main problem is starting up as it
needs some investment.

Pj.

Re: Idea: 'ethical hosting' [formerly mailman service (free for FOSS projects)]

[Christopher Allan Webber]

Pjotr Prins writes:

> On Tue, Apr 18, 2017 at 06:11:41PM +, ng0 wrote:
>> > I don't think we should offer VPS (at first). But we can offer the
>> > choice of using other VPS'. The VPS marked is overcrowded and very
>> > competitive - I would not want to compete with that. I want to compete
>> > with companies that offer hosting, but do not provide the software
>> > stack. I also want people to have access to their own VPS. That is the
>> > ethical part.
>> 
>> Okay, then I do not understandand completely where you are going with this.
>> For a hosted service you need a host first. Do you want to offer consulting
>> work, so that this can be deployed at service (which furthermore would
>> require some legal annoyance), as a service? In other words, some of us
>> probably to cover the legal part with a contract at Guix Europe e.v. (if
>> the registered association law in France works similar to the ones in 
>> Germany)
>> will set up services on demand for interested people and organizations?
>
> This is one example for hosting mailman: https://www.mailmanhost.com/.
> They host it on some other VPS service.
>
> What I want to do is provide something similar with a slick web
> interface where people click on a service, say a VPS with mailman,
> configure it and launch it on a VPS hoster of their choice - we can
> offer multiple solutions on multiple hosting parties. Then the client
> has a running and configured server. We charge a fee on top of the VPS
> fee.
>

Note that that vision of building a web UI on top of a declarative
system to make deploying and maintaining servers easier is what
originally drew me to Guix.  Still hasn't left my mind as something
valuable.

Re: Idea: 'ethical hosting' [formerly mailman service (free for FOSS projects)]

[Hartmut Goebel]

Am 18.04.2017 um 19:59 schrieb Pjotr Prins:
> there is actually a business case for something like ethical hosting.

I also see some demand for ethical hosting, esp. for collaboration
services like mailman, chat, file-share, a simple web-site, etc. I get
questions about this quite often. But most times the people are neither
capable to setup and maintain a server at all – or they don't want to
spend the money.

E.g. at 1blu.de you can get a vServer with Plesk admin interface for 8 €
per month. This includes KVM virtualization (or virtuozzo if you
prefer), a web-mailer, mailinglists via plesk (mailman in the
background) and a domain.

So I don't see a business case here :-(

-- 
+++hartmut

| Hartmut Goebel|   |
| hart...@goebel-consult.de | www.goebel-consult.de |

Re: Idea: 'ethical hosting' [formerly mailman service (free for FOSS projects)]

[ng0]

Pjotr Prins transcribed 2.2K bytes:
> On Tue, Apr 18, 2017 at 06:11:41PM +, ng0 wrote:
> > > I don't think we should offer VPS (at first). But we can offer the
> > > choice of using other VPS'. The VPS marked is overcrowded and very
> > > competitive - I would not want to compete with that. I want to compete
> > > with companies that offer hosting, but do not provide the software
> > > stack. I also want people to have access to their own VPS. That is the
> > > ethical part.
> > 
> > Okay, then I do not understandand completely where you are going with this.
> > For a hosted service you need a host first. Do you want to offer consulting
> > work, so that this can be deployed at service (which furthermore would
> > require some legal annoyance), as a service? In other words, some of us
> > probably to cover the legal part with a contract at Guix Europe e.v. (if
> > the registered association law in France works similar to the ones in 
> > Germany)
> > will set up services on demand for interested people and organizations?
> 
> This is one example for hosting mailman: https://www.mailmanhost.com/.
> They host it on some other VPS service.
> 
> What I want to do is provide something similar with a slick web
> interface where people click on a service, say a VPS with mailman,
> configure it and launch it on a VPS hoster of their choice - we can
> offer multiple solutions on multiple hosting parties. Then the client
> has a running and configured server. We charge a fee on top of the VPS
> fee.
> 
> No consulting required unless something goes wrong. So we need to
> probably factor in monitoring and minimal support for paying clients.

Okay, thanks for making it more clear.

> That is the general idea. Guix Europe is a non-profit, I don't think
> that would be a suitable vehicle. Better to set up a limited liability
> company when dealing with clients.

(I am not a lawyer, and I haven't read every bit and piece of the German 
Vereinsrecht
so far)
With a registered non-profit under the Vereinsrecht in Germany it would not
conflict with the non-profit status as long as the work supports the mission
and structures of Guix Europe.
I haven't read the charta of GE in a while and haven't compared the two 
countries.

> I believe in fairness, so we'd have to come up with a way of
> distributing any income fairly and giving some back to Guix. But that
> is a separate discussion with the people who want to do this. That
> does probably not belong on the mailing list. It needs thought.

It's difficult. Maybe where you have your permanent residence it is easier,
I've had some expedition into legal entities in Germany for the last few
weeks with the result that I delayed it for now (TL;DR: get professional
advice offered by the state). Still some useful outcome in the process,
you can contact me off list if you are interested.

> The software is all FOSS, so anyone can fork of any time and start a
> business. If we make some money together or separately that is
> cool because we can sustain our efforts that way. Be nice to share
> knowledge, build up on that, and grow Guix.
> 
> Anyway, just an idea that may or may not work.
> 
> Pj.
> 

-- 
PGP and more: https://people.pragmatique.xyz/ng0/

Re: Idea: 'ethical hosting' [formerly mailman service (free for FOSS projects)]

[Pjotr Prins]

On Tue, Apr 18, 2017 at 06:11:41PM +, ng0 wrote:
> > I don't think we should offer VPS (at first). But we can offer the
> > choice of using other VPS'. The VPS marked is overcrowded and very
> > competitive - I would not want to compete with that. I want to compete
> > with companies that offer hosting, but do not provide the software
> > stack. I also want people to have access to their own VPS. That is the
> > ethical part.
> 
> Okay, then I do not understandand completely where you are going with this.
> For a hosted service you need a host first. Do you want to offer consulting
> work, so that this can be deployed at service (which furthermore would
> require some legal annoyance), as a service? In other words, some of us
> probably to cover the legal part with a contract at Guix Europe e.v. (if
> the registered association law in France works similar to the ones in Germany)
> will set up services on demand for interested people and organizations?

This is one example for hosting mailman: https://www.mailmanhost.com/.
They host it on some other VPS service.

What I want to do is provide something similar with a slick web
interface where people click on a service, say a VPS with mailman,
configure it and launch it on a VPS hoster of their choice - we can
offer multiple solutions on multiple hosting parties. Then the client
has a running and configured server. We charge a fee on top of the VPS
fee.

No consulting required unless something goes wrong. So we need to
probably factor in monitoring and minimal support for paying clients.

That is the general idea. Guix Europe is a non-profit, I don't think
that would be a suitable vehicle. Better to set up a limited liability
company when dealing with clients.

I believe in fairness, so we'd have to come up with a way of
distributing any income fairly and giving some back to Guix. But that
is a separate discussion with the people who want to do this. That
does probably not belong on the mailing list. It needs thought.

The software is all FOSS, so anyone can fork of any time and start a
business. If we make some money together or separately that is
cool because we can sustain our efforts that way. Be nice to share
knowledge, build up on that, and grow Guix.

Anyway, just an idea that may or may not work.

Pj.

Re: Idea: 'ethical hosting' [formerly mailman service (free for FOSS projects)]

[ng0]

Pjotr Prins transcribed 2.2K bytes:
> Continuing this train of thought: there is actually a business case
> for something like ethical hosting. For us it is 'easy' to create
> services such as mail servers with IMAP and web front-end, mail-main
> servers, wikimedia servers etc. But it is not easy for everyone, And
> it is certainly not easy to get it right, i.e., setup and security.
> 
> Individuals and companies are willing to pay for VPS, and I am sure
> they are willing to pay for a full FOSS stack deployable on a VPS.
> There is added value and therefore money. 
> 
> With Guix we can make configurable deployments that gives people to
> deploy anywhere. I know many companies and organisations (such as
> universities!) outsource their mail servers to companies such as
> google and Microsoft. They ought to be getting concerned about
> privacy, not least because of recent changes in American law - let
> alone those that operate in less lawful countries.
> 
> It is too much to achieve for one person, but I think if we can get a
> number of people together we can turn Guix work into cash. Mailman
> would be a good start. Next a configurable mail server with webmail to
> compete with gmail and protonmail?
> 
> On Tue, Apr 18, 2017 at 11:18:14AM +, ng0 wrote:
> > Good and interesting idea, if you have the money.
> > I prefer to work on snippets and instructions, deploying more servers
> > than necessary isn't an option for myself at the moment.
> 
> I don't think we should offer VPS (at first). But we can offer the
> choice of using other VPS'. The VPS marked is overcrowded and very
> competitive - I would not want to compete with that. I want to compete
> with companies that offer hosting, but do not provide the software
> stack. I also want people to have access to their own VPS. That is the
> ethical part.

Okay, then I do not understandand completely where you are going with this.
For a hosted service you need a host first. Do you want to offer consulting
work, so that this can be deployed at service (which furthermore would
require some legal annoyance), as a service? In other words, some of us
probably to cover the legal part with a contract at Guix Europe e.v. (if
the registered association law in France works similar to the ones in Germany)
will set up services on demand for interested people and organizations?

> > Mantioning mailman and GuixSD: We'd first need to get all of Mailman
> > packaged. 2/3 parts are still missing, I have started to work on hyperkitty
> > but if you are interested and willing to continue it would be nice.
> 
> Yes. postfix we also need.

But we do have OpenSMTPD and Dovecot, which is enough already to make Postfix
not an blocking issue. All I know about Mailman is that it needs some MTA.
My only contact with it so far was administration and packaging.

> 
> > Afterwards we would need a system service, and then it would be good
> > to try this out in the wild (or intranet) to see what can be done to
> > run this service (and all connected ones) in a container.
> 
> Aye, Guix rocks so much it hurts ;).
> 
> Pj.
> 
> -- 
> 

-- 
PGP and more: https://people.pragmatique.xyz/ng0/