Same with EC2…. What’s your point, fam?
His point is the DO referral link front and center in the blog post, despite admitting that they also install a similar agent by default and both being easily removed by uninstalling the respective package.
DO make it an option when you create the VM (checkbox). That checkbox has a link with more information. (Or at least the last time I created a VM it was the case). In the case of azure, it’s not made clear unless you look and dig into documentation.
My point is that in both your submission title and in your blog post title you could replace Microsoft with Digital Ocean and they would both still be true:
“Linux on DigitalOcean? DO has root-access by default (do-agent)”
“Linux on DigitalOcean? Disable this built-in root-access backdoor (do-agent)”
I gave you the benefit of the doubt that these titles were not clickbait or meant to elicit FUD until I saw a referral link in the second paragraph before even getting to any real content. The only information preceding your referral link is a warning paragraph that, again, one could substitute the company you are referring and it would still be 100% true:
“Are you running Linux on DigitalOcean? Then by default anyone with access to your DO account can run commands as root in your VM, reset SSH keys, user passwords and SSH configuration. This article explains what the backdoor is, what it is meant to do, how it can be disabled and removed and what the implications are.”
I genuinely apologize if I’m wrong and your intentions were well-meaning, but the entire thing reads like thinly-veiled referral link blogspam. Please consider moving the referral link to the end of the post.
Edit: I am most likely jumping to conclusions based on a strong personal aversion to referral links. Thank you for taking the time to write this up and contribute content to lobste.rs. In the future I’ll be better about keeping my feedback constructive and free of snark.
This point was about azure because I recently discovered in azure. In a good way, we had a one off vm with no documentation or access, but it was doing a production thing. Using this “feature” of azure, I was able to access the vm quickly. No reboot, console, single user mode required, saved me a lot of time.
But as said, I don’t think that except of a group of tech people are aware of this feature. Yes cloud providers have access to your vm, but this is the easiest way (compared to shutting down, mounting a disk or taking a snapshot or other suggestions made in this topic.)
DO has the checkbox. Huge difference, ms has not, it’s just there. I get why, Not all people that have a server have the skills to manage it properly. Give them a web portal instead of a console and their happy.
For the referral links, it on all my articles. I’m still in the old scheme at DO, so instead of credits I get 25 dollars when a referral reached that in billing. It differs hugely, last few months it has been either nothing or 50 or 25. Not a goldmine. The Google ads make more “profit”, or at least a consistent number, also not above 100 if you’re wondering. Cash goes directly to the hosting and domains, plus things I write about on the site.
I do make it very clear that it is a ref link. In the link and in the picture. It’s on the top of the article instead of at the end because I don’t want to beg and disturb too much. My content is mostly guides, so people read until the end of the page. If they then leave, be my guest I hope the content has helped. The ads and link are on top, so when you’re “in the content”, I don’t bother. If you ever come back or take the time to scroll up and think, oh, this has helped, then maybe they see the link. My bounce rate is over 90 percent.
I’ve not considered that the placement makes it look “blogspammy”. Thank you for bringing it to my attention, I think I’m going to experiment with positions. Since my reasoning (explained above) did not take that into account, I don’t want to look like a spamblog, hate those myself as well
Take my knee-jerk reaction with a grain of salt. In light of a lot of negativity that’s been happening in this community I took a little time to introspect and comments like mine above just contribute to the problem. Your post had plenty of good detail and was informative to a lot of people. It wasn’t fair for me to accuse you of blogspam based on a few coincidental facts and a lot of speculation. I hope I haven’t deterred you from posting more content here in the future!
(unrelated, but I love your NES articles. Was poking around and saw you’re the guy behind that)
Thanks! I happened across https://nesdoug.com/ a few years ago and before I knew it I was deep in the rabbit hole.
I’ve been (very slowly and sporadically) working on a FOSS/FOSH Wi-Fi adapter that plugs into (and is powered by) the NES controller port (including firmware, protocol, 6502 assembly library with C headers, sample ROM, sample game server, and Mesen emulator plugin for those not lucky enough to have a working NES). It was a fun challenge (ab)using the CLK/OUT pins to send data from the NES in a way that doesn’t interfere with the other controller (there are a lot of weird quirks with shared pins, inverted logic, and even interference from the APU on the NTSC model). I have a very sloppy prototype that I’m hoping to get in a state worth sharing in the not too distant future, and plans (pipe dreams) to make a version that uses the expansion port, which would allow all kinds of performance optimization with direct access to the CPU data bus and being able to directly communicate with the cartridge via the expansion pins.
The extreme conclusion of this idea is a single cartridge that people can buy that would allow them to easily download and play homebrew NES games right on their original hardware without modifications. The cartridge could have a modern ARM CPU and a framework that abstracts the inner workings of the NES so people can easily write games in high-level languages like Lua, Python, or JS in addition to traditional ROMs.
I love the idea of resurrecting old technology and making it fun and accessible by mixing it with new technology. Thanks again for being understanding!
This is so cooool! X.X
None of these people actually need an agent in most cases, because people encrypting their root disks via a key that your provider doesn’t know is unfortunately pretty rare-and-difficult-to-do right now. They can just read it, yo.