symlink | misc | Cluenet

Cluenet.org was a community of computer enthusiasts and other users who came together, pooled resources, and created a distributed infrastructure of servers and services. In other words, it was a "shell account" site. (Not to be confused with the ClueNet.DE ISP, which was run by different people.)

Though the website still exists and some infrastructre is remaining, the project in general had been slowly dying for many years and is now officially closed.

Archived sites:

History

What I remember, or have gathered from logs:

somewhere 2004–2005
Chules.Net shell service is created, with w00t.chules.net as a server, later secant.chules.net
somewhere in 2006
clueirc.net is created; #chules.net and #clueirc exist on clueirc.net
Jan 2007
cluenet.org registered, #clueirc created again.
2007 to 2010
The ClueNet shell network is born, connecting ~5 to 10 shell servers at any given moment, along with various extra services. The signup procedure is a bit stricter than elsewhere, but generally #clueirc consists of 100–200 people, plus some in the semi-related Arbelos Services channel.
around 2009–2010
Cobi introduces a new, more granular signup procedure; instead of answering a single 5–6 question application, it is split to individual "requirements", each of which is voted individually. Nobody bothers to vote, and the queue only gets longer.
2009 to 2011
Slowly, people start leaving. Some grow up, some get bored, others don't need the service anymore. New people sometimes come in, but get scared of the "new & improved" bureaucratic signup procedure. Shell servers go down, often without announcement.
Oct 2012
Activity on IRC suddenly drops rapidly, from ~20k messages in September, to ~8k the next month, and doesn't recover anymore (barely reaching ~5k per month afterwards).
2011 to present
The only remaining 'service' is #clueirc (although grawity still keeps LDAP & Kerberos running). Approx. 5 active members and 30 persistent lurkers.
Apr 2017
Nothing has changed since 2012 – the Cluenet project is effectively dead.
May 2018
The final shutdown of remaining core infrastructure (i.e. LDAP and Kerberos), which until this point had been running on Nullroute servers. There were 481 user accounts total.
Sep 2019
The final shutdown of Cluenet IRC servers hosting #clueirc, the last remaining service that still was online (and only barely).

Infrastructure

A snapshot of an old draft summarizing the Cluenet infrastructure:

ClueIRC

ClueIRC is the IRC component of Cluenet. To get a Cluenet account, IRC participation is required, to strengthen the community.

User authentication

Most services authenticate against Kerberos 5. Services incapable of Kerberos can authenticate by binding to the LDAP server.

User database

User accounts are kept in an LDAP server. Most servers run their own LDAP mirrors using OpenLDAP's syncrepl.

Authorization

"Old" authorization mechanism: authorizedService and/or host attributes on user's LDAP entry, checked by Debian's pam_ldap in default configuration. Still used for some services, but considered too inflexible for shell server access.

"New" mechanism as of 2009 – separate ACLs for each server/service pair in LDAP at cn=service,cn=svcAccess,cn=fqdn,ou=servers,dc=cluenet,dc=org, checked by nss-pam-ldapd.

VPN

Most Cluenet servers are part of ClueVPN, a mesh VPN using the cluevpn software written by Crispy. For those unable or unwilling to run cluevpn, Equal runs an OpenVPN server. The VPN is IPv4-only, since it's primary purpose is to get around problems created by servers being behind NATs; the biggest ones being lack of reverse DNS (required by Kerberos) and messy port-forwarding.

The VPN uses addresses in 10.156.0.0/16 space, and allocation is managed through the Cluenet website. OpenVPN gateway uses 10.156.210.0/24.

~grawity, Oct 2019