Re: An evil idea :-)

[Marcel Waldvogel]

Gabor,

so, please call me Mr. Evil ;-)

A few weeks ago, I set up a simple Nginx load balancer (two lines with https-portal[1]) statically seeded with the nodes that were in the pool at that time for test purposes. It randomly returns the status page of one of the backend servers, though, but that could be easily changed.

I wasn't as evil-minded to start faking a pool that would gradually fake an increasing delta of keys against the "real" keys. Kudos for that! ;-)

(The idea was triggered by the general unreliability of pool members. I think we need to work on that. And also spam, trust, GDPR compliance, and RTBF; but these are topics for a different thread.)

Greetings,

-Marcel

PS: Even if you are just load-balancing your own servers, you might include the following line into your Nginx load balancer config ("non_idempotent" is fine, as even the POST requests that modify anything, notably /pks/add, are in fact idempotent):

proxy_next_upstream error timeout http_500 http_502 http_503 http_504 http_404 http_429 non_idempotent;

[1] https://github.com/SteveLTN/https-portal

On Mon, 2021-03-22 at 21:08 +0100, Kiss Gabor (Bitman) wrote:

One can decide to setup a proxy server without any own backend
but redirecting queries to some of the existing servers.
No one would recognize the cheating. :-)

Gabor
-- 
"Virgil Brigman back on the air" (Abyss)