1abad93646
Two issues in TlsListener::poll_accept: 1. No timeout on TLS handshakes: LazyConfigAcceptor waits indefinitely for ClientHello. Attackers that complete TCP handshake but never send TLS data create zombie futures in `in_progress` that never complete. Fix: wrap the entire handshake in tokio::time::timeout(15s). 2. Missing waker on new-connection pending path: when a TCP connection is accepted and the TLS handshake is pending, poll_accept returned Pending without calling wake_by_ref(). Since the TcpListener returned Ready (not Pending), no waker was registered for it. With edge- triggered epoll and no other wakeup source, the task sleeps forever and remaining connections in the kernel accept queue are never drained. Fix: add cx.waker().wake_by_ref() so the task immediately re-polls and continues draining the accept queue.
StartOS
What is StartOS?
StartOS is an open-source Linux distribution for running a personal server. It handles discovery, installation, network configuration, data backup, dependency management, and health monitoring of self-hosted services.
Tech stack: Rust backend (Tokio/Axum), Angular frontend, Node.js container runtime with LXC, and a custom diff-based database (Patch-DB) for reactive state synchronization.
Services run in isolated LXC containers, packaged as S9PKs — a signed, merkle-archived format that supports partial downloads and cryptographic verification.
What can you do with it?
StartOS lets you self-host services that would otherwise depend on third-party cloud providers — giving you full ownership of your data and infrastructure.
Browse available services on the Start9 Marketplace, including:
- Bitcoin & Lightning — Run a full Bitcoin node, Lightning node, BTCPay Server, and other payment infrastructure
- Communication — Self-host Matrix, SimpleX, or other messaging platforms
- Cloud Storage — Run Nextcloud, Vaultwarden, and other productivity tools
Services are added by the community. If a service you want isn't available, you can package it yourself.
Getting StartOS
Buy a Start9 server
The easiest path. Buy a server from Start9 and plug it in.
Build your own
Install StartOS on your own hardware. Follow one of the DIY guides. Reasons to go this route:
- You already have compatible hardware
- You want to save on shipping costs
- You prefer not to share your physical address
- You enjoy building things
Build from source
See CONTRIBUTING.md for environment setup, build instructions, and development workflow.
Contributing
There are multiple ways to contribute: work directly on StartOS, package a service for the marketplace, or help with documentation and guides. See CONTRIBUTING.md or visit start9.com/contribute.
To report security issues, email security@start9.com.