💾 Archived View for rawtext.club › ~sloum › geminilist › 001646.gmi captured on 2020-09-24 at 01:44:38. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Sean Conner sean at conman.org
Sun Jun 14 02:22:15 BST 2020
- - - - - - - - - - - - - - - - - - -
It was thus said that the Great Matthew Graybosch once stated:
Let's be honest; it shouldn't be that hard to run a gemini daemon out
of a personal computer in your own home, whether it's your main desktop
or just a raspberry pi. The protocol is light enough that CPU and
memory usage should be next to nothing compared to Firefox or Chrome.
...
I think the biggest problem, at least in the US, is that ISPs seem
hellbent on keeping residential internet users from using their
connections for anything but consumption.
As someone who has worked for various ISPs and webhosting companies formost of my career, I think this slamming of IPSs is unwaranted. And assomeone who runs both a public server *and* a few services on my homenetwork [1] there are some things you need to consider.
1. Open servers are *attacked* at an alarming rate. At home, I run an sshdinstance tha is open to the Internet [2]. I am currently blocking 2,520hosts that have attempted to log in via ssh. That count is only over thepast 30 days (technically, 30 days, 10 hours, 30 minutes, as that's theaverage month length over the year). Not doing so means my machine will beconstantly under login attempts.
99% of all traffic to my webserver (on my actual public server) isautomated programs, not actual humans. Most are just webbots spidering mycontent, some are script kiddies looking for an exploit and some are justincompetently written programs that just blow my mind [3]. There's thewierd network traffic that just sucks up connections requests [4]. And thenthere's the *wierd* (and quite stressful) situations involving black-hathackers [5].
Then there's the issues with running UDP based services [6]. It's notpretty on the open Internet.
2. If people could run a business server on their home connection, theywould. Then they'll bitch and moan about the service being slow, or can'tthe ISP do something about the DDoS attack they're under? Even if theyaren't and their service is just popular. Or why their connection dropped? Never mind the power is out, why did my server loose connection?
Or in self defense, the ISP cuts the connection because the home server isrunning a port scanner, participating in a botnet, or sending out spamemails because of an unpatched exploit in some server being run at home.
3. Do people realize they'll need to basically firewall off their Windowsboxes? Seriously, the level of exploits on Windows is (was?) staggering andthe number of services (like file sharing) it runs by default (becausethat's what the users want) it runs is *not* condusive to allowing a Windowsbox full access to the Internet. The same can be said for Mac and Linux,but to a slightly lesser degree.
4. It was email that poisoned home-run servers intially. Spam increaseddramatically during the late 90s/early 2000s to the point where it because aByzantine nightmare to configure and run an email server due to SPF, DMARCand DKIM, along with greylisting and filtering of attachments. Oh, and as aself-defense mechanism, nearly every ISP around the world will blockincoming/outgoing TCP port 25 to home users.
You've got to use a dynamic
DNS service like no-ip.com, and even if you manage that you might still
find yourself getting cut off over a TOS violation. People are
thoroughly conditioned toward using the internet as glorified cable TV,
and only expressing themselves on platforms they don't control.
That is true too, but I suspect even *if* you could easily run a server athome, 99% would not even bother (or know what it is).
Then there's DNS, domain names, ICAAN, etc. Maybe if we still used a
UUCP-style addressing scheme like
<country>.<province>.<city>.<neighborhood>.<hostname> it wouldn't
matter what I called my host as long as the hostname was unique to the
<neighborhood>. But instead we settled on <domain-name>.<tld>, which
needs to be administered by registrars to ensure uniqueness, and domain
registration is yet more sysadmin stuff that most people don't
necessarily have the time, skill, or inclination to deal with.
There are groups working on alternative naming/routing schemes that don'trequire a global namespace. It's not an easy problem.
Also, at one time, domains under the .us domain were restricted togeographical names, like example.boca-raton.fl.us. But they were free toregister, and as far as I can tell, permanent. The issue though, is thateven under the <city>,<state>.us, you still need unique names, although it'sa smaller area to worry about.
I don't think you can do that anymore. I went down that rabbit holeseveral months ago looking to register a geographical domain under .us andcouldn't do it (or find out who controls the domains underboca-raton.fl.us). Pitty, I was hoping to get a free domain registrationfor life.
I would prefer that public hosts weren't necessary. I think that
everybody who wants to should be able to publish from their own device
without having to become a sysadmin. As long as operating a gemini
service remains the province of sysadmins, we're going to maintain the
division between haves (sysadmins) and have nots (people who can't or
don't want to sysadmin) that prevented the web from becoming (or
remaining) a democratic platform.
Never underestimate the lack of giving a damn the general population have. I'm sure there are aspects of your life that you lack a damn about thatother people think you should give more than a damn.
This became something of a political rant, and I probably should have
put it on demifiend.org instead. Sorry if this doesn't belong here; I'm
posting this under a new subject so that it starts a new thread instead
of derailing the existing one.
I think it's a conversation worth having, as it relates to how Geminiexpands with new content.
-spc
[1] Disclaimer: I do pay extra for a static IPv4 address---at the time I needed it for my job, and now it's a "nice to have" and I can still afford it. It's actually not that much over the stock price of service.
[2] My router will forward ssh traffic to my main development system.
[3] http://boston.conman.org/2019/07/09-12 http://boston.conman.org/2019/08/06.2
[4] http://boston.conman.org/2020/04/05.1
[5] http://boston.conman.org/2004/09/19.1
[6] http://boston.conman.org/2019/05/13.1