💾 Archived View for zaibatsu.circumlunar.space › ~solderpunk › phlog › hey-you-host-something.txt captured on 2022-04-29 at 12:47:33.
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
Hey you! Host something! ------------------------- Following on from my previous post, about many small "pubnix" systems being better than a few monoliths, and about spreading your services out across many providers to minimise the burden represented by walking away from communities gone bad: if you are interested in "all this stuff" and you want to do something concrete to make the online world a better place, I think the single best thing you can do is to host some free service - webspace, gopherspace, email, XMPP, Mastodon whatever. It doesn't have to be the most professional, reliable thing in the world. But do your best (you'll learn a lot) and most importantly just don't be evil. The big companies have set the bar very low here, it's not hard to do a better job. The more community offerings there are, the easier it is for people to spread themselves around. Doing this is easier than ever before, thanks to cheap VPSes (and, of course, dedicated free software authors who have spent decades build kick ass tools), but there's still a big psychological barrier. Often the biggest concern is not wanting to deal with potentially bad users. People are, perhaps rightly, scared about offering shell access, because their users might try to hack the server and cause mischief. People are, pehaps rightly, scared about offering email because their users might send spam. These risks probably put a lot of people off who would otherwise give this a try. Here are some tips to take the edge off: Regarding webspace and gophespace - you can do this by giving your users very little access to the server. You do *not* have to give them shell access. In the old days, this was achieved using FTP. Nowadays, you can do it with SFTP. The OpenSSH server has options so that you can configure users in a particular group to only have sftp access (this is how the Zaibatsu works, at least initially). This doesn't even use a potentially exploitable user shell to launch a potentially exploitable third party SFTP server. There is an SFTP server built right into the OpenSSH daemon. Frankly, there are few teams you can trust more than the OpenSSH devs to deliver secure software. This is a very secure way to offer somebody access to a home directory that you can then serve. Make the home directory non-executable, and use a server that doesn't support CGI or anything else like that: static content only. This is a very low risk hosting operation that you should not lose sleep running, but people can still do great things with it. Regarding email - I think an interesting idea that I've never seen before to is to offer a kind of restricted email based around whitelists. I've been considering trialing this at the Zaibatsu, where email is currently local only (precisely because of not wanting the hassle of filtering incoming spam, or having to deal with spam coming from users I gave shell access to but should not have, plus the hassle of ensuring deliverability to receipient mailservers run by admins who are very suspicious of people not using Gmail). It seems like it would be pretty easy to use a combination of Postfix settings and firewall rules to provide a pretty strong guarantee that email will only come in from and go out to specific other servers - say SDF, Grex, and the tildeverse servers. This is obviously a lot less useful than full blown email, but I think it's also a long way away from being useless. Most of the people I converse with under my solderpunk pseudonym are members of some pubnix or another. An email address I could only use to talk to them would still be somewhat valuable. The big bonus compared to offering full email service is that such a system is a very unattractive target for spammers to abuse, because 99.99% of the email addresses on their spam lists will be at Gmail or Hotmail or Yahoo and they will not be delivered, and is very unlikely to receive a lot of spam because, hopefully, most pubnixes are sufficiently well run that their users cannot blast spam through them. If problems do arise, they can hopefully be sorted out by quick, direct communication between fellow admins. So, there are ways to offer "lite" versions of many services which reduce the risk of offering free hosting much more than they reduce the utility of the service. So what are you waiting for? Host something!