💾 Archived View for zaibatsu.circumlunar.space › ~solderpunk › phlog › hey-you-host-something.txt captured on 2022-04-29 at 12:47:33.

View Raw

More Information

⬅️ Previous capture (2020-09-24)

➡️ Next capture (2023-03-20)

-=-=-=-=-=-=-

Hey you!  Host something!
-------------------------

Following on from my previous post, about many small "pubnix" systems
being better than a few monoliths, and about spreading your services
out across many providers to minimise the burden represented by
walking away from communities gone bad:  if you are interested in "all
this stuff" and you want to do something concrete to make the online
world a better place, I think the single best thing you can do is to
host some free service - webspace, gopherspace, email, XMPP, Mastodon
whatever.  It doesn't have to be the most professional, reliable thing
in the world.  But do your best (you'll learn a lot) and most
importantly just don't be evil.  The big companies have set the bar
very low here, it's not hard to do a better job.  The more community
offerings there are, the easier it is for people to spread themselves
around.

Doing this is easier than ever before, thanks to cheap VPSes (and, of
course, dedicated free software authors who have spent decades build
kick ass tools), but there's still a big psychological barrier.  Often
the biggest concern is not wanting to deal with potentially bad users.
People are, perhaps rightly, scared about offering shell access,
because their users might try to hack the server and cause mischief.
People are, pehaps rightly, scared about offering email because their
users might send spam.  These risks probably put a lot of people off
who would otherwise give this a try.  Here are some tips to take the
edge off:

Regarding webspace and gophespace - you can do this by giving your
users very little access to the server.  You do *not* have to give
them shell access.  In the old days, this was achieved using FTP.
Nowadays, you can do it with SFTP.  The OpenSSH server has options so
that you can configure users in a particular group to only have sftp
access (this is how the Zaibatsu works, at least initially).  This
doesn't even use a potentially exploitable user shell to launch a
potentially exploitable third party SFTP server.  There is an SFTP
server built right into the OpenSSH daemon.  Frankly, there are few
teams you can trust more than the OpenSSH devs to deliver secure
software.  This is a very secure way to offer somebody access to a
home directory that you can then serve.  Make the home directory
non-executable, and use a server that doesn't support CGI or anything
else like that: static content only.  This is a very low risk hosting
operation that you should not lose sleep running, but people can
still do great things with it.

Regarding email - I think an interesting idea that I've never seen
before to is to offer a kind of restricted email based around
whitelists.  I've been considering trialing this at the Zaibatsu,
where email is currently local only (precisely because of not wanting
the hassle of filtering incoming spam, or having to deal with spam
coming from users I gave shell access to but should not have, plus the
hassle of ensuring deliverability to receipient mailservers run by
admins who are very suspicious of people not using Gmail).  It seems
like it would be pretty easy to use a combination of Postfix settings
and firewall rules to provide a pretty strong guarantee that email
will only come in from and go out to specific other servers - say SDF,
Grex, and the tildeverse servers.  This is obviously a lot less useful
than full blown email, but I think it's also a long way away from
being useless.  Most of the people I converse with under my solderpunk
pseudonym are members of some pubnix or another.  An email address I
could only use to talk to them would still be somewhat valuable.  The
big bonus compared to offering full email service is that such a
system is a very unattractive target for spammers to abuse, because
99.99% of the email addresses on their spam lists will be at Gmail or
Hotmail or Yahoo and they will not be delivered, and is very unlikely
to receive a lot of spam because, hopefully, most pubnixes are
sufficiently well run that their users cannot blast spam through them.
If problems do arise, they can hopefully be sorted out by quick,
direct communication between fellow admins.

So, there are ways to offer "lite" versions of many services which
reduce the risk of offering free hosting much more than they reduce
the utility of the service.  So what are you waiting for?  Host
something!