Repeating the Web's Mistakes (was gemini+submit:// (was Re: Uploading Gemini content))

Sean Conner sean at conman.org
Sun Jun 14 02:22:15 BST 2020


It was thus said that the Great Matthew Graybosch once stated:
> 
> Let's be honest; it shouldn't be that hard to run a gemini daemon out
> of a personal computer in your own home, whether it's your main desktop
> or just a raspberry pi. The protocol is light enough that CPU and
> memory usage should be next to nothing compared to Firefox or Chrome. 

 ... 

> I think the biggest problem, at least in the US, is that ISPs seem
> hellbent on keeping residential internet users from using their
> connections for anything but consumption. 

  As someone who has worked for various ISPs and webhosting companies for
most of my career, I think this slamming of IPSs is unwaranted.  And as
someone who runs both a public server *and* a few services on my home
network [1] there are some things you need to consider.

1. Open servers are *attacked* at an alarming rate. At home, I run an sshd
instance tha is open to the Internet [2].  I am currently blocking 2,520
hosts that have attempted to log in via ssh.  That count is only over the
past 30 days (technically, 30 days, 10 hours, 30 minutes, as that's the
average month length over the year).  Not doing so means my machine will be
constantly under login attempts.

  99% of all traffic to my webserver (on my actual public server) is
automated programs, not actual humans.  Most are just webbots spidering my
content, some are script kiddies looking for an exploit and some are just
incompetently written programs that just blow my mind [3].  There's the
wierd network traffic that just sucks up connections requests [4].  And then
there's the *wierd* (and quite stressful) situations involving black-hat
hackers [5].

  Then there's the issues with running UDP based services [6].  It's not
pretty on the open Internet.

2. If people could run a business server on their home connection, they
would.  Then they'll bitch and moan about the service being slow, or can't
the ISP do something about the DDoS attack they're under?  Even if they
aren't and their service is just popular.  Or why their connection dropped? 
Never mind the power is out, why did my server loose connection?

  Or in self defense, the ISP cuts the connection because the home server is
running a port scanner, participating in a botnet, or sending out spam
emails because of an unpatched exploit in some server being run at home.

3. Do people realize they'll need to basically firewall off their Windows
boxes?  Seriously, the level of exploits on Windows is (was?) staggering and
the number of services (like file sharing) it runs by default (because
that's what the users want) it runs is *not* condusive to allowing a Windows
box full access to the Internet.  The same can be said for Mac and Linux,
but to a slightly lesser degree.

4. It was email that poisoned home-run servers intially.  Spam increased
dramatically during the late 90s/early 2000s to the point where it because a
Byzantine nightmare to configure and run an email server due to SPF, DMARC
and DKIM, along with greylisting and filtering of attachments.  Oh, and as a
self-defense mechanism, nearly every ISP around the world will block
incoming/outgoing TCP port 25 to home users.

> You've got to use a dynamic
> DNS service like no-ip.com, and even if you manage that you might still
> find yourself getting cut off over a TOS violation. People are
> thoroughly conditioned toward using the internet as glorified cable TV,
> and only expressing themselves on platforms they don't control.

  That is true too, but I suspect even *if* you could easily run a server at
home, 99% would not even bother (or know what it is).

> Then there's DNS, domain names, ICAAN, etc. Maybe if we still used a
> UUCP-style addressing scheme like
> <country>.<province>.<city>.<neighborhood>.<hostname> it wouldn't
> matter what I called my host as long as the hostname was unique to the
> <neighborhood>. But instead we settled on <domain-name>.<tld>, which
> needs to be administered by registrars to ensure uniqueness, and domain
> registration is yet more sysadmin stuff that most people don't
> necessarily have the time, skill, or inclination to deal with.

  There are groups working on alternative naming/routing schemes that don't
require a global namespace.  It's not an easy problem.

  Also, at one time, domains under the .us domain were restricted to
geographical names, like example.boca-raton.fl.us.  But they were free to
register, and as far as I can tell, permanent.  The issue though, is that
even under the <city>,<state>.us, you still need unique names, although it's
a smaller area to worry about.

  I don't think you can do that anymore.  I went down that rabbit hole
several months ago looking to register a geographical domain under .us and
couldn't do it (or find out who controls the domains under
boca-raton.fl.us).  Pitty, I was hoping to get a free domain registration
for life.

> I would prefer that public hosts weren't necessary. I think that
> everybody who wants to should be able to publish from their own device
> without having to become a sysadmin. As long as operating a gemini
> service remains the province of sysadmins, we're going to maintain the
> division between haves (sysadmins) and have nots (people who can't or
> don't want to sysadmin) that prevented the web from becoming (or
> remaining) a democratic platform.

  Never underestimate the lack of giving a damn the general population have. 
I'm sure there are aspects of your life that you lack a damn about that
other people think you should give more than a damn.

> This became something of a political rant, and I probably should have
> put it on demifiend.org instead. Sorry if this doesn't belong here; I'm
> posting this under a new subject so that it starts a new thread instead
> of derailing the existing one.

  I think it's a conversation worth having, as it relates to how Gemini
expands with new content.

  -spc

[1]	Disclaimer: I do pay extra for a static IPv4 address---at the time I
	needed it for my job, and now it's a "nice to have" and I can still
	afford it.  It's actually not that much over the stock price of
	service.

[2]	My router will forward ssh traffic to my main development system.

[3]	http://boston.conman.org/2019/07/09-12
	http://boston.conman.org/2019/08/06.2

[4]	http://boston.conman.org/2020/04/05.1

[5]	http://boston.conman.org/2004/09/19.1

[6]	http://boston.conman.org/2019/05/13.1


More information about the Gemini mailing list