Repeating the Web's Mistakes (was gemini+submit:// (was Re: Uploading Gemini content))

[Koushik Roy]

I also get paid to do a lot of networking and infrastructure related 
things for a tech company, so I understand where you're coming from when 
it comes to understanding that ISPs have restrictions in place due to 
good reasons (the amount of abuse on the net is staggering, and so much 
of my job deals with ways to serve legitimate traffic while not allowing 
abuse to impact our services/our users).

I also want to reiterate in this thread the importance of enabling users 
who wish to author gemini content on devices such as tablets and 
smartphones. Imagine a kid who doesn't even have access to a computer 
but has access to an aging smartphone or a feature phone. Or think of 
someone who lives in non-traditional housing (whether by choice or not) 
and travels a lot; for them a tablet may be a better option when it 
comes to space/weight/money. I think it is very important to enable 
users to author content no matter the device.

All that said, I'm not convinced that an in-band Gemini posting 
mechanism is the correct answer. I prefer a solution that involves the 
community standardizing around some other mechanism to upload content, 
and then building/popularizing apps (native or not) that use this 
mechanism. To make this more concrete, I can imagine a scenario where 
apps are built on top of FTPS to allow users to author content and then 
transparently have them appear in a Gemini capsule. Swap FTPS with one 
of many other mechanisms, such as SFTP, NNTPS, Email, what have you.

I just feel that overloading these sorts of concerns onto Gemini will 
lead to greater complexity in the protocol than would be desirable and 
turn off potential implementers of both servers and clients. I think the 
explosion we're seeing of software and content right now is directly 
attributable to how simple the spec is to understand and implement. 
Publishing-oriented clients can then bundle some sort of interface to 
this companion protocol and either shell out to a text editor or open a 
native text editing widget (or even work through some sort of 
Electron-style textbox). I realize that titan:// is a separate protocol, 
but I think something like Passive FTPS may be a better fit here.

- meff

On 6/13/20 6:22 PM, Sean Conner wrote:
> It was thus said that the Great Matthew Graybosch once stated:
>>
>> Let's be honest; it shouldn't be that hard to run a gemini daemon out
>> of a personal computer in your own home, whether it's your main desktop
>> or just a raspberry pi. The protocol is light enough that CPU and
>> memory usage should be next to nothing compared to Firefox or Chrome.
> 
>   ...
> 
>> I think the biggest problem, at least in the US, is that ISPs seem
>> hellbent on keeping residential internet users from using their
>> connections for anything but consumption.
> 
>    As someone who has worked for various ISPs and webhosting companies for
> most of my career, I think this slamming of IPSs is unwaranted.  And as
> someone who runs both a public server *and* a few services on my home
> network [1] there are some things you need to consider.
> 
> 1. Open servers are *attacked* at an alarming rate. At home, I run an sshd
> instance tha is open to the Internet [2].  I am currently blocking 2,520
> hosts that have attempted to log in via ssh.  That count is only over the
> past 30 days (technically, 30 days, 10 hours, 30 minutes, as that's the
> average month length over the year).  Not doing so means my machine will be
> constantly under login attempts.
> 
>    99% of all traffic to my webserver (on my actual public server) is
> automated programs, not actual humans.  Most are just webbots spidering my
> content, some are script kiddies looking for an exploit and some are just
> incompetently written programs that just blow my mind [3].  There's the
> wierd network traffic that just sucks up connections requests [4].  And then
> there's the *wierd* (and quite stressful) situations involving black-hat
> hackers [5].
> 
>    Then there's the issues with running UDP based services [6].  It's not
> pretty on the open Internet.
> 
> 2. If people could run a business server on their home connection, they
> would.  Then they'll bitch and moan about the service being slow, or can't
> the ISP do something about the DDoS attack they're under?  Even if they
> aren't and their service is just popular.  Or why their connection dropped?
> Never mind the power is out, why did my server loose connection?
> 
>    Or in self defense, the ISP cuts the connection because the home server is
> running a port scanner, participating in a botnet, or sending out spam
> emails because of an unpatched exploit in some server being run at home.
> 
> 3. Do people realize they'll need to basically firewall off their Windows
> boxes?  Seriously, the level of exploits on Windows is (was?) staggering and
> the number of services (like file sharing) it runs by default (because
> that's what the users want) it runs is *not* condusive to allowing a Windows
> box full access to the Internet.  The same can be said for Mac and Linux,
> but to a slightly lesser degree.
> 
> 4. It was email that poisoned home-run servers intially.  Spam increased
> dramatically during the late 90s/early 2000s to the point where it because a
> Byzantine nightmare to configure and run an email server due to SPF, DMARC
> and DKIM, along with greylisting and filtering of attachments.  Oh, and as a
> self-defense mechanism, nearly every ISP around the world will block
> incoming/outgoing TCP port 25 to home users.
> 
>> You've got to use a dynamic
>> DNS service like no-ip.com, and even if you manage that you might still
>> find yourself getting cut off over a TOS violation. People are
>> thoroughly conditioned toward using the internet as glorified cable TV,
>> and only expressing themselves on platforms they don't control.
> 
>    That is true too, but I suspect even *if* you could easily run a server at
> home, 99% would not even bother (or know what it is).
> 
>> Then there's DNS, domain names, ICAAN, etc. Maybe if we still used a
>> UUCP-style addressing scheme like
>> <country>.<province>.<city>.<neighborhood>.<hostname> it wouldn't
>> matter what I called my host as long as the hostname was unique to the
>> <neighborhood>. But instead we settled on <domain-name>.<tld>, which
>> needs to be administered by registrars to ensure uniqueness, and domain
>> registration is yet more sysadmin stuff that most people don't
>> necessarily have the time, skill, or inclination to deal with.
> 
>    There are groups working on alternative naming/routing schemes that don't
> require a global namespace.  It's not an easy problem.
> 
>    Also, at one time, domains under the .us domain were restricted to
> geographical names, like example.boca-raton.fl.us.  But they were free to
> register, and as far as I can tell, permanent.  The issue though, is that
> even under the <city>,<state>.us, you still need unique names, although it's
> a smaller area to worry about.
> 
>    I don't think you can do that anymore.  I went down that rabbit hole
> several months ago looking to register a geographical domain under .us and
> couldn't do it (or find out who controls the domains under
> boca-raton.fl.us).  Pitty, I was hoping to get a free domain registration
> for life.
> 
>> I would prefer that public hosts weren't necessary. I think that
>> everybody who wants to should be able to publish from their own device
>> without having to become a sysadmin. As long as operating a gemini
>> service remains the province of sysadmins, we're going to maintain the
>> division between haves (sysadmins) and have nots (people who can't or
>> don't want to sysadmin) that prevented the web from becoming (or
>> remaining) a democratic platform.
> 
>    Never underestimate the lack of giving a damn the general population have.
> I'm sure there are aspects of your life that you lack a damn about that
> other people think you should give more than a damn.
> 
>> This became something of a political rant, and I probably should have
>> put it on demifiend.org instead. Sorry if this doesn't belong here; I'm
>> posting this under a new subject so that it starts a new thread instead
>> of derailing the existing one.
> 
>    I think it's a conversation worth having, as it relates to how Gemini
> expands with new content.
> 
>    -spc
> 
> [1]	Disclaimer: I do pay extra for a static IPv4 address---at the time I
> 	needed it for my job, and now it's a "nice to have" and I can still
> 	afford it.  It's actually not that much over the stock price of
> 	service.
> 
> [2]	My router will forward ssh traffic to my main development system.
> 
> [3]	http://boston.conman.org/2019/07/09-12
> 	http://boston.conman.org/2019/08/06.2
> 
> [4]	http://boston.conman.org/2020/04/05.1
> 
> [5]	http://boston.conman.org/2004/09/19.1
> 
> [6]	http://boston.conman.org/2019/05/13.1
>