Show newer

The "no free tier" is probably OK because it fits with the mantra that "if you're not the customer, you're the product", which is part of the point of Dropserver.

Forcing people to use their own domains is also probably OK in the short term: I expect early users to be developers and generally the kind of people who have a few domains laying around not being used. But in the long term, for wide use, that will not be so true. But I'll cross that bridge when I get there. If I get there ๐Ÿ˜…

Show thread

If I run a hosted Dropserver service, here is how I hope to prevent most of these problems:

- no free tier.
- you must use your own domain
- i may even wrap all sites in an iframe that makes it clear this is not a bank or a big corp or whatever.

I hope the first two will be enough. I already know that will severely limit who signs up, which is unfortunate. But I'd rather be alive with a few customers than black listed with a bunch of free accounts.


Show thread

Some phishing scam is using to create the fake login page for Microsoft account.

This is a huge concern for . Just like Glitch, you can create just about anything and host it. Since I want there to be hosted versions of DS, how to prevent it being used for nefarious purposes is preoccupying.

Link to birdsite thread where I found this:

Thoughts on prevention below ๐Ÿ‘‡

Something I find odd about the Net today:

I'm troubleshooting an Indieauth problem and tailing the web server logs to do it, and there is a shit-ton of bots and web scrapers crawling over my site pretty much constantly.

My question is this: If there are so many web indexers running around out there, where are their corresponding search engines?

I ran down a few of them and they're supposedly experimental web crawlers, but if there are search engines to query the indexes of they're really well hidden.

@natecull @teleclimber

> what behaviour and "mode of speech" was acceptable and what wasn't
๐Ÿฌ I recently attended a lecture that touched on this topic. Thoughts in the linked thread (will finish future posts after hitting TOOT! on this one). ๐Ÿฌ

The reason I see this as important is people can't resist the urge to share something to point out how bad it is. But the result is more amplification.

Meanwhile the more restrained types are seeing this and all they can do is yell at their phone "why did you share this!?". If they had the ability to influence their follower's timeline by subtracting posts, they could do a lot of good.

Of course I have no idea what to do if some followers boost and others suppress? Most of either wins?

Show thread

I just realized that something a healthy social network would have is the ability to silence a post. I real life social situations you can tell people to shut up. It's part of the social norm in some form it another.

On social networks you can only amplify. You can of course mute or block, but that only affects you. Re-shares / boosts affect your followers. How come i can't "de-share"? Enough de shares and the post is no longer shown. (Or something like that. Not clear how this actually works)

A positive rather than negative vision for the "Small Web" or even beyond (the "Web of Social Trust" maybe?)

I want to see free tools for creating low-cost decentralised digital communities which:

* are robust against cyber-attacks
* are robust against insincere influencers and well-funded corporate buyouts
* are robust against government crackdowns and social panics
* are robust against their own members abusing each other or being swept into hatreds and panics
* help people be smart and kind

>It's only one minute long, but this CCTV footage has a better narrative and more compelling character arcs than most of the arthouse films I've seen

I should also point out that DS has a static file server, so not all requests trigger the sandbox.

Also if a route requires authentication, the sandbox is not started until auth is checked. that way only authenticated users can trigger the sandbox.

(Triggering the sandbox being, as expected, the costliest of ops.)

Show thread

So that's why I'm super determined to make Dropserver capable of start-stop for all apps. Fast starts, clean stops, and clear out resources.

With that, a modest machine could serve hundreds of apps. Not simultaneously of course, but there are many use cases for occasional-use apps.

Show thread

Imagine you have an app where you enter whether you are consuming meat with each meal to help you cut down on meat intake.

You'll probably use it three times a day to enter data, and once in a while for a few minutes to check on progress.

Let's say that's 5 minutes of use total per day. Or 0.34% of the day!

That means your resources could be used for other services 99.66% of the time!

If this were a regular node or go app, whatever RAM it consumed would just be wasted.

Show thread

I haven't implemented all of it, but in theory pretty much all traces of an appspace could be vacated from memory, open file descriptors, etc...

Sandbox stops, routes cleared from memory, logs closed, caches cleared, etc... The only thing left is the appspaces table, which maps the domain of an incoming request to its appspace. That's it.

Sure it might take some time (maybe tens or hundreds of ms) to wake up an appspace, but that's a small price to pay for all the resources you get back.

Show thread

One big characteristic of Dropserver apps is that they are "start-stop". Meaning that there is no app code that runs continuously on the server. Instead Dropserver starts a sandbox when needed, and stops it when no longer needed.

That way limited resources (memory) can be used by more apps over time.

In the notional graph below RAM is used cumulatively by three services, leading to memory exhaustion.

With Ds, each service runs for a bit then vacates, resulting in plenty of head room.

@FiXato @natecull I looked it up, and of course other people have already decided what Web 4.0 is. Apparently it's IOT and AI, leading to 5.0 being brain implants and the Singularity. Presumably all floating over the corporate dragnets of 2.0 and the Blockchain oilspill of 3.0.

Small Web is good, though. Bad people usually don't want to be small.

What I find most disturbing about NFTs is how it completely takes over your personality, like becoming a TERF, or falling down the QAnon rabbit hole. Whatever this guy was before, now he's just someone who buys NFTs. It's all he posts about. Now he'll drag his company with him.

Show thread

Made a rough diagram of how the request and data flow in Dropserver, for a given appspace. Some stuff is left out and simplified naturally. Will probably need to fine-tune before I integrate this in the docs site.

Also people who chose #FreeSoftware and promoted it for free of cost is now at a loss to explain because self hosting is not free of cost and it has ongoing maintenance cost. Also people trying replicate classroom experience online after covid-19 is also at a loss because we can't compete with google meet on cost. Another aspect is the need to be an activist even to be a user. In desktop, only a personal choice is enough, but that is not sufficient for networked software.

ds-dev exists to help develop Dropserver apps. It watches app code and stops the sandbox, and reloads when things change. It also shows logs and anything else that can be useful when developing an app.

Now that the data models have been straightened out, a user interface redesign is in order. In due time. Looks like this right now: Controls, Users, App logs, Appspace logs, Migrations, Route hits, Router routes, all piled one after the other.

Cough.. **needs work**

Show thread
Show older

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!