237af3db3fd15c2f7f790443baecadce803cdd49 — Jakub Pastuszek 1 year, 9 months ago 654d9e0
work on new post idea
1 files changed, 102 insertions(+), 0 deletions(-)

A content/web-hosting-protocols.md
A content/web-hosting-protocols.md => content/web-hosting-protocols.md +102 -0
@@ 0,0 1,102 @@
title = "TBD"

tags = []
categories = []

image = "../wip.jpg"
image_alt = "Work in progress"

# Hosting web application/sites

In a perfect worl, I could just grab any PC, plug it in and run a website - all for free, with no hassle and no risk.

We are not there because of fundamental issues:

## Risk

* C programming language on von Neumann architecture
* complex OSes
* vunlrealable machines

This risks result in entrenched client-server model where it is far too risky to just expose a computer to the internet directly.

The way we mitigate this risks are:

On the server side:

* dedicated hardware
* dedicated software, with strict update cycles
* minimal exposure (attac surface)
* dedicated hosting environment with network partitioning (datacenters)
* backups, high avaliability, configuration management, change requests etc.
* professional administrators
* etc.

On the client side:

* firewall/NAT preventing computers from the internet (servers and other client computers) from directly communicating with client
* forced software updates
* forced obsolecens
* lock down of hardware and software
* removal of customization and features
* move of data to centralized services (servers)
* etc.

# Problem

This client/server partition is difficult to breach for non-professional server administrators.

# Solustions

## Fix the world

We would need:

* use of new hardware architecture or at least high-assurance software architecture, e.g.:
  * micro kernels
  * safe systems programming languages used for software stack from embedded to OS, libraries, e.g. Rust
  * safe programming languages with solid fundations build on top of the safe systems programming language for the web applicaitons
* flat network space
  * IPv6
  * no NAT (diode) style firewalls
  * trivial peer-to-peer
* better naming like system (DNS)
  * trivial way of naming things
  * content addressable netowrks
  * distributed naming of mutable states

## Automation with well defined and established protocols

We are missing well defined protocols for provisioning web servers.


1. Provision computing resources (CPU + RAM) and hosting (network)
2. Provision OS and web application dependencies, webserer etc.
3. Deploy the web application/site
4. DNS setup:
  1. Register domain
  2. Provision records
5. Get TLS certificate
6. Notifications - email
7. Payments for the above
8. Managing updates
9. Backups
10. High availability, scacling
11. Firewall, throttling, DDoS protections

All of this steps should have well established management protocols so all steps could be automated.
Obviously the protocols need to be open and have many implementations to choose from.

This should include payments as well:

* DNS will have recurring yearly payments
* TLS certificate may have payments
* computing resources will have variable recurring payments
* it should be possible to pay for OS and web application as well
* there may be a community behind this that you want to support