@@ 0,0 1,102 @@
title = "TBD"
tags = 
categories = 
image = "../wip.jpg"
image_alt = "Work in progress"
# Hosting web application/sites
In a perfect worl, I could just grab any PC, plug it in and run a website - all for free, with no hassle and no risk.
We are not there because of fundamental issues:
* C programming language on von Neumann architecture
* complex OSes
* vunlrealable machines
This risks result in entrenched client-server model where it is far too risky to just expose a computer to the internet directly.
The way we mitigate this risks are:
On the server side:
* dedicated hardware
* dedicated software, with strict update cycles
* minimal exposure (attac surface)
* dedicated hosting environment with network partitioning (datacenters)
* backups, high avaliability, configuration management, change requests etc.
* professional administrators
On the client side:
* firewall/NAT preventing computers from the internet (servers and other client computers) from directly communicating with client
* forced software updates
* forced obsolecens
* lock down of hardware and software
* removal of customization and features
* move of data to centralized services (servers)
This client/server partition is difficult to breach for non-professional server administrators.
## Fix the world
We would need:
* use of new hardware architecture or at least high-assurance software architecture, e.g.:
* micro kernels
* safe systems programming languages used for software stack from embedded to OS, libraries, e.g. Rust
* safe programming languages with solid fundations build on top of the safe systems programming language for the web applicaitons
* flat network space
* no NAT (diode) style firewalls
* trivial peer-to-peer
* better naming like system (DNS)
* trivial way of naming things
* content addressable netowrks
* distributed naming of mutable states
## Automation with well defined and established protocols
We are missing well defined protocols for provisioning web servers.
1. Provision computing resources (CPU + RAM) and hosting (network)
2. Provision OS and web application dependencies, webserer etc.
3. Deploy the web application/site
4. DNS setup:
1. Register domain
2. Provision records
5. Get TLS certificate
6. Notifications - email
7. Payments for the above
8. Managing updates
10. High availability, scacling
11. Firewall, throttling, DDoS protections
All of this steps should have well established management protocols so all steps could be automated.
Obviously the protocols need to be open and have many implementations to choose from.
This should include payments as well:
* DNS will have recurring yearly payments
* TLS certificate may have payments
* computing resources will have variable recurring payments
* it should be possible to pay for OS and web application as well
* there may be a community behind this that you want to support