Notices by Olivier Forget (teleclimber@social.tchncs.de)

@10leej @ironicbadger Why do you say that? (it's the first time I hear about FUTO)

@fabrice @10leej @ironicbadger That's helpful, thank you. So that's GrayJay, and they explain the reason for that license (though I agree with the post that Trademark would be a better tool here.)

All the other FUTO projects I looked at are properly Open Source. Immich will stay Open Source (according to their blog post).

@aral Good to know about LocalXpose! Did any others come close to being suitable? I also need to find a solution to this, and ngrok pricing is just not workable. Thanks.

@alcinnz @HerraBRE Adrian didn't you get funding through NLNet recently? Would love to hear whether you gave specific dates/roadmaps if you're willing to share. Thanks!

Wrote about the state of sandboxing in #dropserver

https://olivierforget.net/blog/2023/dropserver-sandbox/

Essentially it's like this:

Released version 0.10.1 of Dropserver.

In this release I improved the user interface of ds-host in many places. It's nothing amazing but it's at least more functional and accessible than before.

https://github.com/teleclimber/Dropserver/releases/tag/v0.10.1

Dropserver is an application platform for your personal web apps. https://dropserver.org

Cool post by @chromakode about self-hosted apps. Naturally I fully agree.

This is exactly what https://dropserver.org is designed for. Max talks about some rather large self-hosted apps, I believe the long tail of these apps is a very large number of small apps.

And yeah, PWAs are fine. In fact they're great. My Dropserver app for tracking leftovers app with integrated camera works as fast as any native app.

https://chromakode.com/post/the-rise-of-self-hosted-apps/

How things work on the www:
- rent globally unique #domain name and point it to your server
- do song and dance get cryptographic certificate that "proves" your server is actually the right one for that domain.

Isn't that backwards? It puts the emphasis on the globally unique name which is in contention by definition.

Wouldn't it make more sense to generate the key pair and then associate human-readable names to it. I guess it's basically pet names for websites, but why not?

@h3artbl33d Urghh I was in the process of moving everything over to Gandi. ☹️

Reading through the replies here it's:

- people suggesting alternatives
- people responding to those suggestions with "no you can't trust them because XYZ"

Even one suggestion of runing your own registrar, followed promptly by "actually it's a miserable pain don't bother" (paraphrase).

So what is one to do?

@h3artbl33d Domain names suck. The whole system is set up to be a pain for domain owners. Each time a registrar becomes successful by being fair and competent, they become the target of a buyout by a profit-thirsty entity.

Never mind that having to pay regularly for the thing you "bought" means you're actually renting and there is no long term association between your web content and the domain it's available under.

It just makes no sense. We need to stop with this crap. But how?

@davatron5000 @fimion I tried implementing JSON:API in my project (https://dropserver.org) but while the frontend might benefit from responses with extras attached, the backend can become complex.

Maybe part of the problem was the lack of good library for Go (IMO)? I even tried contributing to one.

After a while the added complexity on the backend was a burden I did not want to carry.

I ripped it all out and now I just have dumb-dumb routes like a caveman.

https://github.com/teleclimber/Dropserver/commit/7a943afde83829894cdafd648078b6f394595417#diff-452acb3790db76418fdce8320090b7e88f723b6092e54c4d216b4a3999f8d34e

@lightweight I always think about how much people used to do to fiddle with WordPress: copying bits of code from forums and pasting in the theme editor, and trying until they got what they wanted.

Unfortunately we've lost all of that. It would be nice to get some of it back, but I also think times have changed. People expect tech to work for them, not the other way around.

@davidshq To me, an important characteristic of a future search engine is that it can't be taken over by a billionaire or big tech. When I read the philosphical characteristics, it sounds to me like "Don't Be Evil". We all know how that ended.

I'd like to see a new web search and discovery capability based on distributed databases, protocols, and/or federation, etc...

It should be something that empowers individual devs to hack their own clients, algorithms, whatever so that it can evolve.

@davidshq I totally agree that making it decentralized makes it much harder to accomplish, so not attempting that may prove a good move.

Doing some #UI work for #Dropserver. Nice change of pace from all the sandbox stuff I did last month.

Right now my goal is to eliminate as many of the egregiously embarrassing / totally missing parts of the interface. Later I'll try to make things more lively and personable.

@alcinnz Wait why is it asking about 127.0.0.1 if you're going through a unix socket?

@b0rk_reruns Flushing is also used when writing a HTTP proxy that can handle Server Sent Events for example.

In theory open protocols allow "permissionless innovation".

But here on #Mastodon, built on open protocol #ActivityPub, you do need permission to innovate -- from the community.

I find this fascinating. It shows that the theory is just a theory and in reality there are other layers at play.

Similar dynamic happens with FOSS licenses. Lots of talk about copyleft versus liberal as if that's all that needs to be talked about. But other layers exist: legal (trademarks) and community (again).

👋 @ocdtrekkie Does Sandstorm make it possible for users to allow a sandboxed app to contact (HTTP request) an external host? Is it like a white list based on domain name? How is this implemented? Do you have a proxy between the sandbox and the outside world? Does it MITM the HTTPS requests or does it just look at the domain? Or do you do some other magic?

Sorry for the big multi-question. I looked at the site and only found info on incoming request handling, not out. Thanks!

Reading about HTTP Proxies and .... 👀🤦♂️