patrick.net

Hircus says

Patrick says

I have plans for a project to let people surf home-hosted websites via scp.

Interesting. How would that work? scp to pull down the webpage + assets, then load from a local web server via browser?

I recall you brainstorming for a solution to dns and ssl certs a long time. Good to hear you came up w/ an idea.

@Patrick.

NOTE: This bot is CRAP - you can't upload or download more than 1 file at a time. This is a hack, proof of concept.

Here, play around with this if you like:



0E01B54108F3F9AC049F763446CA00F257AEC1CDE094359CDC3FBD928D9F2368E7A8DA22CF37

That's a TOX id. That's a bot I'm running on a pi. Tox is a point to point communication protocol. It's very flawed, but it sort of works. You can upload and download files from that account - just type "help" once you connect.

https://qtox.github.io/
https://play.google.com/store/apps/details?id=chat.tox.antox&hl=en_US&gl=US

Here's the general entry point for tox: https://tox.chat/

This protocol can be generalized to go beyond just chats. They problem with SCP is you have to be able to setup your router, you don't with Tox, but Tox is crap right now.

Patrick, I assume one must know the ip of the server to ssh/scp to? Basically that's probably distributed with the user's public key? Why scp instead of ssh tunnels?

Have you considered using regular https in browsers, but just use self signed certs? Putting the user's cert in your local trust store basically makes it a root cert. Since a self signed cert has no upstream certs, there's no one to revoke it.

A benefit of this way would be better/easier compatibility. Adding a base dir to urls like
http://localhost/(hash of content author public key)/
likely requires complicated proxy code that scans html, js, cookies, headers etc... to rewrite paths. It can be done, and I know existing proxy server projects do it, but the js part is the place where I imagine they never quite get perfect compatibility. Same goes for changing the domain and/or port by using localhost, you'll need to rewrite content. Well, unless the site author does a perfect job of using relative paths.

I guess a drawback is that when using certs, angry npcs at google could possibly alter chrome to block certain certs "known for disseminating hate speech", whereas your method would require they modify scp to block a public key. Because with your method, the browser is just connecting to a local webserver, w/ no easy way for them to id the source of the content.

Maybe instead of using a base url, make domains via the host file, which all just point to 127.0.0.1. By having a dedicated domain that points to the local web server (like http://correct.horse.battery.stapler ), the browser cross domain security model will remain in tact, whereas using a base url, you will have issues with websites reading each others data, because you cannot guarantee isolation.

AmericanKulak says

White people have cut soda consumption 20% in the past two decades, but minorities have not. Therefore, all commercials for soda feature Twerking.

https://twitter.com/crazyclipsonly/status/1722826385691975947

A female gorilla trying to seduce her mate