ah, back and sated.

gonna thread a bit of a riff on my thinking at the end of this oddly productive in odd ways kind of saturday, and I'm tagging it for now because that's good.

also, I'll make the rest unlisted so I'm not quite so shouty on the rest of y'all's federated feeds and such - I do apologize if us'n got a little loud with our well-meaning nerdy hellthread today.

your patience is, as always, graciously accepted.

okay, so a short-ish summary, some middlin-ish riffing on variations on a theme, and then some forward looking statements on

is an ad hoc experiment around throwing together a decentralized peer-to-peer shared vpn fabric amongst a small group of node operators who have some common interest and connection.

that's the short-ish-est summary I'm likely to round up tonight, but it should suffice. what it lacks in detail it makes up for in brevity.

a number of folks that joined in the thread where this coalesced pointed out that there wasn't a lot of "why" that made sense with the sketchy ideas as presented by the time I decided to just start looking around at stuff and poking it into different shapes in my head, and then on a pi.

my wife too was not sure why I was spending a saturday doing small-to-medium-sized business sysadmin LARP with no attached client.

by which I mean, that's a totally valid line of questioning, and it helps focus some of my often scattered energies in mulling over how I'd think up a way to answer the "why"s a little more clearly than "oh, it's cool, you'll see" because that's wholly unsatisfying to anyone but the person saying it really.

but I'm also not great at immediately coming up with a good clean genericized way to present the base concepts that I'm trying to encapsulate. so I tell stories instead.

so, stories about using

fist story is a brief compare and contrast of something that happens all over the internet every day, first as it works on the public internet, and then how it works on the tubes.

you're part of a small but scrappy team of bloggers who have come to really enjoy writing on a particular set of topics and you have a good shared audience, so you set up a group blog with multiple editors.

not-boing-boing for lack of a better name.

on any given day on the public internet, not-boing-boings set themselves up with a multi-author blog by setting up a webserver, installing a web application that provides multi-author blog functionality, user authentication and authorization, and whatever other bells and whistles have been thrown into the mix since v1 got released by whomstever.

to add a new article to their collective blog, each author logs into a web-based portal and starts editing a new draft, often in a web-based editor, eventually saving and then publishing the new article, which stores it in a database and triggers the proper scripts to generate the proper pages to be shown to the various browsers that may or may not show up to read it. this is repeated by however many authors and however much they have to say (or however many ads to sell or what have you - this isn't really about the motivation, just the workflow).

now, this is a standard scene. there are lots of different specific instantiations of the bits and bobs necessary, and if there are enough authors or enough readers you're often looking at also having a technical staff start to join the ranks of your now not quite as small but still scrappy crew of blogging buddies at not-boing-boing, but that is sometimes the price we pay for popularity or whatever we're looking for.

I digress. I promised something to compare and contrast. back to the tubes.

if we hoist the responsibility of authenticating the authors and giving them permissions to add articles to the blog site by giving them a simple, almost self configuring shared vpn that includes their very meager web hosting server as a node, the workflow could be as simple as having the web server expose a shared network mount on the vpn interface that the authors mount on their laptops, they navigate down to their folder amongst the other authors', start a new markdown file with the editor of their choice, save it, and it's on the blog.

the blog is served by a web server listening on a public internet address, the same public internet address that's also listening for peer connections for its vpn server. it already knows who's allowed in, and it's a small enough group that they can trust each other not to post articles in each others folders.

this isn't anything new, it also is common.

the oft loathed, infinitely rearchitected corporate intranet.

home of enterprise class web applications designed to streamline the way your global multinational juggernaut of the new economy does business with the rest of the corporations with whomst you hunt in the fertile waters of the online marketplace.

entire industries have grown up around ever more complicated, heavily tooled, opinionated, corporate blessed instantiations of what basically is my silly day with the tubes.

once again sundog has invented shit that everybody's had for forever, and better than this toy crap.

it's cool. I know it. and I know you know it too. I dig it.

but see, that weird group of friends that I had in high school who really could have used a digital hangout that wasn't under the constant eye of their unfriendliest of peers, they didn't have that corporate intranet with its walls and its gates.

a lot of folks in a lot of situations haven't had the luxury of chosen privacy with a self-chosen group of their peers, haven't had that space to explore ideas and build and write and try things out and chill and vibe and share and just be without worrying about what other people might say about it.

and y'know, that's crap.

because we've got more, higher quality, easier to locate, cheaper to deploy options for secure, easy, and light virtual private networks than I would have ever thought possible thirty years ago.

and right now, today, here in 2021, it's still legal.

phil zimmerman isn't cowering in fear of the sound of helicopters because he's got a public key.

strong crypto, while ever suspect, is also very accessible

if you know where to look, who to listen to, how to translate it, how to tweak it, and and and

but it's there

lots of folk within eyeshot of this thread about the tubes know it far better than I ever will.

I'm a generalist, a tourist through the deep dives of the specialist lives.

we can build small simple things that help small simple groups do small simple things

and we can do it simply by decided to write some toots and bang some documentation together and talk more and document more and try things and fix things that don't work and write more documentation

Show newer

@djsundog and yet you're actually doing it and sharing it with us

that counts for a lot


I'm doing "sysadmin LARP" with Tailscale, preparing for the eventual day when I want to run servers at home and get to them from the coffee shop without having to open them up through a firewall.

#theTubes sounds like a fun idea

@djsundog "small-to-medium-sized business sysadmin LARP" 😂

your poor wife

@djsundog this sounds like . they have good resources for peering over all manners of vpn fabric.

@djsundog (it was fun to see the hellthread and riff off of it, although yea....a hellthread)

@djsundog you have me pondering BGP of RFC4193 (Unique Local IPv6 Unicast Addrsses) ranges over wireguard tunnels now.

They note that "there would be a very significant operational penalty for attempting to use IPv6 local address prefixes generically with currently known wide area routing technology." due to the flat routing needed, but with a smallish network, should be fine?

@kepstin sounds plausible to me, and I happen to have a testbed for screwing with such ideas ;)

@djsundog (thinking about this more, OSPF probably makes more sense)

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!