[Freedombox-discuss] blogging in the FB (was Re: Roadmap Brainstorming)

[Les Orchard]

On 3/18/11 8:41 AM, Bjarni Rúnar Einarsson wrote:
> I'd like to clarify that I fully support the idea of generating static 
> files as much as possible.  It's good for performance, but it's also 
> very good for security in that it reduces the attack surface 
> significantly - for simple sites, it can be eliminated entirely by 
> putting all the dynamic processing behind very strict access controls.
>
> Hacking a static web-site is pretty darn near impossible, these days. 
> If you want a zero-admin system, secure by default should be one of 
> the goals.
>
> I just don't think that we need to worry about performance or 
> bandwidth much, when it comes to blogs. :-)

Static files reduce the attack surface, but also open up distribution 
options (eg. self-host, TOR-host, mirror-host).

There's also the privacy goal of the FB, for which you really need the 
ability to put layers of indirection between your personal IP and the 
rest of the world. Pagekite, at a minimum, but the more options the better.

As for the performance thing, well, just don't say anything interesting. 
The first time you get linked-to from someone like John Gruber on Daring 
Fireball, your personal access to the net gets swamped. If that's a mesh 
network, you probably take down everyone around you, too. A residential 
ISP in the US might raise an eyebrow, too.

-- 
l.m.orchard at pobox.com
http://decafbad.com
{web,mad,computer} scientist