[Freedombox-discuss] blogging in the FB (was Re: Roadmap Brainstorming)
On 3/18/11 8:41 AM, Bjarni R?nar Einarsson wrote:
> I'd like to clarify that I fully support the idea of generating static
> files as much as possible. It's good for performance, but it's also
> very good for security in that it reduces the attack surface
> significantly - for simple sites, it can be eliminated entirely by
> putting all the dynamic processing behind very strict access controls.
> Hacking a static web-site is pretty darn near impossible, these days.
> If you want a zero-admin system, secure by default should be one of
> the goals.
> I just don't think that we need to worry about performance or
> bandwidth much, when it comes to blogs. :-)
Static files reduce the attack surface, but also open up distribution
options (eg. self-host, TOR-host, mirror-host).
There's also the privacy goal of the FB, for which you really need the
ability to put layers of indirection between your personal IP and the
rest of the world. Pagekite, at a minimum, but the more options the better.
As for the performance thing, well, just don't say anything interesting.
The first time you get linked-to from someone like John Gruber on Daring
Fireball, your personal access to the net gets swamped. If that's a mesh
network, you probably take down everyone around you, too. A residential
ISP in the US might raise an eyebrow, too.
l.m.orchard at pobox.com