On 3/18/11 8:41 AM, Bjarni Rúnar Einarsson wrote:
I'd like to clarify that I fully support the idea of generating static
files as much as possible. It's good for performance, but it's also
very good for security in that it reduces the attack surface
significantly - for simple sites, it can be eliminated entirely by
putting all the dynamic processing behind very strict access controls.
Hacking a static web-site is pretty darn near impossible, these days.
If you want a zero-admin system, secure by default should be one of
the goals.
I just don't think that we need to worry about performance or
bandwidth much, when it comes to blogs. :-)
Static files reduce the attack surface, but also open up distribution
options (eg. self-host, TOR-host, mirror-host).
There's also the privacy goal of the FB, for which you really need the
ability to put layers of indirection between your personal IP and the
rest of the world. Pagekite, at a minimum, but the more options the better.
As for the performance thing, well, just don't say anything interesting.
The first time you get linked-to from someone like John Gruber on Daring
Fireball, your personal access to the net gets swamped. If that's a mesh
network, you probably take down everyone around you, too. A residential
ISP in the US might raise an eyebrow, too.
--
[email protected]
http://decafbad.com
{web,mad,computer} scientist
_______________________________________________
Freedombox-discuss mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss
