PageKite: Making The Web 1000x Bigger
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Title of Series | ||
| Number of Parts | 64 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/45944 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 20115 / 64
3
7
10
11
17
19
21
28
33
34
35
37
40
44
48
49
52
55
57
59
62
63
64
00:00
Slide ruleComputer animationXML
00:17
InternetworkingBitSlide ruleFitness functionQuicksortComputer animationLecture/Conference
00:39
Web browserCondition numberTerm (mathematics)Information privacyWeb 2.0BitContent (media)Virtual machineQuicksortComputer configurationPhysical lawBlogServer (computing)TelecommunicationInformation privacyFacebookCondition numberMereologyTerm (mathematics)NeuroinformatikVideoconferencingDigital photography
02:26
Server (computing)Address spaceComputerReverse engineeringCommunications protocolService (economics)Web pagePower (physics)Process (computing)Information securityClient (computing)BitComputer programmingComplex (psychology)OSI modelIP addressOpen sourceServer (computing)Line (geometry)Web 2.0View (database)Point (geometry)In-System-ProgrammierungMultiplication signSoftwareBounded variationProjective planeMobile WebWebsiteSource codeHash functionCodeProxy serverFreewareLogicLaptopWordFirewall (computing)Term (mathematics)InternetworkingImplementationClosed setDuality (mathematics)Wind tunnelWeb browserComputer animationLecture/Conference
05:44
LaptopDiagramWeb browserDiagramLaptopCartesian coordinate systemPoint (geometry)Web pageFront and back endsWeb 2.0View (database)Domain nameGreen's functionOSI modelIP addressComputer animationLecture/Conference
06:25
Proxy serverOpen sourceReverse engineeringHacker (term)Communications protocolMach's principleWeb browserVariable (mathematics)EmailServer (computing)Internet service providerFreewareBlogDomain nameUser interfaceRoutingInternetworkingTable (information)Keyboard shortcutOrder (biology)Business modelLimit (category theory)WebsiteLevel (video gaming)DebuggerMultiplication signParameter (computer programming)Server (computing)Band matrixQuicksortKernel (computing)SoftwareCASE <Informatik>FreewareFront and back endsGreatest elementDefault (computer science)Domain namePublic key certificateLaptopEncryptionNeuroinformatikCommunications protocolInformation securityWeb browserDiagramPoint cloudComputer programmingLocal area networkVirtual machineSingle-precision floating-point formatSoftware developerComputer fileFirewall (computing)Local ringRootCAN busLecture/Conference
10:24
Message passingSoftwareCloud computingTerm (mathematics)Hard disk driveLimit (category theory)Web 2.0HypermediaFamilyComputer fileCartesian coordinate systemServer (computing)WeightSpacetimeLibrary (computing)WebcamComputer animationLecture/Conference
11:20
Personal digital assistantServer (computing)Android (robot)Point cloudMechatronicsLaptopComputer hardwareHacker (term)Router (computing)Factory (trading post)Hacker (term)InformationSocial classQuicksortWebdesignSystem administratorVirtual machinePlanningServer (computing)Arithmetic progressionFirewall (computing)Multiplication signSingle-precision floating-point formatCASE <Informatik>FreewareWebsiteComputer hardwareLaptopOpen setSoftwareLecture/Conference
13:04
Link (knot theory)Web pageSlide ruleFAQLine (geometry)Data compressionType theoryRouter (computing)Axiom of choiceSlide ruleTwitterMultiplication signWebsiteUniform resource locatorLecture/Conference
13:39
Web pageSlide ruleComputer animationLecture/ConferenceXML
Transcript: English(auto-generated)
00:07
He was just asking me why would I want to do that and luckily that's my first topic of discussion and the reason is because it fits on one slide.
00:22
The Internet's become in some ways really, really centralized and Evan Moglin talked about that a bit earlier today and a lot of people are becoming more and more worried that these people, these companies, really good companies doing wonderful work but the fact that things are so centralized has certain implications and that's sort of a summary
00:44
of my opinion on it. Speaking of sort of getting into more detail, when I say the Web is centralized what I mean by that is most of our computers and most of our devices are not part of the
01:01
Web, you have to communicate on the Web, you have to take your data, your blog post or your photo or your video or whatever and you have to upload it and usually you're uploading it to somebody else's computer and even if you rented a virtual machine somewhere you know you're still uploading it to someone else's computer and if you get in trouble with that person, you violate their terms and conditions or they change
01:24
their terms and conditions and you're in violation all of a sudden, they can shut you down and remove your content from the Web, effectively censoring you. If you're using the Web for personal stuff, for private communication which a lot of us do, thanks to things like Facebook, then you need to worry about privacy
01:42
policies, what are companies going to do with your data and most of us have responded to this by just shrugging, not reading the policy, not worrying about it and hoping we don't get burned. People who are doing sort of, I don't know, shall we say controversial things, they might have to be actively worried about censorship, you
02:05
might have to worry about the DMCA if you're trying to remix content that somebody has copyright over and there are questions about fair use, data retention laws bother some people here in Europe. There's issues like that, it would be really nice if everybody had the option of running a web server if they wanted to. And then there's the question, can we do that? Is that possible?
02:27
And a little bit of history on why that's generally considered a hard thing. We're raised with the idea that servers are hard, clients are easy. And it's a cultural thing and it's not really true. Client software is no
02:43
simpler to write. Software complexity is no lower for a client than for a server. And you know, we can do this. Web servers used to be high tech, you used to have to know how to compile a C program to do it. Today it's built into everything. We have more processing power in our pockets today with our cell phones than the first web servers had.
03:03
And our desktops, although there's still some security issues, we now are comfortable sharing open Wi-Fi with a room full of strangers. So we understand security better. But we have this problem left. We've run out of IP addresses and that problem is not getting better anytime soon.
03:22
Last time I gave a variation on this talk, we hadn't technically run out of IP addresses yet, but now I can say that we have. But in practical terms, we ran out of IP addresses a long time ago because from the point of view of the consumer and the average person, you've never been able to go to your ISP and say, hey, I want 10 IP addresses. Your ISP would say no.
03:43
That's not a service that's available unless you're willing to pay the prices that companies pay for dedicated leased lines. The average person never had enough IP addresses to run a few servers at home. So that's the issue that I'm trying to work on with Pagekite, overcoming this.
04:00
So assuming we had a web server on every single device, how do you make it reachable? How do you put that server actually on the web where people can see it? And the solution that I'm working on is based on fancy word protocol layer routing. It's really just tunnels and proxies. And there's some existing code that you can sort of hack together to achieve this if you set up an SSH tunnel from your laptop.
04:24
You can do some forwarding logic in Apache. You can make a website visible, but it's a lot of work and it's not very stable. And it's certainly not something the average person is going to do. If you're an anonymity person, then you might like Tor and you might know about hidden services.
04:41
And those are cool. They get the job done. But you're stuck with a really slow website with a really, really ugly name. Because every single hidden service has an MD5 hash for a name. You can go close source and use Opera Unite. That means that your web server is living inside a web browser, which just seems weird to me.
05:00
Or you can try Pagekite, which is a dual project of a company that's doing a service and then an open source implementation, which is completely free. One of the questions I get is, you know, isn't IPv6 going to solve this problem? And I say no. And the reason I think IPv6 won't solve this problem is because of two things.
05:21
Firewalls and mobility. People are not going to stop putting firewalls on their networks because they're afraid of the internet, and rightly so. So you're not going to have unfiltered access. The ISPs are going to do this for you. They're going to block access to port 80 because they want to sell you that service. And you're mobile. You're changing networks three or four times a day.
05:42
You don't have a static IP address most of the time. So here's a little diagram of what application layer routing looks like from the point of view of Firefox. So that green thing there represents the tunnel that we would establish between the laptop and something I'm calling a frontend.
06:02
The browser looks up the domain, gets an IP address, contacts it, requests a web page. That just gets forward and the data comes back. And the important thing about this is, you know, most of you know how this works. But the important thing about this solution is that from the point of view of the web browser, this is exactly the same. Nothing's changed.
06:20
The fact that the request goes over a tunnel and then comes back, the web browser doesn't even know. So I can't tell how much time I've used, but I'll start talking about Pagekite itself. So Pagekite.py is a single file Python program. I've tried to keep it as simple and easy to install as possible because I want this to be able to run everywhere.
06:42
And if you've got a Mac, you already have Python, you can run it without installing any dependencies. It's free software. It's supposed to be easy to install and use. It does HTTP, it does HTTPS, and it also does SSH. So if you have a machine somewhere that's stuck behind a firewall and you want to be able to SSH in,
07:00
Pagekite is probably one of the easiest ways to make that happen today. The tunnel itself is protocol agnostic, so we can add support for other protocols as people become interested in those. And it compresses the traffic because people generally have limited upstream bandwidths. This single Python program will implement both ends of the tunnel.
07:22
So on the diagram before, you had one computer in the cloud and one computer at home. The same piece of software implements both ends. This is all you need to use this. It has an HTTP server that gives you some diagnostics and eventually might allow you to reconfigure it. Some limitations. I'm not going to dwell on this, but I'm going to acknowledge them because I don't have much time.
07:44
The most telling one there is the HTTPS limitation, where we basically have to wait a few years for everybody to upgrade their browsers and things like that in order to be able to do reliable name-based protocol-level routing of HTTPS requests.
08:01
But if you can convince the people that are visiting your website to install Chrome or use a recent Firefox, then it's not a problem. And of course, there's this one. A lot of people just don't like the idea, but it does work really, really well. So here's an example of what you'd have to run on your server on the internet.
08:21
I'm running that as root because it needs to bind port 80 and 443. You can also use some IP tables, tricks, you know, kernel-level stuff to get around that, but this command will work. And this is what you would run on the laptop. So basically the same stuff, you know, the name of the domain, which services you're interested in publishing,
08:42
and then you tell the backend pagekite where the actual server is. And it doesn't have to be on localhost. It can be some other device on your local network, but localhost is the common case. Then there's the other half. There's the service, the company, all that stuff. And I'm trying to do this because I want to accomplish two things.
09:03
You know, I want to be able to fund further development of pagekite, and I want to bring this technology to the average people, not just to the geeks in this room. And that means that someone needs to provide these frontends. And the frontends, they cost bandwidth, they need some resources, so I'm trying to build a company and some sort of business model around making that service available to people because it doesn't exist today.
09:27
Some features that the service and the company provide, the one I'm really excited about right now, which is also going to be controversial, I'm hoping to have arguments with some security people about this, is I would like to provide SSL to everyone all the time.
09:42
And I can do that by putting a wildcard certificate on the frontend, terminate the encryption there, and then make sure that the tunnel itself is encrypted as well. And this of course means that the frontend can spy on your traffic, but nobody else can. And that's a significant improvement for people that are worried about things like Firesheep.
10:01
There's the business model we have today. It's really simple. I don't know if people are going to like it. This is an example, same thing as before except this time you just say minus minus defaults. And I'm showing you here at the bottom how you would actually expose your SSH server as well because it's turned out that's one of the things that gets the geeks excited.
10:25
So this is simple. Long term I would like technology like this. I'm not just selfishly saying I want everyone to depend on my company, but if we can put technology like this, things like Diaspora or StatusNet or those things, we can start getting some really interesting innovations in what people do with these servers.
10:45
Once the web server itself has direct access to your webcam, has direct access to your media library, has a terabyte of hard drive space, you've avoided a lot of limitations that these cloud providers have to deal with every day, and we can start implementing features that are just too expensive for them to implement in their centralized networks.
11:03
So we could start competing on something else, some other message than just, you know, it needs to be private because that message doesn't resonate with everybody. But if you tell people, hey, you can share your files with your family and you don't need a separate application to do that, then a social network starts becoming pretty interesting.
11:21
I've seen some other use cases. This is stuff that I've done. I've run it on my phone. I did that at a conference just to show off that it worked. I've got four Linux virtual machines running on a server in a corner in my living room, and they're all visible. I didn't have to reconfigure the router. I didn't have to do anything. I just ran that Python command.
11:41
The guy who does the web designs for me, he's really excited about this because he can show off his work as it's in progress. He can just call up a client and say, hey, just visit this website. This is what I'm doing right now. He can avoid completely the step of uploading and copying and going through some sort of publishing rigmarole, which he just has it on his laptop.
12:01
I've seen teachers publishing class material off recycled hardware, pulling up some old machines. They just install this. They never have to talk to the network admin. It just works, and that appeals to them. I've seen Arduino hackers sending weather information to Pachube because, again, they didn't have access to reconfigure the Wi-Fi they were using,
12:21
so they couldn't do the port forwarding trick. This is the one that surprised me. It was guys that are cutting chicken using automatic machinery in factories. They were like, hey, this means we can just give every single chicken-cutting machine a name. We can use SSH, and we can use VNC,
12:42
and we can just go right in there from home and save thousands of dollars on plane tickets. I was like, okay, do that. Any time a router or firewall is in the way of publishing a server, this can be a useful tool. As I said, it's open, it's free, and I really need more users to test it and help me figure out what to do with it.
13:06
I think I have time for questions. I'm not sure. I can encourage you by doing the bonus slide.
13:24
Check it out. We have a Twitter account named pagekite, and I tweeted the location of the slides if you want to go over any of this stuff again. Of course, there's the website and so forth. Thank you.