Recent searches
Search options
web0 manifesto
“…web0 is web3 without all the corporate right-libertarian Silicon Valley bullshit.”
Sign your name and join me in starting the year as you mean to go on: without tolerating any bullshit.
Happy New Year! :)
G’morning folks, how lovely to wake up and see the new signatures on the web0 manifesto
By the way, if you are having trouble signing because your email server implements an archaic anti-spam technique called greylisting. I’m going to look into adding basic support for it but please also contact your email provider and remind them it’s 2022. Spammers have long worked around greylisting. Today, it just makes things harder for legitimate small web use cases.
Also, some folks have mentioned on the fediverse that they don’t have a web site to link to… please feel free to use the link to your fediverse account (Mastodon, etc.)
But please don’t link to people farmers like Twitter, Facebook, etc., or to sites with trackers from them.
I’m going to look through the links today and contact you to see what we can do if any look problematic.
Finally, a couple of you have reported not being able to add your site if it doesn’t load over a secure connection (TLS).
That’s by design :)
It’s 2022 and we should all be doing our best to encourage good practices. HTTP is not secure. It means people who visit your site could be hit with man-in-the-middle attacks.
Thankfully, we have a free/automated way to implement TLS now with Let’s Encrypt.
And servers like Site.js (https://sitejs.org) do it automatically for you.
@aral I got "sorry" your site isn't loading. It forces me to use crypto on my public web site, but in #smallEngineering we have reservations against crypto *everywhere*, because it causes yet more energy wasting..
@gert Hey, you might have hit it just as I was updating it (literally several seconds) :) Sorry!
@aral Sorry, our sanitised version of the link you provided (https://se.citiwise.eu/index.html) isn’t loading for us.
Reason, it is http
@gert Ah, yeah.
@aral Code is law.
@gert @aral Ward Cunningham has a similar fight against HTTPS pushed by and thus also with Google. We happily ran our Federated Wiki on the web and authenticated against the empire, until they wouldn't, anymore. Because we're not on the right side of the web anymore. And have to follow suite, if we want to remain relevant.
@aral Signed ! And Happy New Year to you too !
@aral what do i put if i don't have a website yet?
@aral (LOVE this, btw...)
@ailurocrat Thank you! 
@ailurocrat I’m afraid there isn’t a provision for that. But when you do have it… :)
@ailurocrat @aral what if you just put the link of your mastodon profile, or something like that ?
@ailurocrat PS. You could just link to your mastodon profile :) (Just saw someone do it; sorry I hadn’t thought of it earlier.)
@inference Haha :)
@aral … and here we go!
@aral signed, proudly... this is awesome...
@ailurocrat Thank you :)
@michael There isn’t a need; that’s why it’s not included :)
@aral Ah, apparently what I'm missing is functioning eye sight 
@michael Haha, no worries :)
@aral i don't understand, what does it mean to sign your website? what does that signify?
What does this even mean? What you're calling web0 is just the web. What's the point of this at all?
@danjones000 The web we have today is centralised. Google, Facebook, and other closed silos serving millions (sometimes billions) of people is not a decentralised system. That’s the point of this. Glad to wake up and see from the signatures that at least a few other folks agree :)
I disagree with your basic premise. Certain websites/web services are centralized, but the web itself is not (if you ignore Cloud flare, screw them). Anybody can still publish their own website, regardless of whether it's on Facebook or not.
But setting that disagreement aside for a moment, your explanation still doesn't explain the point of the petition. Is it to get rid of centralized web services? Get rid of this Web3 nonsense? Or just a promise not to build some Web3 Blockchain thing? I don't see an actual started purpose here. Just some very vague statements.
I feel like I'm missing something obvious.
@danjones000 It’s so we have an alternative term to use when describing what we do.
Oh, you’re doing web3?
No, we wouldn’t touch that shit, we’re working on web0.
It’s to counter the right-libertarian/Silicon Valley/corporate attempt to capture the narrative around the promise of a decentralised web.
PS. It’s cool if it doesn’t speak to you. It doesn’t have to speak to everyone. Part of the purpose is to find the people who it does speak to so we know who’s working on similar stuff.
I agree with the basic idea. And it’s clear from the page how you’re defining these things. It’s just unclear from this page what people are signing their name for.
Are they pledging to support web0? Or to oppose web3? Or is this a petition to take down web3 projects?
My whole point in asking “what is this” is to get clarification on the purpose of this page: in particular, what are people signing up for, since there’s no actually stated purpose?
And to be clear, since I think I was unclear: I disagree with your statement that the web is currently centralized. I would say that major web services are centralized, but the basic technology is, and always has been, decentralized.
I agree with your goal to promote a simple web that’s in the control of the people.
@aral hmm maybe I have some DNS issues with the mail server?.. I checked security and it seems sound.
@jonn Interesting, I’ll look into it (and add a word break style rule to the error message) :)
The email functionality is hand-rolled so I’m going to be improving it based on reports like this.
@aral I honestly think it's my misconfiguration... Which is really strange, I used to pass Google's DNS checker, but yesterday I checked again and it failed... But I tried to send spoofed E-Mail via the `mail.doma.dev` server and it seems impossible...
@aral but please tell me more about the error. I send and receive mail from mail.doma.dev w/o problems...
@jonn OK, so I just looked into it properly (and improved the layout of the error page).
The error is from your email server. It’s basically blacklisted the IP or IP range or domain of our server. This can happen if people blacklist the web host (in our case, Hetzner).
@aral oh oopsie doopsie. But it also means that someone from your data center triggered my fail2ban!
Am I right that if ALLOW the exact IP of the server the problem will go away?
PS
I think I'll just reset iptables on my end, and sign the manifesto.
@jonn Let me know how it goes :)
@aral Should fix the form against greylisting.
@muppeth Going to look into it today. Greylisting is such an ineffective policy, it’s amazing that folks still use it. But yes, from initial reports it appears a few places still do :)
@aral Actually it blocks ton of potential spam. Sure it has flaws (specially when sending one time passwords/tokens etc from not frequently used domains) but the amount of shit that gets blocked is I think worth it, or at least it was. I should do some stats on that to see if it’s still the case, but last time I checked it was pretty obvious lot of annoying spam was out the window before hitting the server.
@muppeth I think the key word here is *was*. Spammers caught on quickly that all they needed to do was retry after a while. It wasn’t much in terms of “proof of work”. Today, from the research I’ve done, it’s as effective to use other anti-spam techniques. And since folks like gmail send email from lots of separate IPs it means transactional emails can be delayed for hours. So, in a nutshell: doesn’t really affect modern spammers, makes life harder for everyone else :)
@muppeth * as effective today as greylisting was in circa 2007 or so, that is.
@aral indeed worth checking again after years of just adding it by default to every mail server.
@muppeth Neat, thank you :) Fix the defaults, fix the web ;P
So, centralized certification authorities are also an implicit part of the manifesto?
@viznut Heya, if you’re mean TLS, then sadly yes, that’s a fact of life on the web. In my opinion, at least, the alternative (having plain text over the wire, man in the middle attacks, etc.) is not an alternative.