Building the world you want to live in


I know we are getting into deeper issues here—but I was thinking about this in a very basic way when I “just wanted to make a blog” recently. In order to make something that wasn’t part of Facebook, or Squarespace, or, or similar, I had to do all these steps:

  • register domain
  • buy cloud hosting
  • hook up DNS
  • install Wordpress
  • find and install a theme I could live with

And all that of course after much research and hemming and hawing about what the easiest and most stable tools for the job might be. These things are not what I have practice at, so they took me some time and were super annoying. For a not-very-technical person, one or more steps would probably be deal breakers.

So I was surprised that nobody seems to be offering this “just make a website” service. I get that silos and ads make more money. But I’d be willing to throw some monthly fee well above the hosting costs at some organization that could make this stuff easier.

I guess the whole idea of “one’s own place” on the web is more than a little illusory. On the other hand it means you can be ad-free, which is a real and clear distinction.


I thought this was Squarespace? Or

The elusive thing from my point of view is “just make a website where I own enough of he infrastructure that I trust what’s coming in and out”. But I think @zebra hit it on the head, the routing infrastructure we depend on is built on trust. We know, thanks to Snowden, that trust is unjustified. This is a problem so low in the stack that we can’t fix it without starting over.

And if we are going to boil oceans, I guess I’d rather head over to the “Democracy” thread.


“The thing about Internet in Cuba is that we’re detached from it,” Grajalo explained. “It’s not whether you have it or you don’t, it’s that we don’t even know what to look for.”

What little nuggets of digital gold they are able to mine from the interwebs in turn get passed among their small but rabid circle of electronic music heads in eastern Cuba, which they have jokingly nicknamed the Departmento Oriental de Emulación Electrónica (Eastern Department of Electronic Emulation) as a parody of the Cuban government’s penchant for bureaucratic nomenclature, which uses “emulation” as a euphemism for “competition” (a socialist no-no term).

Generally, one person downloads an mp3, video file, or cracked software, which then circulates by USB flash drive among the crew. It’s the same method used by El Paquete Semanal (The Weekly Packet), an island-wide person-to-person digital media distribution system emanating from Havana, which delivers a one-terabyte curated selection of Hollywood blockbusters, Latin American soaps, and blinged-out music videos to a hungry audience willing to pay. The government turns a blind eye to the commercial enterprise, which some have likened to an alternative Internet.

Today, in Cuba more and more people have computers and other electronic devices such as tablets and smartphones, but home Internet and Wi-Fi access remains forbidden unless you have special permission from the Ministry of Communications (recently the government opened 35 points with public Wi-Fi around the country with a cost of 2 CUC per hour, and service is limited). As a consequence, there is a new phenomenon called SNet (Street Net), a sort of clandestine network.

At the beginning young people started to use telephone cables to connect computers in the neighborhood in order to play games in a network. Later, they found a way to connect the computers using Wi-Fi. Today, this network consists of about 10,000 computers. The police also access the system to monitor the flux of information.

The government warns that if you share counter-revolutionary material or other forbidden content, it will break the whole SNet system. Despite this, SNet has become one of the main avenues for playing collective games and information distribution.

Besides SNet, there is also a governmental Internet, a very slow and monitored intranet. Every e-mail that is written in Cuba is tracked by the political police. There are many systems to monitor key words. Some government employees or institutions. An advertising for “El Maletín”, governmental anti-paquete have a faster and more direct Internet connection, with access to Yahoo, Hotmail, etc., but it’s still impossible to access other big international platforms such as YouTube and Google Maps.


The overall infrastructure is compromised, yes, but does that mean we should just sign over everything to Facebook? Some autonomy is better than none, and websites that can’t be turned over by the whim of complicit companies and corrupt court orders definitely strikes me as a good thing.


Big huge gradient available to all of us. This is what I mean by “define your threat model”.


Say you want to own your data and the device it is hosted on, purely out of principle - and at each stage, depending on your skill or interest, you could check and determine whether or not you had succeeded. Something like this could be scaled or used in a variety of ways depending on the threat model, without ‘threat’ (gov/companies etc) being the starting point.


What does “own your own data” mean?

I know it probably seems like I’m either being pedantic or obtuse, but the answers to questions like these tend to be very personal when you really dig in.

Does it preclude surveillance?


a friend just dropped this heavy reading list on me, thought i should put it here too



Without getting too philosophical about it, owning your data might mean having permanent access to all aspects of it, not having it disappear on you if the service fails, choosing who has access to it, being able to back it up and encrypt it, and depending on who it is, it might also mean security and privacy as well. Some of this stuff may be naive in the age of the surveillance state, but I still think some aspects are worth exploring. I’d like to see how smaller intranets could exist as community tools, decoupled from the greater internet, and how they might work as frames for reimagined social networking.


there is the data we willingly publish, like forum posts, audio tracks, pictures, video, personal info on profiles, etc. Some of that data is easily “owned” (self-hosted, on a machine we remotely or even physically control) if i find it convenient, or desirable, as in “i do not want to fuel a third party’s business model that uses my content to gain traffic”.
To me, forum posts, are not my own. They are “given” to a common place.
What i willingly publish, i consider it, well, public.
I don’t believe in so called “restrained” access, as soon as someone has access, the data is at risk of ending up public anyways.

Then, there also is the data i don’t especially want to share, but technically do (“metadata”, traces), that can lead to profiling, unique identification. Against the collection and mining of those, i can’t do much; apart from privacy add-ons in browsers, and deliberately not using services.

I don’t know about building the world we want to live in, because “we”, the majority of it, is often scary.

As for decentralization; mobile personnal devices joining in ad-hoc networks could be interesting, in populated areas, but still relatively theoretical.
Wifi deaddrops are a fun experience.
One can also use open wireless APs with “captive portals” as a form of
Local (city-wide) networks can be built with 5GHz links (that resource is still free to use in some countries). But it can’t be really isolated; somehow people want to be connected to the greater internet. If constrained to my “geographically local” relationships, i would be a very different person. To be honest i love being able to live in a quiet area while having access to forms of intellectual emulation.

But all that is very much like poetry. It’s great that it exists, and it may change the life of a few people. Most will not be touched by it.


Oh, I didn’t make it clear that having my own domain was part of the requirements. This is sort of the minimal amount of stuff to do to have a website on your own domain. That’s sort of my low bar for “owning the data.” It at least protects me from the scenario where Squarespace or flickr or some other service goes kaput or is bought by another entity with different ToS and goals.

Unfortunately it comes maintenance you have to do too, not just setup. Hmm, I should probably go install some Ubuntu and Wordpress updates. When you have your own domain, there is always some sysdamin work to do. It would be worth $10 or $20 a month to me to have someone more competent in interwebs doing this instead of me. And they could do it en masse for lots of people like me. That’s what I was thinking could be a good business.


Thanks. I didn’t explain well enough that having my own domain was a requirement. On that front I looked at ghost and jekyll too.


Maybe this should be my semi-retirement. Not joking.

EDIT: been speaking with a friend that currently does this. But he says he charges 10x-20x more. @randy would it still be appealing to you then? (I think the difference has to do with the degree of “high-touch” hand holding that a managed hosting provider provides)

Or maybe not. Here’s an example of what many consider to be the BEST Wordpress hosting:


Thanks for the link, I could deal with the $29/mo level, possibly. Given that it’s for business, they have a pretty high level of support. I’m more thinking about something aimed at just individuals who want a blog, makers who want a portfolio, other small businesses, etc, and wouldn’t need that much handholding. Let’s say you had 1000 of these customers and a tool to manage the domains and installations. Support understood to be by email only, but with maybe only one stack that you support, it should not be hard to make things very solid. I think (maybe naïvely) this is a reasonable business.

In the world I want to live in, I want to find about Jane Woodworker, so I google her and probably and up at There is her site and I’m looking at some nice furniture, and no ads for anything unrelated. To enable more people to meet these minimal standards of online presentation more easily would be good work.

Oh. It looks like squarespace is doing basically all of this. I had it in my head that they only hosted stuff on So… I am just left wondering about their software platform and its openness. But basically: never mind


Squarespace has data lock-in.

Other disadvantage to Squarespace (that may or may not be a dealbreaker) is that their pre-made templates look like the top 20 templates on Envato market, so you’re going to get a nice looking site that isn’t terribly unique.

Trying to decide if no-data-lock-in, better/more unique aesethetic choices, better usability, and constant innovation in these areas, is enough to justify a new entry into the squarespace/wix/shopify/etc market…


Yeah, data lock-in is obviously not a part of a better world. They have some stuff on GitHub, but it looks to me (from 5 minutes research) that it’s just templates and the core application may be closed.

By “never mind” I meant never mind my blathering, not don’t do it… I still think there’s room, even if squarespace were open.


Another option, especially if you already have your own domain would to be use and host your ‘app’ for free.


harrowing. written by bruce schneier

The market can’t fix this because neither the buyer nor the seller cares. The owners of the webcams and DVRs used in the denial-of-service attacks don’t care. Their devices were cheap to buy, they still work, and they don’t know any of the victims of the attacks. The sellers of those devices don’t care: They’re now selling newer and better models, and the original buyers only cared about price and features. There is no market solution, because the insecurity is what economists call an externality: It’s an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution.

more quotes, because it’s a long article and i trust many will tldr

The Digital Millennium Copyright Act is a terrible law that fails at its purpose of preventing widespread piracy of movies and music. To make matters worse, it contains a provision that has critical side effects. According to the law, it is a crime to bypass security mechanisms that protect copyrighted work, even if that bypassing would otherwise be legal. Since all software can be copyrighted, it is arguably illegal to do security research on these devices and to publish the result.

Although the exact contours of the law are arguable, many companies are using this provision of the DMCA to threaten researchers who expose vulnerabilities in their embedded systems. This instills fear in researchers, and has a chilling effect on research, which means two things: (1) Vendors of these devices are more likely to leave them insecure, because no one will notice and they won’t be penalized in the market, and (2) security engineers don’t learn how to do security better.


We’re starting to chafe under the worldview of everything producing data about us and what we do, and that data being available to both governments and corporations. Surveillance capitalism won’t be the business model of the internet forever. We need to change the fabric of the internet so that evil governments don’t have the tools to create a horrific totalitarian state. And while good laws and regulations in Western democracies are a great second line of defense, they can’t be our only line of defense.

and the thread title makes an appearance:

Market thinking sometimes makes us lose sight of the human choices and autonomy at stake. Before we get controlled — or killed — by the world-size robot, we need to rebuild confidence in our collective governance institutions. Law and policy may not seem as cool as digital tech, but they’re also places of critical innovation. They’re where we collectively bring about the world we want to live in.


It all comes full circle to democracy in the end, doesn’t it?

I love Bruce Schneier. My go-to source for internet security thinking. His blog is top notch.

This is one of the many things that makes the DIY/open-source software movement such a huge challenge, especially when it becomes infrastructure:

Our computers and smartphones are as secure as they are because companies like Microsoft, Apple, and Google spend a lot of time testing their code before it’s released, and quickly patch vulnerabilities when they’re discovered. Those companies can support large, dedicated teams because those companies make a huge amount of money, either directly or indirectly, from their software — and, in part, compete on its security.

That being said, if you asked any sysadmin about the relative security capability of Windows and Linux, you can more or less guess what their reaction will be.

For the tl;dr folks (he expands on each of these points, eloquently):

Truism No. 1: On the internet, attack is easier than defense.
Truism No. 2: Most software is poorly written and insecure.
Truism No. 3: Connecting everything to each other via the internet will expose new vulnerabilities.
Truism No. 4: Everybody has to stop the best attackers in the world.
Truism No. 5: Laws inhibit security research.

So many quotable passages:

In general, there are two basic paradigms of security. We can either try to secure something well the first time, or we can make our security agile. The first paradigm comes from the world of dangerous things: from planes, medical devices, buildings. It’s the paradigm that gives us secure design and secure engineering, security testing and certifications, professional licensing, detailed preplanning and complex government approvals, and long times-to-market. It’s security for a world where getting it right is paramount because getting it wrong means people dying.

The second paradigm comes from the fast-moving and heretofore largely benign world of software. In this paradigm, we have rapid prototyping, on-the-fly updates, and continual improvement. In this paradigm, new vulnerabilities are discovered all the time and security disasters regularly happen. Here, we stress survivability, recoverability, mitigation, adaptability, and muddling through. This is security for a world where getting it wrong is okay, as long as you can respond fast enough.

These two worlds are colliding. They’re colliding in our cars — literally — in our medical devices, our building control systems, our traffic control systems, and our voting machines. And although these paradigms are wildly different and largely incompatible, we need to figure out how to make them work together.

Facebook motto: move fast and break things.