Making the Web 1000x Bigger

motives, means and some magic

Bjarni Rúnar Einarsson • pageKite.net

Introduction: Who am I?

In the past:
- A free-software activist!
- Sysadmin for one of Iceland's first ISPs
- Spam-fighter for FRISK Software (makers of F-Prot AV)
- Site reliability engineer for Google
Today:
- Still a free-software activist!
- Trying to go "pro" with pageKite.net

This is where I explain how to pronounce my name!

Motives
Why make the web bigger?

Is the web too small? Seriously?

The web is centralized, in the cloud
- Most devices are mere consumers - browsers
- Everything has to be "uploaded"
- 3rd party hosting is the norm

... so the power is centralized too
- Terms and Conditions
- Privacy Policies
- Censorship, DMCA, data retention laws, ...

When I imply that the web is too small, what I'm really getting at is that the vast majority of the devices connected to the Internet, participate in the WWW merely as consumers of data - publishing is centralized and generally takes place on 3rd party hardware.

This has certain fundamental implications for how we can use the web, both technical (we have to upload everything before sharing), and social, in the form of Terms and Conditions and of course Privacy Policies - which are barely ever read by anyone.

If anything, this trend is accelerating with the rise of SaaS, PaaS, "the cloud" and behomoths like Google and Facebook.

Who do we trust?

Who did we trust?

Geocities: Huge chunk of the early web, gone

Windows Live Spaces: Happening to today. What will happen to the URLs?

Blogetry: What happens when law enforcement confiscates your hosts servers because of something some other user did?

Facebook: Do we really trust these guys with our private information?

Who did I trust?

http://www.os.is/~bjarnie
http://www.hi.is/~bjarnie
http://www.mmedia.is/~bre

... nothing lasted until I bought my own domain
and started hosting my own stuff.
OMG: my blog turned 11 this summer.

Means
Can we all host our own sites?

Why don't most people host their sites today?

Once upon a time...

Web-servers were "high tech"
Servers were expensive and "high tech"
Desktops were insecure.
We ran out of IPs!

My radical argument: only 4. is a major issue today

Supporting my radical argument...

HTTP servers are standard components today. They are built into routers, Apache ships with Mac OS X, there's an HTTP server class in the standard Python distribution. And so on. Personal devices already have HTTP servers built in, they just aren't very useful!

Today's desktops are vastly more powerful than the servers of the 90s. In fact, many of us carry cell phones that can compute circles around those old hunks of iron. A similar argument can be made about bandwidth: as I write this Slashdot featured news of experimental 800Mbps DSL. In a decade even our phones will be online all the time, with connections faster than we use for browsing today.

Regarding security: firewalls are standard, automatic updates and patching are rapidly becoming standard as well. In 2010, opening up a dedicated port for a carefully configured web-server is no worse on a desktop or mobile phone than it is on a cloud-hosted server.

So what really remains, is the problem of public, routable IP-addresses. We don't have enough of them, and the situation is going to get worse before it gets better.

Enabling web-servers everywhere

With web-servers everywhere, how do we make them reachable without more IP addresses?

Protocol-layer routing: tunnels and reverse proxies
... existing solutions:
- {Squid,Apache,lighttpd,Varnish} & {ssh tunnel,ssltunnel,VPNs}
- Tor hidden services & www.tor2web.com
- Opera Unite
- pagekite.py & pageKite.net - that's me
IPv6?

Diagram: traditional web-hosting

Diagram: reverse proxied

pagekite.py

Introducing pagekite.py

pagekite.py implements a tunneled reverse web proxy.

General features ...
- Open source / free software - AGPL license
- Designed to be easy to use and deploy
- Is an HTTP and HTTPS reverse proxy
- Protocol-agnostic tunneling:
  - Tunnels through firewalls and NAT (outgoing TCP)
  - Uses adaptive compression (zlib)
- Implements both ends: front & back
- Built-in HTTP server for diagnostics

pagekite.py: the front-end

pagekite.py implements a tunneled reverse web proxy.

Front-end operation ...
- Runs somewhere with a public IP - in the cloud
- Forwards incoming requests down a tunnel
- Sends outgoing replies back to the browser
- Listens for incoming:
  - HTTP: Tunnel determined by HTTP Host header
  - HTTPS: Tunnel determined by SNI extension
  - PageKite: Creates new tunnels

Front-end: Choosing an HTTP tunnel

laptop $ nc -l localhost 8000
GET / HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.10 (maverick) Firefox/3.6.12
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

This information is usually in the first packet sent by the web-browser, allowing pagekite.py to choose the right back-end tunnel right away.

Front-end: Choosing an HTTPS tunnel

laptop $ nc -l localhost 8443 |hexdump -c
0000000 026 003 001  \0 235 001  \0  \0 231 003 001   L   �   � 224   L
0000010   ] 225   �   �   j   z   ) 035   �   , 033   �   a 036   4  \v
0000020 206   � 024   !   �   �   �   �   � 224 022  \0  \0   H  \0   �
0000030   �  \n   � 024  \0 210  \0 207  \0   8   � 017   � 005  \0 204
0000040  \0   5  \0   9   �  \a   �  \t   � 021   � 023  \0   E  \0   D
0000050  \0   3  \0   2   �  \f   � 016   � 002   � 004  \0 226  \0   A
0000060  \0 004  \0 005  \0   /   �  \b   � 022  \0 026  \0 023   �  \r
0000070   � 003   �   �  \0  \n 001  \0  \0   (  \0  \0  \0 016  \0  \f
0000080  \0  \0  \t   l   o   c   a   l   h   o   s   t  \0  \n  \0  \b
0000090  \0 006  \0 027  \0 030  \0 031  \0  \v  \0 002 001  \0  \0   #

SNI (Server Name Indication) is a TLS extension that lets pagekite.py choose a back-end tunnel for HTTPS!

The bad news: Windows XP doesn't do SNI, so most XP browsers fail.

pagekite.py: the back-end

pagekite.py implements a tunneled reverse web proxy.

Back-end operation:
- Runs anywhere with Internet (NAT: no problem)
- Proxies requests from tunnel to local server
- Maintains tunnels for chosen protocols/names
- Handles dynamic DNS updates as tunnels move around
- Selects front-ends (static or based on ping-times)
- Can connect through Tor, for paranoid publishing

A trivial example

This is one way to make a web-server on localhost (ports 8000 and 8443) visible as http://bar.foo.net/ ...

foo.net $ sudo pagekite.py --runas=nobody \
 --isfrontend --ports=80,443 \
 --backend=http,https:*.foo.net:::s3cr37

laptop $ pagekite.py \
 --frontend=foo.net:443 \
 --backend=http:bar.foo.net:localhost:8000:s3cr37 \
 --backend=https:bar.foo.net:localhost:8443:s3cr37

pagekite.py wishlist

New project, lots of things on the wishlist!

Front-end ...
- More protocols: XMPP, SMTP, raw ports...?
- Bandwidth shaping / load-balancing
- Encrypted tunneling
- TLS/SSL enhancements: middle-man, timing "hack"
- High-performance rewrite in C or C++
Back-end ...
- A built-in HTTP server for basic web-publishing
- Native versions for Android, iOS, Windows, ...
- uPNP support, for front-end-less operation

pageKite.net

A managed pageKite front-end service.

Features ...
- Self-service website: get a DNS name, software and config file
- ... or use a domain you already own
- Optimized for speed:
  - Front-ends in multiple locations (4 today)
  - HTTP static content cache
- Dynamic DNS service
- Configurable "answering machine" (coming soon)
- Usage statistics (coming soon)
Free until July!

Using pageKite.net

Another example, this time using the pageKite.net managed front-end service and enabling the HTTP user interface ...

laptop $ pagekite.py \
 --defaults \
 --httpd=localhost:9999 \
 --backend=http:bar.foo.net:localhost:8000:s3cr37 \
 --backend=https:bar.foo.net:localhost:8443:s3cr37

Magic!

A demo, I hope

[ My home server | In my pocket | pageKite.net ] x

Share files, without uploading

>1TB online storage, cheap

New markets for web developers

unlimited server CPU
unlimited storage
user proximity
desktop integration
peripherals!

Small businesses

printer + webcam + chat = truly online shops!

Gaming

stream video: friends watch you play, live
decentralized multiplayer games

tel: 00 354 012 3456

tel: myphone.bre.klaki.net

OpenID server in your pocket?

Decentralization, independence, privacy

Thank you!

Questions?

Links:

Code, company: pageKite.net
Slides: pagekite.net/slides/codebits2010/
Github: github.com/pagekite/PyPagekite

Making the Web 1000x Bigger

Bjarni Rúnar Einarsson @ pageKite.net • Codebits 2010

Making the Web 1000x Bigger

motives, means and some magic

Bjarni Rúnar Einarsson • pageKite.net

Introduction: Who am I?

MotivesWhy make the web bigger?

Is the web too small? Seriously?

Who do we trust?

Who did we trust?

Who did I trust?

MeansCan we all host our own sites?

Why don't most people host their sites today?

Enabling web-servers everywhere

Diagram: traditional web-hosting

Diagram: reverse proxied

pagekite.py

Introducing pagekite.py

pagekite.py: the front-end

Front-end: Choosing an HTTP tunnel

Front-end: Choosing an HTTPS tunnel

pagekite.py: the back-end

A trivial example

pagekite.py wishlist

pageKite.net

pageKite.net

Using pageKite.net

Magic!

A demo, I hope

Share files, without uploading >1TB online storage, cheap

New markets for web developers unlimited server CPU unlimited storage user proximity desktop integration peripherals!

Small businesses printer + webcam + chat = truly online shops!

Gaming stream video: friends watch you play, live decentralized multiplayer games

tel: 00 354 012 3456 tel: myphone.bre.klaki.net OpenID server in your pocket?

Decentralization, independence, privacy

Thank you!

Motives
Why make the web bigger?

Means
Can we all host our own sites?

Share files, without uploading

>1TB online storage, cheap

New markets for web developers

unlimited server CPU
unlimited storage
user proximity
desktop integration
peripherals!

Small businesses

printer + webcam + chat = truly online shops!

Gaming

stream video: friends watch you play, live
decentralized multiplayer games

tel: 00 354 012 3456

tel: myphone.bre.klaki.net

OpenID server in your pocket?