[echochar]

Many times I see commenters on HN making statements to the effect of "users cannot run their own servers" and spurring a "debate" in the context of someone trying to innovate away from the current asymmetric, client-server, "calf-cow" internet.

I saw one such commment earlier today.

Thought experiment:

What about exploits like this one, among so many others over the years, in Microsft Windows?

In many cases it sure looks like the user is "running a server".

There is a port open and listening, waiting for connections. And some remote client can connect and issue commands.

[digi_owl]

> Many times I see commenters on HN making statements to the effect of "users cannot run their own servers" and spurring a "debate" in the context of someone trying to innovate away from the current asymmetric, client-server, "calf-cow" internet.

What that is about is that most consumer level internet connections do not have a fix IP address. Thus you can't (easily) aim a DNS reference at it etc.

[echochar]

Understood. However try to reconcile this with the thought experiment I gave above. You would be saying that these Windows exploits would not work because users have IP addresses that are changing too frequently. Is it possible that _in practice_ many "dynamic" IP addresses are actually quite static (i.e., remaining the same for months or longer)? In _theory_ they could change by the day or week.

[digi_owl]

Well most attacks just use such a "server" for the initial attack, afterwards they set up something that make outbound connections to a "command center" or similar.

[echochar]

Yes. But the server capability is always there. It can be launched again any time the attacker needs it.

[digi_owl]

In technical terms any computer can be a server. Just look at the BBSs that was run out of C64s and similar back in the day.

But a server that can't be reliably reached is a useless server.

And the BBSs worked back in the day because dialing the same number days, weeks, even months inbetween would lead you to the same BBS if the computer was still running.

A domestic internet connection is simply not reliable enough for that. Yes, if nothing happens electrically at either the customer or ISP end the IP will remain for some time. But have a power failure and it is likely that the IP will be reassigned. And that random aspect, that sometimes you can retain the address for months, and other times get it changed within hours, do not help.

[echochar]

I agree firewalls and NAT are a nuisance, and today's internet is not one iota as cool as the BBS days. The nuisances introduced by "ISPs" have hindered but in the long run have not stopped reliable peer to peer internet. I will not name the commonly known examples lest it divert the conversation.

There are a variety of workarounds for dealing with firewalls and NAT, and after years of using them "experimentally", I can attest that they work reliably, at least for me. Some of them are well-known, some of them are commonly used, others are not.

If IP addresses assigned to so-called "reliably reached" servers were as static as you imply in practice, there would be little need for a mechanism like DNS. (And I'm not saying there is, just pointing out that there are a lot of folks who believe IP addresses must be able to change without notice.)

In my experience, domestic internet connections with "dynamic" IP addresses are "reliable enough" to do some "useful" things besides simply partaking in the "calf-cow" web.