[TimeBearingDown]

Had me until the end. I haven’t seen the friction? Let’s Encrypt and web 1.0 still work and domains are cheap. OpenBSD’s httpd is great for this job. You’ll exclude less people if you don’t require any features. You can still give your site out on big platforms or use a QR code. Users of open social networks can directly transfer value now, with KYC at the on and off-ramps. Telegram was closest to implementing it into a very large and permissive network with open clients, albeit centralized and closed servers, though we’ll see how Durov’s French situation develops now.

[superkuh]

Try sending a link at your obscure dot com domain to a large group chat. Now try hosting the same material on a well known corporation's website. I'm certain that a lot more people are going to be visiting the corporate hosted URL. Why? Perceived security. People are terrified of personal websites because of the reasoning I gave above. Automatic powerful javascript execution has killed casual web surfing. Now opening a website URL is like running an application rather than reading a document.

As for the friction on the hosting side, the problem mostly has to due with keeping websites up, not setting them up. The short lifespan and fragility of the required CA TLS means any HTTPS only (because JS auto-exec) site will only survive for a few years without active human mantainence. Weather the acme(2) tool breaks, an LE root cert expires (like what happened this summer), acme version depreceates, host OS openssl version doesn't have cross support for required modern cyphers, or something in the 90 day cert lease cycle just breaks because it's so complex with so many things moving. CA TLS sites die. HTTP sites can last forever without being touched. HTTP+HTTPS should be the way, but with the security required for an auto-executing JS browser no one wants to risk HTTP. I've literally had people balk at loading a http://example.com/image.jpg because it was HTTP. The fear is not rationally evaluated on a case by case basis, it's just all security all the time no matter what habit now.

[AnthonyMouse]

> Let’s Encrypt and web 1.0 still work and domains are cheap.

First the newest version of the protocol stops supporting something. Then, over time, most things switch to the new version, and the old version becomes unsupported.

It's a notable change when the new version doesn't support something that the old one does, because that thing is probably going away.

Let's Encrypt solves a lot of this but not all of it. In particular, it makes it harder for people to screw around starting out because you can't even send the link to your mom until you buy a domain and learn how DNS and Let's Encrypt work etc.

> You can still give your site out on big platforms or use a QR code.

The big platforms don't like to encourage their competitors. Links to off-site content are not likely to be promoted by algorithms.

QR codes imply that you already have access to a large existing network of people in meatspace, which has never been true for most people.

> Users of open social networks can directly transfer value now, with KYC at the on and off-ramps.

How does that work? The internet is global but anyone without a first world bank account is stuffed. Even when everyone is in the US they can't send even trivial amounts of money to each other without an incompetent/predatory corporation acting as an intermediary.

Meanwhile the theory also doesn't work, because "KYC at the on and off-ramps" is pretty meaningless for any system popular enough for its internal credits to be a de facto currency. But KYC has never really worked anyway. It has, however, caused a lot of trouble for innocent people who just want to be able to transfer small amounts of money for ordinary purchases without being subject to warrantless mass surveillance and the caprice of infuriating bureaucracies.

These are real problems that deserve to be solved rather than dismissed.

[Dylan16807]

> Let's Encrypt solves a lot of this but not all of it. In particular, it makes it harder for people to screw around starting out because you can't even send the link to your mom until you buy a domain and learn how DNS and Let's Encrypt work etc.

Were you ever going to send a link to a bare IP address to your mom?

You can get a free subdomain and programs will automate the certificates as they serve off your desktop. The hardest part of self-hosting is often doing the port forwarding.

[AnthonyMouse]

> Were you ever going to send a link to a bare IP address to your mom?

When you're in the same house and it's the local IP of your machine? Sure. You could also use the local machine name via mDNS, often with no additional configuration.

[Dylan16807]

If it's in the same house you can turn off the warnings. Though wait, aren't the warnings already disabled for local IPs?

[AnthonyMouse]

That's assuming you can (and know how to) turn off the warnings.

And many browsers do warn for self-signed certificates even on local IPs. They may not warn for unencrypted connections -- which is a weird choice given that TLS with a self-signed certificate is still more secure (e.g. against passive eavesdroppers) than unencrypted HTTP -- but HTTP/3 doesn't support unencrypted connections or self-signed certificates.

[Dylan16807]

My argument is just that you can still screw around easily. I'm not worried about HTTP/1 going away soon.