Add more information about a server

[hoergen]

It would be nice to see (if available) in which country a public Friendica server is located. And that you can filter via country.

A lot people start looking where a server is located because of privacy concerns.

Every info should be optional.

Maybe we start to add, if a server is hosted in a cloud like AWS or similar. Don't know how to realize that, but maybe we add fields to the admin panel, where admin can add such information.

• hosted in : selectable (Germany, France, USA, Bulgaria, Finnland ...
• hosted in a cloud : selectable (AWS, Google, .... other)
• dedicated hardware / VM
• Friendica only server or shared with other services (Blogs, Websites, Wikis, Peertube, ....)
• Dedicated provider : freeform
• average load (free form or autodetect?)

Some more information could be possible like

• git installation
• docker installation
• tar installation
• RAM
• number of cores
• connectivity (100Mbit, 1GBit, home dsl connection
• services around (Backup daily/weekly/monthly/nobackup, fail2ban, jabber, matrix ...)

This would give the user some more information what he could "expect" AND it would give some more information about the performance of friendica in different environments.

For example this could give someone who wants to install a new Friendica server a little hint maybe not to choose a specific provider, or to choose hardware or VM or docker or or or.

To use all that information we add that to a filter and for example a detailed statistic page in our directory. or as filter?

What do you think?

Again, this all should be optional and additional there should be an extra switch, to publish that information to the directory server. Because some Admins maybe just want to document that on their own server, without publishing it.

What do you think about it?

[realkinetix]

Some of this is great - I think optional info for things like country would be good, and perhaps a few of the other items at the top of your list (cloud, hardware type, provider).

However, some of the rest of the info. suggested wouldn't be great to have Friendica pull itself as it presumes a single host node. From what I hear that's probably 100% of the nodes that are running currently, but as my node grows, I would like to spread it out over a few VMs - DB, worker, front-end, perhaps. Then, what do you do about metrics like load, RAM, cores, etc?

They'd of course all be fine with an on/off selector for that feature, but I kind of doubt a lot of that extra information is going to be useful to 95+% of the population.

[bkil]

I don't think there's much utility in most of the proposed attributes for end users for the following reasons:

1)

Your primary criteria for choosing an instance should be trust based on acquaintance, community and proximity.

1/a)

Both https://podupti.me and https://the-federation.info can already filter by country.

2)

From a user perspective, the only performance related qualities of a service that matters besides SLA is the expected latency of page load (and AJAX interactions) and federation delays (message latency back and forth). Metrics about these could be gathered, aggregated and visualized in a straightforward manner.

2/a)

The mentioned technical parameters also interact in various subtle, but chaotic ways that makes prediction based on them impossible. The underlying technical details shouldn't matter much and they can't really be interpreted independently anyway.

3)

However, from a geeky perspective and as a social experiment, I would also be curious to see such statistics being gathered in a structured way. Many instance operators already share similar information in an unstructured way on their about page.

3/a)

For this, I'm missing lots of extra details that could make a big difference. Let me share just a few.

Site security:

• server room supervised by armed guards and cameras
• under the bed, inside a home protected by a $10 lock pickable in a matter of seconds

Sustainability:

• Is anybody getting payed or is this just a hobby that may or may not last?
• do they accept donations
• capital expenditure & ongoing operating expenditure

Operational:

• Monitoring & alerting: is anybody being paged in the middle of the night to fix issues or are they only looking at it on weekdays after work when somebody reports an issue?
• at a rush hour, how many users are active per minute both logged in and total (median/max)?
• what is the average federation traffic volume like
• what are the other tenants doing from a networking, CPU or I/O perspective and how often are they doing that?
• are they using a staging server to test upgrades and configuration changes or are they risking downtime?

Isolation technology:

• none (root), userid on a process level, chroot
• User Mode Linux, OpenVZ
• LXC, Docker
• HVM
• KVM, Xen, VMware
• unaccelerated qemu, Bochs

Provisioning:

• bare metal
• containerization at home
• PaaS: at a (possibly free), shared, dynamic PHP website hosting provider
• IaaS: VPS or cloud nodes
• automatic failover or replacement on hardware events
• hot spares (multi-master or MySQL master/slave replication etc.)

Web stack:

• web server kind and performance tuning parameters (can make an orders of magnitude difference)
• version and tuning parameters of various other components like PHP, MySQL or the kernel
• locally installed caching reverse proxy
• external CDN

CPU resource allocation:

• best effort sharing
• burstable best effort
• statistically dedicated or half-dedicated vCPU
• dedicated-pinned CPU
• bare metal motherboard

CPU performance:

• kind
• cooling
• are architecture level mitigation enabled

Memory allocation:

• burstable
• RAM-based vswap
• zram/zcache
• disk swap HDD/SSD

Storage:

• HDD
• SSD-cached HDD
• SATA SSD, NVMe SSD
• RAID levels
• locally connected vs. SAN
• size

Network:

• burstable
• ingress/egress ratio
• domestic bandwidth & cap
• international bandwidth & cap

Power:

• how much is its power consumption
• is the power supply redundant
• do they have backup generators
• carbon offset

[hoergen]

It is okay if you have an opposite meaning,because it is all about taste and the freedom to share information or not. I think it is a bad decision to rely such features on other projects or on other places somewhere on the internet.

Just look at it, as someone who don't have such a deep inside knowledge.

PS: would be nice to not use unnecessary capital numbering. Thank you. #netiquette

[bkil]

These were supposed to be section headers, I did not capitalize them. Could you please clarify which point you would like improved?

I've mentioned in 3/a that I basically agree with you.

If you referred to 1/a, I think the said projects do a GeoIP lookup on the server's IP - no external knowledge needs to be maintained.

[hoergen]

Those information should be voluntarily. Such "automation" like GeoIP is not a good idea since we all try to avoid storing data, that doesn't need to be stored and collected by bots.

[bkil]

Well, that wasn't a proposal or idea on my part - these sites had been operating like that for years, if not decades.

If you operate a public facing server, you must be prepared that anyone will be capable of locating it (based on IP address, TTL, latency or tracepath measurement based triangulation or some other way) to sometimes down to street precision, or in case of better known or frequented server providers, down to a building level.

• https://en.wikipedia.org/wiki/Internet_geolocation

I don't think that compiling this information into a database and publishing it should be considered breaking the law. It sounds much less sketchy than collecting the colors of mailboxes on your street or wardriving:

• https://en.wikipedia.org/wiki/Wardriving#Legal_and_ethical_considerations.

Do note that such sites can potentially also collect:

• uptime: may correlate outages with your habits or where you live if you host from home
• version changes: whether your server is exploitable
• configuration mistakes related to your web stack setup that make it exploitable or leaking information
• response time: when are there rush hours at your place, correlating with your demographics
• I would be surprised if on small communities, it wouldn't even be possible to infer based on timing side channels the exact kind of queries that are running in parallel or some properties of the database content itself, though I doubt anyone would finance research to exploit this
• federation queue handling: depending on when a given monitoring server gets served and how fast, they could correlate information about what other servers you are federating with, following or blocking and how much potentially private content you share
• ...

So the bottom line is that privacy and going public are mutually exclusive.

[hoergen]

Please stop nerdsplaining and derailing the topic.. Thank you.