Week 3: Tech vs Regulation

Week 3

Tech vs Regulation

A lot of my questions have been developing around internet ethics and what are strategy decisions - from regulators or private companies - and technical limitations. I did not realize how much of what’s possible is almost entirely up to regulation, physical control of server location, App Store locations and internal checks and balances.

Reece Rogers TikTok Is Now Collecting Even More Data About Its Users. Here Are the 3 Biggest ChangesReece Rogers TikTok Is Now Collecting Even More Data About Its Users. Here Are the 3 Biggest Changes

Something interesting to understand would be exactly where the tension is between regulation and physical location. Where location is pulled from will depend on the apps architecture and the update upload pipeline created by the App Store.

  • Having an EU registered device and App Store linked to EU billing, certain features or updates aren’t available for my region;
  • Privacy policy for TikTok is set as Canadian soil because I signed up on Canadian soil;
  • Same privacy policy says that I’m subject to the privacy policy of the country I’m using the app from, yet it doesn’t make the US privacy policy available to me as user.
  • Finally, I’m barred from accessing a number of services and apps (from very trivial ones to others like Venmo) unless I switch my devices’ region

What I’m realizing is that this really has nothing to do with technicals, but everything to do with how carefully privacy laws are written, which likely does not include cross nation litigation to cover the kind of global movement we see today. Borders seem to be very much in effect and any movement of data or people is all a product of cooperation. It would be worth understanding what can be done in this space and more on the politics of software.

Resource → Electronic Privacy Information Center (Washington-based nonprofit)

Virtual Private Server

Created with Ubuntu OS (Q: how does it relate to Linux? How many are shared commands?), and installed ufw firewall - which means I need to remember to enable certain ports if I want to run multiple servers off of it other than on port 8080 and 8081, blocking incoming traffic other than on certain ports, net-tools, ifconfig (state of network interfaces), SSH key authentication only. To know

image
  • Port 8081, typically used by the p5.serialserver
  • Package installations are done like so sudo apt install nodejs
  • Shutdown via sudo poweroff or logout and leave it running with logout
    • When I quit the terminal session with ^C, it’s the same as logout is done (Q: is it?). The differences might become more material when there are multiple users or perhaps multiple instances of the terminal accessed from the same local machine.
  • SSH = Secure Shell = Communication Protocol

Rabbit hole of questions semi solved through writing

I don’t want to have to check the droplet’s IP address every time (or else, how do usually devs do it?) so options are:

  • SSH config alias - local only, like a keyboard replacement shortcut.
  • Replacing hostname with an actual machine name as such ssh username@myserver.local or ssh username@myserver.com
    • Off topic Q: Does this provide any insight on how email is architecture? Is each individual inbox a server…? Or more like 1 shared server with database tables?

(Resolved) What I’m not fully getting is why the hostname setup with DigitalOcean isn’t valid to SSH into the server as well and therefore, extra steps are necessary. Likely it makes sense because the hostname from DigitalOcean is only revealed to our local computer once I’m granted access to the server. Since we haven’t yet registered a domain name and created a CDN (?) DNS record for it.

CDN (Content Delivery Network) = Fast delivery network; copies our data to other/more servers worldwide for faster access - instead of for example, just being on NY 2 Datacenter.

(Resolved) I’m recalling some trouble around this when I was setting up a Raspberry Pi and changed networks from home to Sandbox, but can’t pin point exactly what the conditions were since now it makes perfect sense to me why the droplet has a hostname on virtual machine side, but it won't resolve unless DNS (Domain Name System = Internet's phone book) is set up.

Perhaps it was because ssh username@myserver.local is local to the network itself and not my local machine? Bingo.

But I still can’t set this kind of access up for a virtual machine. Raspberry Pi wasn’t a virtual machine - it was just another machine, first with a wired connection and then on the same network as my local machine.

(Unresolved) I suppose this puts into perspective what we mean when we say local machine. Seems like it’s always relative - but is it about physical location and any machine being used to access another is always called the local one? Or is it about being on different networks?

  1. In my previous example, referring to my MacBook as the local machine makes little sense in the context of a Raspberry Pi wired or with wireless access to internet on the same network. From the network’s perspective, both are local and mDNS is available to create custom hostnames.
    1. But if I’m accessing that same RaspberryPi from my Macbook, then would professionals in the field refer to the Macbook as the local machine as well?
  2. (Resolved) When it’s Macbook versus DigitalOcean droplet / server, then indeed the Macbook would be my local machine because it’s on my local network (local as in, the access point (router) with most proximity to me physically) BUT also in relation to the droplet which is accessible on the internet and on a different network (Q). Therefore no .local addresses through multicast DNS. Because there’s something “better” ….. just regular DNS.
    1. Side unresolved question: This brings up the question of what do we call intersections of networks - perhaps there’s no need and we’re simply making a request to a separate entity and that’s that.

      2. But… in a world where my home internet provider and the NY Datacenter 2 are the same, and presumably have routers/nodes within range of each other, what would be keeping us from being on the same network? Would it just be corporate decision making to have separation of concerns, access limitations and nothing technical?

Conclusion

Not wanting to check (or memorize) the VPS’s IP address every time is precisely the problem that led to the creation of domain names. So the only way for me not to have to copy the IP address everytime is to get a domain name or set up a silly alias.

On domain names for static sites and server side sites

This is timely as the most expensive domain purchase just took place for ai.com.

(Resolved) So when we’re paying for domain names, is it because domain name companies have scanned the internet to find all interesting unregistered domains, then proceeded to register them with Cann themselves and only giving up their registration details (or whatever iCann holds) in exchange for money (also known as making a sale)? YES.

(Resolved) It’s not a sale, it’s rental. Domain Name company still has control over domain registration - they just point an IP address that you provide them with to your chosen domain temporarily. & iCann doesn’t hold actually anything 😭

Or is it because domain name companies bundle it up with other services (like CDN and serving your client only files) and with some marketing sparkle, they package it up for the non-technical folks? YES. depends on the company and what’s their positioning in the market.

Hosting SPAs vs databases

Why does anything with a database/server side fetching cost money to host but client-side only / Single Page Applications / static sites files can be served at presumably no cost?

My single page application hosted with Vercel, domain name 10$/year, free otherwise has files around 1.5GB, with a max of 100mb each.

For another site, I have an PostgreSQL database hosted on Heroku, that I pay 12$/month for but that has ~300mb worth in files.

If all computing is physical, then what kind of services explain this kind of difference - beyond how pricing is structured and that the server side files are more… protected?

Some answers might be in setting up encryption, security, backups, logs ect. Apart from perhaps encryption, aren’t all these things already available as packages for free? Is it just that people don’t want to set them up or is there anything else that I’m missing?

image

Eg. it was easy&free for me to register trial.space as a domain but there’s additional setup

image
image

Learning about networks has shaken up has brought up questions on limitations I’ve experienced over the past 2+ years of learning to code - since I built my computing mental map from the industry, policy and library side, I’m trying to connect with the other technical side and realize a lot of decisions have a product foundation. I’m on my way to the slope of enlightenment…

image

Resources

Networks at ITP Setting Up a Firewall on a Linux DeviceNetworks at ITP Setting Up a Firewall on a Linux Device

Networks at ITP Setting Up a Virtual HostNetworks at ITP Setting Up a Virtual Host

For an upcoming rabbit hole,

Look at open source vector embeddings or DIY options vs Digital Ocean’s offering.

image