1. 8
  1.  

  2. 5

    Federation partners are free to store copies of accounts and activity records from other servers, but in general they’re not allowed to create or update anything that “belongs” to another server. … Each fediverse server is operated by a different administrator, and may play by different rules. Servers can ban eachother, limit eachother’s federation based on arbitrary criteria, etc.

    This is why Mastodon etc. were a non-starter for me. First there’s the analysis-paralysis of deciding which of 1000 servers to make my home. Then once I pick one, I have to live with the whims of whoever runs it (including a bunch of really tiresome perma-drama about who bans who), and with the knowledge that the admin has superuser access to all my data. Who’s the admin? I have no idea. I could always move to another server, but if I do, I lose my address, followers, reputation…

    I’m done with the concept of “accounts”. The only way not to get sucked into the above morass, and to keep from being a second-class citizen, is to use cryptographic identities.

    But I think anything to do with media or publishing is still going to have to at least support the web browser

    Right, because no one ever installs client apps for anything. 🙄 Tell that to Apple, or Google. It’s been more than a decade since massively popular social networks like Instagram started to appear first as apps, with a website as an afterthought.

    We shouldn’t be complacent. If some piece of tech like the web browser is blocking progress, then work around it until it’s not necessary anymore. We did it with MS Windows.

    1. 3

      Who’s the admin? I have no idea

      Right, this would be a huge problem, but its not supposed to be like that!

      Fediverse software can also be operated by not just one person, but by a group or collective which has rules & accountability. The matrix server I use every day is like that. I’m both a regular user and have root access to the box / responsible for maintaining it. I can highly recommend this.

      Also, the admin can simply be a friend or an acquaintance that you meet & come to trust over some months or years of seeing what they talk about, how they think, what their attitudes towards these things are etc. That’s how I found the Mastodon server that I’m on. I don’t use mastodon much but again, highly recommended!!

      Right, because no one ever installs client apps for anything. 🙄 Tell that to Apple, or Google. It’s been more than a decade since massively popular social networks like Instagram started to appear first as apps, with a website as an afterthought.

      Good point. I hate apps like that though, apps that do away with URLs. From what I hear from my brother who lives in China, over half of the internet activity in China is all through non-browser client apps which have proprietary non-URL methods of sharing content, like QR codes and stuff. In my opinion this is a really really bad direction for the web to go in.

      So maybe I should change my writing; its not that I don’t think that people will use client apps, its that making a good client app that can bootstrap its own network effect and then eventually support browsers down the road is probably too hard unless you’re a big profit-motivated corp like the ones you mentioned. And also, I think it’s just kinda lame compared to good ole libre web technology that works on every client under the sun.

      Let me ask you this: Which peer-to-peer or independent publishing/media oriented app developed by grassroots floss devs has seen this massive popularity? IMO BitTorrent is the only one, and that’s more about file transfers than publishing anyways.

      1. 3

        I’m in favor of rules and accountability, but as someone shopping for a home it’s potentially a lot of work to inspect every potential server and decide if you like its practices, let alone if you trust that they’re describing them accurately.

        I’m both a regular user and have root access to the box / responsible for maintaining it.

        That gives you a lot of power over people without this access! Not just ordinary stuff like blocking/banning, but potentially to read private data and edit other people’s data. (Unless Matrix uses signing/encryption; but what I’m saying would definitely be true of Mastodon.)

        One problem with social media is that you know who the nice people are and you feel you can trust them … until drama breaks out and people’s limbic systems take over and they start making bad decisions. If some people involved in the drama are also sysops with root privs, the results could be quite nasty. Much nastier than in a traditional system where the sysops are somewhere outside the fray, and also know they can lose their jobs if they get caught messing with user data.

        I hate apps like that though, apps that do away with URLs

        You’re conflating URL with HTTP. Mobile apps heavily use URLs to interoperate; that’s how a lot of the Shortcuts app’s functionality works. They’re just often custom URL schemes.

        And also, I think it’s just kinda lame compared to good ole libre web technology that works on every client under the sun.

        That “libre” technology is largely produced by a bunch of non-libre folks like Apple and Google. (A feature that only works in Firefox isn’t going to get much traction with a mass audience.) And isn’t the original point here that we can’t have nice P2P protocols because the browser gods don’t give us access to them?

        Which peer-to-peer or independent publishing/media oriented app developed by grassroots floss devs has seen this massive popularity?

        Shrug. I’m not interested in massive popularity, I just want something good and secure that can spread virally. I’ve been working on it for about a year and I’m pretty much at alpha. (And it does actually work in a browser; it just runs a little local HTTP server. In a native app it wraps that in a web view.)

        1. 3

          That gives you a lot of power over people without this access!

          Yes, and in return we provide them with a valuable free service. It’s the same deal that Google and Facebook offer, but I believe that on a smaller scale like this, its a lot less of a toxic relationship. We mostly just want that power because we want a community that’s friendlier and comfier, where the people within the community have a say. Having custody of the data/systems within the community is the big motivator, but also things like being able to decide whether or not we want read receipts & typing indicators is quite nice.

          A friend told me a story about a homebrew email system that they used to use, operated by an acquaintance… It had a disclaimer at the top of the page saying

          “ Yes, because I operate this system, that means I can read all your email. Think of it this way, surgeons aren’t titillated by all of the naked people going under their knife every day. They become numb to it. I have indulged my voyeuristic impulses and rifled through my users emails in the past.. but to be honest they’re all so mundane and boring. Charlie signed up for an account on a car repair forum. Sam ordered dominoes. I have no interest in seeing what shoes you ordered on amazon. “

          TBH I’ve had experiences like that too, poking through our postgres DB, seeing all the rooms our users are in during spam incidents and while troubleshooting matrix bugs. Can confirm its pretty boring. Only notable thing is sometimes we find more anime porn / pedophilia oriented homeservers to de-federate from.

          If folks wanted to use a protocol/app that makes it totally impossible for admins to read the data & metadata (Cwtch for example) I would rather maintain that. But we have to meet folks where they are 🤷 Its hard enough to convince the average discord user that it’s worth it to try matrix instead, Cwtch would be an even-harder sell. Network effects do the damnedest things.

          the sysops are somewhere outside the fray, and also know they can lose their jobs if they get caught messing with user data.

          … Those sysops can also lose their jobs if they refuse to carry out the often-very-harmful whims of their executive overlords.

          Fedi / homebrew chat servers and social media are just a different kind of deal, an escape hatch of sorts. I suppose they don’t appeal to everyone, but i think they have a lot to offer and still have a lot of room to grow.

          Also, if you don’t want to trust someone else to run the server(s), you can always run your own and keep them to yourself! That’s the beauty of this kind of system, it provides people with the maximum amount of agency possible while also not gatekeeping initial participation behind running a server or installing a program.

          isn’t the original point here that we can’t have nice P2P protocols because the browser gods don’t give us access to them?

          I’d phrase it more like “ we can’t have nice P2P protocols (for hypermedia) because there are 100 of them already and there’s no way for one of them to “win” and become widely accepted. Everyone wants “theirs” to win and browsers aren’t likely to play kingmaker here”. It’s like the “14 competing standards” xkcd comic.

          I suppose it’s still possible that a protocol like IPFS or various layers on top of IPFS could eventually coalesce into a standard for p2p media, become the BitTorrent of hypermedia and apps. I was obsessed with finding the special sauce to create this for most of my young adult life, and I think I might have finally found it in the unlikeliest of places: thru proliferation of the availability and ease-of-use of homebrew HTTP servers that are dial-able over public internet IPv4.

          A palatable upgrade path from the centralized web of today to a potential more-distributed future. Remember how folks would always say “we win when it’s everywhere and the user doesn’t even know they’re using <insert-cool-new-p2p-thing-here> ?” By starting with browser compatibility, you start in the “user doesn’t even have to know” situation instead of having to hope & pray you eventually end up there.

          I have nothing against folks making an app/protocol to address 1 specific subculture or 1 specific need, but it’s not my bag personally. I wanna make something that everyone I know can interact with; young or old, deaf or blind, Google Play or F-Droid, root or guest.

          That “libre” technology is largely produced by a bunch of non-libre folks like Apple and Google.

          Unfortunately yes, that means a lot of people are going to use Google Chrome to access it. I don’t care / I see that as a separate issue. At least alternative more “free” browsers already exist and they are much easier to switch to and use compared to say, opting out of SaaS / centralized social media.

          1. 2

            Thanks for the thoughtful reply.

            I’d phrase it more like “ we can’t have nice P2P protocols (for hypermedia) because there are 100 of them already and there’s no way for one of them to “win” and become widely accepted. Everyone wants “theirs” to win and browsers aren’t likely to play kingmaker here”

            I agree, but this highlights how browser ubiquity is, in some ways, holding back progress. By anointing one specific network protocol (HTTP) the browser limits you to more-or-less one way of structuring an application: it’s loaded from a server and runs in your browser but stores all its data on that server. (Client side storage exists but is treated as an unimportant cache that the browser can delete whenever it wants.j

    2. 3

      The idea of “just putting a bunch of my friends together to run a compute cloud because it would be really funny” has been in my head for years and reading this puts me with a smile on my face to see that someone else also had something close!!

      For context, I am one half of LavaTech that tries to make that happen, providing compute and some public-ish services, but running Proxmox instances like there’s no tomorrow still leaves me with a sour taste that I’m using something not fit for the purpose I want, so the ideas being shown here resonate very strongly with me.

      Genuinely wishing you the best.

      1. 2

        It’s hard to combine the advantages of clustering and federation because of trust.

        Clusters with some level of mutual trust between nodes can be (but aren’t always) efficient because nodes can do work independently: adding a node takes work away from the rest of the cluster.

        Federations (as currently understood) can be efficient without trust between nodes because any given distributed object is owned by a single entity, which can work on it in peace without reference to anyone else.

        If we want a distributed system where objects aren’t owned by anyone in particular, we need some way to be confident that any work done follows the rules. The amount of work required to gain this confidence needs to be small. This is clearly pretty hard; it’s easy to imagine solutions accidentally also answering P=?NP, or solving CAP.

        One problem that seems intrinsic to any openly clustered platform is that any state of the system that is ever observed anywhere will be available in principle to everyone for all time. Advances in privacy may enable me to take actions on such a platform using a cryptographic identity without uninvolved parties being able to see what I’m doing, à la Monero’s blinding, but if I ever publish something and then try to reverse course, someone with sufficient resources can simply look at the world from the point of view of a node close to me at the moment I published it.

        As an aside, Bitcoin uses a dizzying amount of raw computing power to perform a distributed computing task whose non-distributed counterpart would be within reach of a single Raspberry Pi. That people persevere with it tells us many things, but I’m not sure that any of those things are about distributed computing.

        1. 2

          we need some way to be confident that any work done follows the rules.

          It’s simple: You only join a cluster with people you directly know and trust. You can be confident that any work done follows the rules, because you trust that your friends aren’t evil illuminati spies. Its not just a tech project, it’s a people project. I wrote a bit about that in my previous post.

          any state of the system that is ever observed anywhere will be available in principle to everyone for all time .. if I ever publish something and then try to reverse course, someone with sufficient resources can simply look at the world from the point of view of a node close to me at the moment I published it.

          Yep. This is called the Streisand Effect, its a property of the internet in general, not limited to theoretical clusters of friends Raspberry Pis. You can’t “delete” something that you posted on the internet once other people downloaded it.