Search Mailing List Archives
[liberationtech] per-cloud or How to get something ready for folks to use really quick
companys at stanford.edu
Tue Oct 15 09:16:15 PDT 2013
Message appears to have gotten caught in the Liberationtech filter, so
re-sending on behalf of poster...
---------- Forwarded message ----------
From: carlo von lynX <lynX at time.to.get.psyced.org>
Date: Tue, Oct 15, 2013 at 6:40 AM
Subject: [liberationtech] per-cloud or How to get something ready for
folks to use really quick
To: liberationtech <liberationtech at mailman.stanford.edu>
Moritz is right, mentioning the same project 8 times is a bit much,
but I can understand that it's annoying if noone bothers to tell
you what they are thinking about it. You need some decent feedback.
On Tue, Oct 08, 2013 at 01:07:20AM +0200, M. Fioretti wrote:
> EXECUTIVE SUMMARY:
> 1) I think mine is the ONLY short-term, feasible way to get the masses
> of average Internet users OUT of walled gardens while still working
> and "feeling" as a real and easy to use cloud service, while being
> a p2p federation of individually owned and used clouds, completely
> compatible with the rest of the current Internet
I know a short-termer way to do it, requiring a lot less work than
what I see on your roadmap. Also I see bumps in the road of your
roadmap which aren't easy and short-term to solve - or somebody else
would have done it already.
> 2) I will ONLY be able to work on it if I get enough funding, so
> please contribute if you can, and in any case please spread the word
> as much as possible!
Other projects are a lot further ahead than yours, so I don't think
there is such a necessity in doing what you would like to do. I'll
elaborate on the road bumps so you don't feel like I'm making this up.
write down a complete, CLEAR definition of the system, including:
which functions it can/must realistically provide (email + blog +
online storage and bookmarking, social networking )
E-Mail: use Pond, RetroShare or Briar over Tor
Blog: use Tahoe-LAFS, Freenet, RetroShare channels,
Tor Hosting, I2P or whatever P2P tech I forgot
Storage: use Tahoe, Freenet, I2P or some ownCloud-app
over Tor. Maybe a private RetroShare channel works, too.
Best if you write a dedicated plug-in for the job.
Social Bookmarking: depends on Social Networking
Social Networking: This one is currently not solved for
the reasons I detailed in http://secushare.org/pubsub
but the opportunistic broadcast features of apps like
RetroShare allow you to do some little things without
resorting to Faceboogle.
which existing Free Software components should be used
(e.g Postfix+IMAP+Mailpile for email, apache or nginx +
PHP for Web frontends, Semantic Scuttle for bookmarking,
pump.io for social networking) )
E-Mail is broken, there is no way you can make it privacy-
compatible. We had a discussion on >10 reasons not to use
it in this list. Web frontends: All apps that need them
already have them, no? Semantic Scuttle sounds like something
that could make up a fine RetroShare plugin so it actually
respects privacy. pump.io doesn't have an elaborate distribution
strategy, so it only works as long as you don't follow any VIP
or become a VIP yourself - so don't expect it to perform better
than.. uh.. RetroShare. Of course pump.io would have to run behind
Tor for minimum privacy.
how to integrate those components, that is how to package
them and distribute it
That would be useful work. But first you have to get to know
all the software that can actually do the job.
how to implement federation/social networking, with pump.io
or similar open standards, to make things like these possible:
Federation is evil, see http://my.pages.de/dsn-vn/ - unless you do
it with home devices over Tor hidden services, cutting out the DNS
and X.509 dependencies in the process. Open standards for things
that do not work yet are evil, too. There are no open standards
that handle THE threat model and scalability challenge we are
talking about. Get over it.
Joe's percloud user panel shows when Mary mentions Johns in
her user panel, which is running autonomously on another server
That is the distribution problem I was alluding at... here and in
the pubsub document. This will only work for small social groups
with no VIPs involved. Any opportunistic distribution scheme will
in that scenario be okay, so you can also use RetroShare or Briar.
describe how to maintain the software bundle when updates or
bug fixes are released for any of its components
Deterministic build procedure and multiply signed distribution.
Debian folks are working on this. You can also use one of the
tools for its own distribution, like RetroShare with its binary
build channels. Users can choose which channel to use and thus
which author to trust. Not good enough, but better than HTTP(S)
Yes you are right that this work needs to be done. If you are
willing to give up on DNS/X.509 based systems and ready to make
one that at worst depends on a DHT (like Tor), then I suggest
openITP should give you some money to stir up an almost-do-all
package. IMHO right now the best bet at getting something up and
running really quick would be to make a RetroShare + Tor package.
In that case you would turn off RS's DHT and only use Tor's,
thus cutting out the reason why some people perceive RetroShare
as "slow" and resource hungry.
I would also mention other projects but none are as far ahead as
RS - still RS doesn't handle THE threat model, so a little effort in
getting RetroShare to run over Tor by default is necessary.
RS over Tor would provide for:
- instant messaging and email replacement
- group chat and discussion forums
- blog-like channels
- file exchange
- rudimentary telephony
Storage, social bookmarking and other social interaction could be
done as a plug-in later. Just accept that it only scales for small
In order to have such a tool that replaces Faceboogle for most of
our daily needs there must be investment in:
- peer reviewing all that stuff
- having UX geniuses put their hands on it
- wrapping it up for distribution
That makes three jobs to be done to have a quick and dirty tool to
get people out of the cloud and federation danger zones, and only UX
involves a bit of extra coding. Using Tor has the advantage that it
is also useful for surfing the privacy-unfriendly web.
I am not involved with RS and haven't even met its coders.
I hope my own tool will be better someday, but since you asked about
something that we can do here and now, this I see as the most
Another viable coupling could possibly be Briar + I2P.
That would be an all-Java line-up with a lot of tools running
on I2P and a solid messaging system coming from Briar. I don't
know how serious the security criticism about I2P is, so this
combination, too, needs review. I also remember I2P being
terribly slow for file exchange. The fact that Tor has a server-
based relay infrastructure makes quite a difference.
I also see psyced + Tor as an interesting battle horse with
forward compatibility to secushare, so people can start developing
social apps on top of PSYC without having to wait for secushare
to be ready. But that's just my perspective. I am not neutral
about PSYC. ;-) I do think I am fair and neutral about the rest
because I'm not here for the power and glory but for the basic
civil right to secrecy of correspondence (including the new right
of secrecy of its transaction data) which I am afraid will never
be achieved with DNS, X.509, SMTP and XMPP.
More information about the liberationtech