Re: [Freedombox-discuss] Friendika
This is excellent. Nice work! On Wed, 13 Jul 2011 14:27:29 +0100, Keith Fernie m...@keithfernie.co.uk wrote: A slow Friendika (not Zot!) running on a Dreamplug can be tried out here http://friendika.freedombox.me.uk With Debian Squeeze Pagekite. Also running with Nginx instead of Apache. On Wed, 13 Jul 2011 10:40:36 +0100, Keith Fernie m...@keithfernie.co.uk wrote: I've been trying it out this week, using the github version. Still exploring it. On Wed, 13 Jul 2011 10:23:30 +0100, Christian Bauer christian.ba...@gmail.com wrote: On Jul 13, 2011, at 9:17 , James Vasile wrote: This looks like an interesting approach. Has anybody used it/hacked it/loved it/hated it? Is this something you want to see in the FreedomBox? http://project.friendika.com/ There are many other projects like it and a W3C incubator for standardization of federation protocols: http://www.w3.org/2005/Incubator/federatedsocialweb/wiki/Platforms http://www.w3.org/2005/Incubator/federatedsocialweb/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] Friendika
On 13 July 2011 13:09, Mike Macgirvin m...@macgirvin.com wrote: This looks like an interesting approach. Has anybody used it/hacked it/loved it/hated it? Is this something you want to see in the FreedomBox? http://project.friendika.com/ There are many other projects like it and a W3C incubator for standardization of federation protocols: http://www.w3.org/2005/Incubator/federatedsocialweb/wiki/Platforms http://www.w3.org/2005/Incubator/federatedsocialweb/ I wrote Friendika initially so I'm a bit biased. Thanks for taking the time to write! :) The W3C incubator is completely dominated by OStatus and a couple of people clamouring for WebID. OStatus has no privacy (really, none) and the major players are only beginning to discuss this shortcoming. WebID is an SSL infrastructure - which solves privacy issues at a cost of everybody being accountable to an SSL signing authority. There are other lesser technical issues, but this is the elephant in the room. OStatus is a pretty good tech, one of the first to provide a reasonably comprehensive suite. Hopefully many more will follow, the idea is to ineroperate, IF the tech shows signs of interop/ Some of the best architects of the Web are supporters of WebID, inc. the person who invented it. You are welcome to chase the W3C, but it will be a long time before you see anything that provides secure communication, and when you do - you will know that it was designed by committee. Might as well just use SMTP and be done with it. What's the rationale for this? Why not just encrypt with your public key, and the recipient dycrypts with theirs. Or have a shared secret? Im a grass roots developer and have been a W3C skeptic. But having spent the last few years looking at what they've actually been doing, I cant help but be impressed. W3C is around to make sure everyone plays fairly, and everyone gets a say. OStatus are there because they have made an effort and have implementations. Zot can be too. Facebook recently joined the W3C, too and google have been a member for a while. Diaspora has gone it alone and developed their own privacy layer - as have we. We're currently developing a second generation private messaging and remote access protocol (called Zot!) drawing from our real world experience with cross-network communications. It is public domain. I don't believe for a minute that Friendika will solve the Fredombox's unique requirements, especially since we are somewhat tied to existing infrastructure at the network layers. However our technology is open to all and we believe strongly in many Freedombox concepts - privacy, security, decentralisation. You may find something within the project that you can use. As I follow these discussions, I'll be sure to speak up if we already have a solution to a problem you're facing, or especially if we chose a different solution than you because we got bitten in the butt trying it your way. The more implementations we have the better. The key is to allow interop, with others that have the same goals. ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] talk at meeting for members of EU parliament
On Wed, 2011-07-13 at 13:00 +0200, Jonas Smedegaard wrote: EPFSUG is a grassroots organisation to promote Free Software at the EU parliament. EPFSUG has invitet me to give a talk on FreedomBox: http://epfsug.eu/content/epfsug-invites-freedombox Hi Jonas, very good that you're extending the reach to the MEP! Thanks for coordinating this. I have noticed from experience that the invitations work better if they start with the object of the event in the first line. I would write Dear friends and colleagues I invite you to a presentation of FreedomBox, a new generation of software-powered devices to enable private communications between citizens around the world. Hopefully you'll have the attention there and you can extend the concept in the next paragraph. You can use the Disco and Atomic War movie if you think that they will remember it and mentioning it will resonate with their brain. I use something along the lines of: Think of all the people who don't have the luxury of freedom of speech and all the dissidents whose list of friends is the best way for a government to shut down a revolution before it even starts. The FreedomBox will be an *easy to use* tool that allows citizens to be safe online. In the final paragraph you can sum it up: I would be honored to have you as guest during a brief presentation of the FreedomBox and the free software packaged in it to improve privacy online and avoid censorship. Further we'll again have a hands on session for learning how to protect our privacy with free software both on our personal computers and office laptops. I am convinced it will be a fruitful learning experience. I would avoind putting any links in the message because they tend to be distracting and send your reader away from your text. Keep the eyes of the reader on the first line (the hook), hope she goes to the second (the 'why you should care' explanation) and keeps reading the final paragraph (the 'action': signup for the event). You can put the link to your website with more information and links to freedomboxfoundation site at the end of the message. Hope it makes sense /stef ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] Friendika
I'm not an expert, but I'm worried about how many federated social alternatives are being developed, in many cases without tackling the underlying problems. We have protocols for our needs, we just have to integrate them, because each one is good for different needs. We have http for asynchronous communications with ostatus (microbloging/status), webdav (file sharing), groupdav (events and tasks) and html for posts, We have xmpp for synchronous communications (including audio and video) and collaboration. E- mail should be supported for a complete user experience. The servers are already implemented and they are already federated services. It's a matter of introducing some abstraction on top of them (akonadi already integrates almost all this kind of services) and integrating user management, permissions, etc., and build the web interface on top of that abstraction. But I could still use all my normal clients (Kopete, Choqok, Dolphin, Kontact) which is something very important for my. If we change the underlying protocols, what will happen with all this software? Will developers bother to adapt their applications to the new definitive protocol before fixing the working protocols? Are we willing to render all this great applications useless? WebID is an SSL infrastructure - which solves privacy issues at a cost of everybody being accountable to an SSL signing authority. There are other lesser technical issues, but this is the elephant in the room. WebID uses SSL, but as far as I understand it doesn't rely in any CA. The certificates can be self-signed and they will work the same. It uses the private key installed in your PC (which might not be very convenient) and checks if it belongs to the public key (which you have copied sometime before) returned by the FOAF file. If they match, your friends server can be sure that you are who you claim to be ( http://www.w3.org/wiki/Foaf%2Bssl ). In this scheme it doesn't matter which the CA is. Aitor Pazos Ibarzabal Instant Messaging (Jabber, GTalk): ai...@aitorpazos.es Web: http://aitorpazos.es signature.asc Description: This is a digitally signed message part. ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
[Freedombox-discuss] Abstracted configuration (was: Re: Friendika)
On Jul 13, 2011, at 6:05 PM, Aitor Pazos wrote: I'm not an expert, but I'm worried about how many federated social alternatives are being developed, in many cases without tackling the underlying problems. We have protocols for our needs, we just have to integrate them, because each one is good for different needs. We have http for asynchronous communications with ostatus (microbloging/status), webdav (file sharing), groupdav (events and tasks) and html for posts, We have xmpp for synchronous communications (including audio and video) and collaboration. E- mail should be supported for a complete user experience. The servers are already implemented and they are already federated services. It's a matter of introducing some abstraction on top of them (akonadi already integrates almost all this kind of services) and integrating user management, permissions, etc., and build the web interface on top of that abstraction. But I could still use all my normal clients (Kopete, Choqok, Dolphin, Kontact) which is something very important for my. If we change the underlying protocols, what will happen with all this software? Will developers bother to adapt their applications to the new definitive protocol before fixing the working protocols? Are we willing to render all this great applications useless? WebID is an SSL infrastructure - which solves privacy issues at a cost of everybody being accountable to an SSL signing authority. There are other lesser technical issues, but this is the elephant in the room. WebID uses SSL, but as far as I understand it doesn't rely in any CA. The certificates can be self-signed and they will work the same. It uses the private key installed in your PC (which might not be very convenient) and checks if it belongs to the public key (which you have copied sometime before) returned by the FOAF file. If they match, your friends server can be sure that you are who you claim to be ( http://www.w3.org/wiki/Foaf%2Bssl ). In this scheme it doesn't matter which the CA is. Speaking of abstraction, to me the critical piece is that configuration of the box (which includes user-based configuration) should be decentralizable and out-of-box. I've been working with cellphone companies on such configuration aspects based on DNS routing, where the device can self-configure itself when given a single domain (in this case x.tel). Often the issue with configuration is finding the config API's access point(s). DNS here can help a lot, and with such an abstraction layer it becomes trivial to change or update the config mechanisms, as well as propose multiple protocols for such config. For example, say I want to configure a box and upon install I'm asked for a single domain. I enter henri.tel (any domain will do, but .tel domains have a much easier time dealing with NAPTR records). The installer can then automatically grab my public personal info (name, org, etc...). It can also do a lookup on say installer.fbox.org._apps.henri.tel to grab whatever NAPTR records are there for installer config, for example. And whatever other app that needs config info or a permanent access point could store its stuff in app.fbox.org._apps.henri.tel However one sets that up, the idea of having an abstracted single access point solves many problems, chiefly storing config and or runtime data in the cloud without being subordinated to a 3rd party (i.e. having 0 switching costs), or subordinated to any one protocol. -- Henri Asseily henri.tel ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] Friendika
On 07/13/2011 10:05 AM, Aitor Pazos wrote: We have protocols for our needs, we just have to integrate them, because each one is good for different needs. ... It's a matter of introducing some abstraction on top of them (akonadi already integrates almost all this kind of services) and integrating user management, permissions, etc., and build the web interface on top of that abstraction. I agree with you. We urgently need structured abstraction layers to guide all the brainstorming we have had and the brilliant ideas from all over the world... WebID is an SSL infrastructure - which solves privacy issues at a cost of everybody being accountable to an SSL signing authority. There are other lesser technical issues, but this is the elephant in the room. WebID uses SSL, but as far as I understand it doesn't rely in any CA. The certificates can be self-signed and they will work the same. It uses the private key installed in your PC (which might not be very convenient) and checks if it belongs to the public key (which you have copied sometime before) returned by the FOAF file. If they match, your friends server can be sure that you are who you claim to be ( http://www.w3.org/wiki/Foaf%2Bssl ). In this scheme it doesn't matter which the CA is. Aitor Pazos Ibarzabal Instant Messaging (Jabber, GTalk): ai...@aitorpazos.es Web: http://aitorpazos.es !DSPAM:1,4e1dc23a31631901470472! ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss !DSPAM:1,4e1dc23a31631901470472! ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] Friendika
WebID uses SSL, but as far as I understand it doesn't rely in any CA. The certificates can be self-signed and they will work the same. It uses the private key installed in your PC (which might not be very convenient) and checks if it belongs to the public key (which you have copied sometime before) returned by the FOAF file. If they match, your friends server can be sure that you are who you claim to be ( http://www.w3.org/wiki/Foaf%2Bssl ). In this scheme it doesn't matter which the CA is. Let's be clear: self-signed certificates provide no protection against MITM attack. In other words, no assurance to your friends that you are who you claim to be (unless you gave them your key fingerprint on a slip of paper or something). That assurance is the service that we supposedly get from certificate authorities. Boaz ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
[Freedombox-discuss] Working with W3C Federated Social Web
W3C FSW has - not only OStatus: http://www.w3.org/2005/Incubator/federatedsocialweb/wiki/Protocols http://www.w3.org/2005/Incubator/socialweb/wiki/FederatedSocialWebCharter nor - had - previous SW incubator - http://www.w3.org/2005/Incubator/socialweb/XGR-socialweb/ i think - if something isn't mentioned that's because - there wasn't the move from developers itself like - http://indiewebcamp.com/undiscussed and, i haven't seen no emphasis on something except if one of the members, like StatusNet could be the most active on wiki, because they have real money-driven interest, i think. obviously - there are broader group, than represented in FSW incubator for example - d-cent.org/wiki and http://we-need-a-free-and-open-social-network.wikispaces.com/ but i'm sure - FSW should be the base for discussion !between all these initiatives, if we want the real Federation to happen. i am as PR of http://PyOfWave.info project, and, PyOfWave as a member among of 4+ (not naming Apache Wave now) Independent Wave-alike networks, going partly, with existing protocols, partly with invented schemes. But - we are aimed for FSW and - not because we like FSW as the place for discussion - mailing lists aren't nice and minute chat's are just fun. But - because it's only - obvious place where such a Federation, being built with Privacy and Security as the corner stones - would, likely to start on. I mean - not on *our* or *yours* lists, forums or pads, even if we like them, but there on FSW infrastructure, where people could work together on the most *real* Federated Social Web. We, as XCCC networks have the most difficult objectives among social networks - to federate with working https://secure.wikimedia.org/wikipedia/en/wiki/Operational_transformation or, even, next gen of it, however we are still trying to make it with most of FSW participants, so it could be called Web Federation! If we, like we did already, would work independently, only on our own - we'll have http://we-need-a-free-and-open-social-network.wikispaces.com/ variety lists without real federation for years if ever, given that both FB and G+ have and would have more of standards under the hoods, we shouldn't make just another type of federation - because it suits our base. Here is a man - proposing wait for another G+ standards: http://mattblr.tumblr.com/post/7149479901/google-facebook-federated-social-network-2 i can't agree with that situation either, as if ever we could - it's now - we could show the Google and Facebook that - it's Them - who need to think how to federate with all the coming FSW world, not us. It's them - who need to open their data for Independent real-time search, for Independent Web Apps etc. FreedomBox Federation could tidily collaborate with existing - professional initiatives under existing professional institutions like W3C or just start another one Federated Group, i think - you should decide. ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] Working with W3C Federated Social Web
Freedombox is a bigger project than a Web project, but hopefully it will leverage the Web aspect for its users, as much as possible. yes, that's why i named the topic Working with.. Another point is - web browser developers that can suit our needs - like Mozilla now have - all that's needed for start Web OS's named browsers, there are already - like http://clinked.com/webian/pages/webian_os_base could be for Debian ;) I'v seen a built with it, could post here if any interested. It's a young project but Chrome OS is another, pretty underestimated competitor for proprietary cloud, you'll see. And - better portability than with browser apps we won't have anytime soon, i guess. So - bringing the attention to FreedomBox project(s) - by developing a clients, web clients, in-browser clients for FreedomBox internals, maybe *even* controls - that's what could be the really mass-oriented strategy. I think FBox is a bit late and it have no time for developing another cross-platform clients anyway. TAC - please tell - am i wrong? ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] Friendika
On 13 Jul 2011, at 20:50, Boaz wrote: You dont need to give your key on a slip of paper (you can if you want of course), it's on your home page. Hopefully your freedom box also hosts a web server too, preferably with https Okay, so you have a home page, and on this home page is your key. And you know the home page is authentic, because it uses https, which is protected using - using what now? Oh, that's right, that same key. If your web site had a self signed certificate then you would be no further than if you used only http as far as security goes - which is what people have been doing in the past 15 years... I suppose you'd be better off then just with http in order to avoid client error messages. And if you have been happy with signing into sites using e-mail authentication then you are not going to be loosing anything having an http WebID. If you want your profile secured then it is currently easiest to use a CA to certify your Web Server. There are free CAs out there that work btw. (see the http://webid.info/ wiki) But we need to put pressure on Browsers to implement IETF Dane so that we no longer need to rely on that either. In any case this problem is going to be a problem with all services: without https you won't know that you have reached the right server, be it your search engine, your identity provider, or others... This is all well and good, it just doesn't provide any protection against a MITM attack. If you're okay with that, this is a fine arrangement. The Relying party with WebID still TLS to get the client's certificate. CA signed ones make currently for a better user experience with the browsers. Henry ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss Social Web Architect http://bblfish.net/ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] Friendika
On 13 July 2011 23:32, Mike Macgirvin m...@macgirvin.com wrote: On 14/07/2011 12:03 AM, Melvin Carvalho wrote: W3C is around to make sure everyone plays fairly, and everyone gets a say. OStatus are there because they have made an effort and have implementations. Zot can be too. Facebook recently joined the W3C, too and google have been a member for a while. I'm in the W3C Incubator group - as a read-only participant. Friendika has been federating the social web more than anybody. Great! In fact I was muzzled on the original federated social web group because of my vocal opposition to the FSW *mandating* the acceptance of unsolicited communications - e.g. SPAM. Not much collaboration can happen when you get shut out of the process for speaking up against lunacy. I'm sorry if you felt excluded, I can understand that would be off-putting, I certainly would not have shot down such an idea. Generally there is a decent level of courtesy on the lists, and persistence does tend to pay off. I'll federate with whatever emerges - but so far all I have to work with is an insecure spammy protocol which you can't get anywhere near private messages - as it is publicly broadcast. We do our best to support it despite these fundamental flaws. Awesome. Hopefully we'll have a few WebID mini networks going 2nd half of this year. Here is quite a nice emerging project: http://myprofile-project.org/ I use this in conjunction with my home page. My home page contains my public key (that's all you need to be a WebID provider). Then I can sign in to that service which currently provides me with a wall, notifications, ability to ping others, rss feeds etc. If at some point I dont like their social networking services, I can easily switch some components to other providers, perhaps with better security etc. Would be really nice to try some interop tests, where appropriate, later in the year ... ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] Friendika
[Melvin] ... I'll federate with whatever emerges - but so far all I have to work with is an insecure spammy protocol which you can't get anywhere near private messages - as it is publicly broadcast. We do our best to support it despite these fundamental flaws. [Mike] ... Awesome. Hopefully we'll have a few WebID mini networks going 2nd half of this year. Here is quite a nice emerging project: http://myprofile-project.org/ From the site: Its main purpose is to provide a unified user account, or simply ‘user profile’, which as opposed to current ‘silo’ profiles, would really be under the user’s control, on a device controlled by the user. Very interesting and highly relevant to the concept of freedombox. Tony ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss