Message appears to have gotten caught in the Liberationtech filter, so re-sending on behalf of poster...
YC ---------- Forwarded message ---------- From: carlo von lynX <l...@time.to.get.psyced.org> Date: Tue, Oct 15, 2013 at 6:40 AM Subject: [liberationtech] per-cloud or How to get something ready for folks to use really quick To: liberationtech <liberationt...@mailman.stanford.edu> Moritz is right, mentioning the same project 8 times is a bit much, but I can understand that it's annoying if noone bothers to tell you what they are thinking about it. You need some decent feedback. On Tue, Oct 08, 2013 at 01:07:20AM +0200, M. Fioretti wrote: > http://stop.zona-m.net/2013/10/the-real-problem-that-the-percloud-wants-to-solve-and-why-its-still-necessary/ > > EXECUTIVE SUMMARY: > > 1) I think mine is the ONLY short-term, feasible way to get the masses > of average Internet users OUT of walled gardens while still working > and "feeling" as a real and easy to use cloud service, while being > a p2p federation of individually owned and used clouds, completely > compatible with the rest of the current Internet I know a short-termer way to do it, requiring a lot less work than what I see on your roadmap. Also I see bumps in the road of your roadmap which aren't easy and short-term to solve - or somebody else would have done it already. > 2) I will ONLY be able to work on it if I get enough funding, so > please contribute if you can, and in any case please spread the word > as much as possible! Other projects are a lot further ahead than yours, so I don't think there is such a necessity in doing what you would like to do. I'll elaborate on the road bumps so you don't feel like I'm making this up. http://per-cloud.com/doku.php?id=roadmap write down a complete, CLEAR definition of the system, including: which functions it can/must realistically provide (email + blog + online storage and bookmarking, social networking ) E-Mail: use Pond, RetroShare or Briar over Tor Blog: use Tahoe-LAFS, Freenet, RetroShare channels, Tor Hosting, I2P or whatever P2P tech I forgot Storage: use Tahoe, Freenet, I2P or some ownCloud-app over Tor. Maybe a private RetroShare channel works, too. Best if you write a dedicated plug-in for the job. Social Bookmarking: depends on Social Networking Social Networking: This one is currently not solved for the reasons I detailed in http://secushare.org/pubsub but the opportunistic broadcast features of apps like RetroShare allow you to do some little things without resorting to Faceboogle. which existing Free Software components should be used (e.g Postfix+IMAP+Mailpile for email, apache or nginx + PHP for Web frontends, Semantic Scuttle for bookmarking, pump.io for social networking) ) E-Mail is broken, there is no way you can make it privacy- compatible. We had a discussion on >10 reasons not to use it in this list. Web frontends: All apps that need them already have them, no? Semantic Scuttle sounds like something that could make up a fine RetroShare plugin so it actually respects privacy. pump.io doesn't have an elaborate distribution strategy, so it only works as long as you don't follow any VIP or become a VIP yourself - so don't expect it to perform better than.. uh.. RetroShare. Of course pump.io would have to run behind Tor for minimum privacy. how to integrate those components, that is how to package them and distribute it That would be useful work. But first you have to get to know all the software that can actually do the job. how to implement federation/social networking, with pump.io or similar open standards, to make things like these possible: Federation is evil, see http://my.pages.de/dsn-vn/ - unless you do it with home devices over Tor hidden services, cutting out the DNS and X.509 dependencies in the process. Open standards for things that do not work yet are evil, too. There are no open standards that handle THE threat model and scalability challenge we are talking about. Get over it. Joe's percloud user panel shows when Mary mentions Johns in her user panel, which is running autonomously on another server That is the distribution problem I was alluding at... here and in the pubsub document. This will only work for small social groups with no VIPs involved. Any opportunistic distribution scheme will in that scenario be okay, so you can also use RetroShare or Briar. describe how to maintain the software bundle when updates or bug fixes are released for any of its components Deterministic build procedure and multiply signed distribution. Debian folks are working on this. You can also use one of the tools for its own distribution, like RetroShare with its binary build channels. Users can choose which channel to use and thus which author to trust. Not good enough, but better than HTTP(S) download. Yes you are right that this work needs to be done. If you are willing to give up on DNS/X.509 based systems and ready to make one that at worst depends on a DHT (like Tor), then I suggest openITP should give you some money to stir up an almost-do-all package. IMHO right now the best bet at getting something up and running really quick would be to make a RetroShare + Tor package. In that case you would turn off RS's DHT and only use Tor's, thus cutting out the reason why some people perceive RetroShare as "slow" and resource hungry. I would also mention other projects but none are as far ahead as RS - still RS doesn't handle THE threat model, so a little effort in getting RetroShare to run over Tor by default is necessary. RS over Tor would provide for: - instant messaging and email replacement - group chat and discussion forums - blog-like channels - file exchange - rudimentary telephony Storage, social bookmarking and other social interaction could be done as a plug-in later. Just accept that it only scales for small groups. In order to have such a tool that replaces Faceboogle for most of our daily needs there must be investment in: - peer reviewing all that stuff - having UX geniuses put their hands on it - wrapping it up for distribution That makes three jobs to be done to have a quick and dirty tool to get people out of the cloud and federation danger zones, and only UX involves a bit of extra coding. Using Tor has the advantage that it is also useful for surfing the privacy-unfriendly web. I am not involved with RS and haven't even met its coders. I hope my own tool will be better someday, but since you asked about something that we can do here and now, this I see as the most viable option. Another viable coupling could possibly be Briar + I2P. That would be an all-Java line-up with a lot of tools running on I2P and a solid messaging system coming from Briar. I don't know how serious the security criticism about I2P is, so this combination, too, needs review. I also remember I2P being terribly slow for file exchange. The fact that Tor has a server- based relay infrastructure makes quite a difference. I also see psyced + Tor as an interesting battle horse with forward compatibility to secushare, so people can start developing social apps on top of PSYC without having to wait for secushare to be ready. But that's just my perspective. I am not neutral about PSYC. ;-) I do think I am fair and neutral about the rest because I'm not here for the power and glory but for the basic civil right to secrecy of correspondence (including the new right of secrecy of its transaction data) which I am afraid will never be achieved with DNS, X.509, SMTP and XMPP. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.