Carlo, I happen to working very hard on something that sounds almost exactly like what you're describing called telehash for many of the reasons you express, and once it's a little more functional I have a strong desire to demonstrate it working very compatibly/naturally with XMPP, of course :)
On Tue, Nov 19, 2013 at 4:30 PM, Carlo v. Loesch <c...@mail.symlynx.com>wrote: > Oh.. I didn't receive some of the messages.. probably originating > from Andreas.. strange. Again a multi-reply to avoid clogging the > mailing list: > > > On Tue, Nov 19, 2013 at 01:27:29PM -0700, Peter Saint-Andre wrote: > > Hi Carlo! > > I need to spend some quality time with your long message, but I don't > > have time for that right now. One quick point... > > lol! Hi Peter, was a pleasure meeting you this summer. > > > As you might remember, the original Jabber community was focused on > > code but also on defining and documenting an open protocol. There were > > no corporate interests pushing agendas (although some of the jabberd > > developers had some support from Webb Interactive Services), just > > coders making sure that clients and servers could interoperate. > > The stuff I wrote wasn't specifically addressed, especially not > at early Jabber. I know well that it was all created with best > intentions. I wasn't happy about the choice of a document syntax > for a messaging protocol, but the only thing I *really* complained > about was the lack of providing a distribution strategy for larger > recipient groups. I was just echoing basic things any IRC developer > knows concerning multicast, but the Jabber community didn't believe > the problem exists. So even today it's a problem to have more than > a hundred friends on a federated XMPP network, then try to do social > networking with them. The more time passed, the harder it got to > tackle the problem, because by then there were companies earning > money by selling scalable XMPP server solutions - a federation that > actually scales properly would be detrimental to their business. > > Even if this maybe isn't how it actually went, it is a reason more > why having corporations in the mix is bad for freedom. They can have > an interest in blocking technologies from getting better, and they > might be getting away with it by smart rhethoric and convincing > representatives. This time however they are putting our civil liberties > at risk, so we need to prioritize. Companies should be *users* of the > Internet, not *owners.* But currently they are owning the majority of us. > Again I'm not talking about the small players on this mailing list > working to bring some earnings back home. > > > I think we need three things: open source, open standards, and an open > > community. In fact I wrote an article about it way back in 2003: > > Back in 2003 I probably agreed, but by now I understand what Richard > Stallman says when he's against "open" and underlines the necessity > of "free." I need no open source, no open standards, no open community. > I want free software, free hardware and a free community. May sound > similar but the political differences are actually big and the > repercussions are being felt since June. > > > But these days the threat model has changed and I think we need to go > > beyond merely "open" to "trusted". Yes, trust is a slippery concept, > > but in my mind it's connected to things like hardware (e.g., PNRGs), > > build processes, transparency of releases, community governance, > > software that does what the user intends and no more, etc. This is > > something bigger than any particular technology, so this list might > > not be the best place to discuss it. Maybe a blog post or new > > discussion venue is in order... > > You just described what #youbroketheinternet is about. > > > Somebody wrote: > >> In case others are not yet aware: #youbroketheinternet is not only > >> explicitly opposed to federation but not even interested in > >> interoperability with federated communication networks. > > This reminds me of a word that I learned on this list years ago.. "snarky" > I presume it is Mr Kuckartz writing, correct? For some odd reason I didn't > get this mail. > > Anyway - it's a question of user expectation. You can't tell your > grandpa that this is the first software that actually implements your > constitutional right of secrecy of correspondence.. unless you add a > friend via XMPP that happens to have her account on Google. It's too > complicated. If you want to talk to people on Google use whatever tools > you want to use - don't mix it up with a system that is supposed to > give you completely different degree of privacy - and uses completely > different technology to achieve that - so there is no technological > advantage in supporting XMPP or SMTP anyway. It would be an add-on that > breaks user expectations. No good. > > But if you look at the http://youbroketheinternet.org/map you can see > several federation technologies in the upper right corner. Why? Because > their expertise at designing web interfaces for social networking is > still very welcome. We just need to replace the networking engine > underneath. Hey, it even mentions Buddycloud. They just need to see > that XMPP is not the future neither for the necessary privacy nor for > the necessary scalability to achieve what they intend to achieve: be > a serious competition to Facebook. > > > On 11/19/2013 08:56 PM, Philipp Hancke wrote: > > There is the hypothesis that any federated network tends to cluster > > around a number of large nodes. E.g. for XMPP this would be gmail, > > jabber.org, jabber.ccc.de (applause to their efforts on making > > themselves unreliable!), ... > > I don't think it's their fault if the entire hacker community currently > uses OTR on a single point of failure because it is safer than having > XMPP federation in-between. > > > Interdomain federation is hard, especially delivering the same user > > experience as between users on the same domain. > > Yes. > > > On 11/19/2013 09:04 PM, Hannes Tschofenig wrote: > > What you end up having is silos that typically consist of proprietary > > technology with limited usability for the wider Internet user community. > > RetroShare isn't exactly a silo. Everyone has her own node. > Also Bitmessage, Pond, Cables, Susimail, Nightweb, Syndie. > > Actually Skype operated quite similarly in the first years until it > was bought by ebay. And of course it doesn't really count since it's > closed source - but they pioneered the DHT architecture for something > else but file sharing. > > Looks like you are not familiar with the power of the DHT concept. > It's a gamechanger. It replaces DNS, X.509 and the necessity to organize > things in a federation instead of among equal peers. You can still have > a server backbone, but it doesn't need to know anything about you... > > I was a proponent of the federation concept from 1990 up to ~2007. PSYC > had an url-based federation strategy for addressing since 1995 - back then > the idea was revolutionary compared to IRC which is oligarchic, not > federated. Around 2007 I started understanding the power behind Tor, > GNUnet and co. It actually took me years to fully grasp it - so deep is > the paradigm shift. Only the DHT can withstand the dominance of the cloud - > federation can't (and anyone who thinks federation and the cloud are > working > together has accepted that federation isn't functioning properly - there > should > be no large clouds of ownership by single companies). > > > The benefits of XMPP are interoperability, the open standards process, > > and the large number of XMPP providers you can choose from. If you don't > > like one located in the US then pick it from some other country. If > > don't like any of them setup your own. > > You list things that I don't see as being beneficial. I already explained > why interoperability and standards aren't helpful to deal with the current > challenge to our intimacy. The idea of having to choose a provider is > terrible. You should be able to be a free participant by yourself, the way > you can, thanks to DHT technology. And the idea that choosing another > provider > keeps your data away from the evil ones is illusory since all your friends > are either on Google or Facebook. I probably thought the same way a decade > ago, but now I know it is all wrong. Or rather.. back then I didn't realize > there was a better solution to the problem. > > > On 11/19/2013 09:12 PM, Peter Saint-Andre wrote: > > On 11/19/13 12:56 PM, Philipp Hancke wrote: > >> There is the hypothesis that any federated network tends to > >> cluster around a number of large nodes. E.g. for XMPP this would be > >> gmail, jabber.org, jabber.ccc.de (applause to their efforts on > >> making themselves unreliable!), ... > > > > This is true even of unfederated networks (Facebook, Twitter, > > LinkedIn, Skype, the current crop of cool new mobile chat apps). My > > hypothesis: human beings are herd animals and prefer to flock together > > in large numbers. "Are you on hot-new-service-X?" It's much easier to > > think and act that way than to strike out on your own. > > No, I think it's in a wrong assumption of the federation principle, > that you can trust your university, your company or your boyfriend > better. Most people don't have any reason to trust anyone, so they > pick what is likely to have the least interest in them personally - that's > usually a large silo offering. See also http://secushare.org/federation > > The solution to the dilemma is to give them a software in their hands > that does everything by itself in a fully distributed manner. No need > to choose a server. No centralization effects. > > > Some argue that this is all a waste of time and that it would be more > > productive to start again (as Carlo says, redesign the entire stack). > > Sorry if you catch me nodding here. And believe me it wasn't easy to > give up a marvellous piece of federation technology such as the psyced > server - but it no longer satisfies MY needs for digital intimacy. > > I still use it, as in my eyes it's the least bad, and fippo still works > on its cutting edge XMPP S2S capabilities (thank you!) - but I really want > to be on a different planet with a distributed untraceable unlinkable > authority-free communication system. And it is no longer sci-fi. The > prototypes are already out there. > > > I have a great deal of sympathy with that attitude, and I do think > > that eventually we'll need to replace a lot of what we have now (even > > at the physical and link layers, e.g., more open hardware, wireless > > mesh links instead of centralized ISPs). But this is going to take a > > long time, and until we have more of that built out IMHO we need to do > > what we can to better secure the current generation of federated > > technologies. > > The problem is that I hear 90% of the people say something like this... > that is there are 90% working to maintain the status quo and only 10% > working on getting the new solutions off the ground.... of a 100% of > people that are sufficiently competent to do anything at all... > > At a point in time when the new solutions only need 10% of the work to get > started compared to the 90% of work it takes to maintain the old things. > And the news remind us daily of the reasons why we should act instead > of spending time on insufficient tools. > > But history repeats itself. When the first cars were developed, 90% of > the engineers where probably focused on refining the efficiency of horse > carriages. > > > Let the conversation continue... :-) > > :-) > > > On 11/19/2013 09:42 PM, Philipp Hancke wrote: > > Yeah, http://vimeo.com/77257232 talks about that -- and the lack of open > > products. > > Oh yeah, Aral is great. Don't always agree with the conseguences but > I love his analysis. > > > I do think that webrtc gives us a good chance to move the baseline > > experience from basic IM + presence to rich federation. And heck, we've > > got some movement here ;-) > > I think WebRTC is just the Web 3.0 - it's the same hype we had back when > AJAX was introduced. AJAX would make the entire web super interactive.. > which it *did* .. and yet the way it is used the most is as a surveillance > system built into Facebook. > > WebRTC *does* allow every website to do all kinds of funky P2P things, but > as long as there is no DHT technology in the mix, servers get to decide > who you are and if you are allowed to have an end-to-end encrypted exchange > with somebody else. And for the majority of users that server will have > Google > in its domain name. In five or so years we'll hate WebRTC because it killed > the last remaining reasons for people to install custom software, so they > can > fully give up on privacy and have Faceboogle manage ALL of their computing > needs. > > Let's hope I'm wrong this time. > >