Oh.. I didn't receive some of the messages.. probably originating from Andreas.. strange. Again a multi-reply to avoid clogging the mailing list:
On Tue, Nov 19, 2013 at 01:27:29PM -0700, Peter Saint-Andre wrote: > Hi Carlo! > I need to spend some quality time with your long message, but I don't > have time for that right now. One quick point... lol! Hi Peter, was a pleasure meeting you this summer. > As you might remember, the original Jabber community was focused on > code but also on defining and documenting an open protocol. There were > no corporate interests pushing agendas (although some of the jabberd > developers had some support from Webb Interactive Services), just > coders making sure that clients and servers could interoperate. The stuff I wrote wasn't specifically addressed, especially not at early Jabber. I know well that it was all created with best intentions. I wasn't happy about the choice of a document syntax for a messaging protocol, but the only thing I *really* complained about was the lack of providing a distribution strategy for larger recipient groups. I was just echoing basic things any IRC developer knows concerning multicast, but the Jabber community didn't believe the problem exists. So even today it's a problem to have more than a hundred friends on a federated XMPP network, then try to do social networking with them. The more time passed, the harder it got to tackle the problem, because by then there were companies earning money by selling scalable XMPP server solutions - a federation that actually scales properly would be detrimental to their business. Even if this maybe isn't how it actually went, it is a reason more why having corporations in the mix is bad for freedom. They can have an interest in blocking technologies from getting better, and they might be getting away with it by smart rhethoric and convincing representatives. This time however they are putting our civil liberties at risk, so we need to prioritize. Companies should be *users* of the Internet, not *owners.* But currently they are owning the majority of us. Again I'm not talking about the small players on this mailing list working to bring some earnings back home. > I think we need three things: open source, open standards, and an open > community. In fact I wrote an article about it way back in 2003: Back in 2003 I probably agreed, but by now I understand what Richard Stallman says when he's against "open" and underlines the necessity of "free." I need no open source, no open standards, no open community. I want free software, free hardware and a free community. May sound similar but the political differences are actually big and the repercussions are being felt since June. > But these days the threat model has changed and I think we need to go > beyond merely "open" to "trusted". Yes, trust is a slippery concept, > but in my mind it's connected to things like hardware (e.g., PNRGs), > build processes, transparency of releases, community governance, > software that does what the user intends and no more, etc. This is > something bigger than any particular technology, so this list might > not be the best place to discuss it. Maybe a blog post or new > discussion venue is in order... You just described what #youbroketheinternet is about. Somebody wrote: >> In case others are not yet aware: #youbroketheinternet is not only >> explicitly opposed to federation but not even interested in >> interoperability with federated communication networks. This reminds me of a word that I learned on this list years ago.. "snarky" I presume it is Mr Kuckartz writing, correct? For some odd reason I didn't get this mail. Anyway - it's a question of user expectation. You can't tell your grandpa that this is the first software that actually implements your constitutional right of secrecy of correspondence.. unless you add a friend via XMPP that happens to have her account on Google. It's too complicated. If you want to talk to people on Google use whatever tools you want to use - don't mix it up with a system that is supposed to give you completely different degree of privacy - and uses completely different technology to achieve that - so there is no technological advantage in supporting XMPP or SMTP anyway. It would be an add-on that breaks user expectations. No good. But if you look at the http://youbroketheinternet.org/map you can see several federation technologies in the upper right corner. Why? Because their expertise at designing web interfaces for social networking is still very welcome. We just need to replace the networking engine underneath. Hey, it even mentions Buddycloud. They just need to see that XMPP is not the future neither for the necessary privacy nor for the necessary scalability to achieve what they intend to achieve: be a serious competition to Facebook. On 11/19/2013 08:56 PM, Philipp Hancke wrote: > There is the hypothesis that any federated network tends to cluster > around a number of large nodes. E.g. for XMPP this would be gmail, > jabber.org, jabber.ccc.de (applause to their efforts on making > themselves unreliable!), ... I don't think it's their fault if the entire hacker community currently uses OTR on a single point of failure because it is safer than having XMPP federation in-between. > Interdomain federation is hard, especially delivering the same user > experience as between users on the same domain. Yes. On 11/19/2013 09:04 PM, Hannes Tschofenig wrote: > What you end up having is silos that typically consist of proprietary > technology with limited usability for the wider Internet user community. RetroShare isn't exactly a silo. Everyone has her own node. Also Bitmessage, Pond, Cables, Susimail, Nightweb, Syndie. Actually Skype operated quite similarly in the first years until it was bought by ebay. And of course it doesn't really count since it's closed source - but they pioneered the DHT architecture for something else but file sharing. Looks like you are not familiar with the power of the DHT concept. It's a gamechanger. It replaces DNS, X.509 and the necessity to organize things in a federation instead of among equal peers. You can still have a server backbone, but it doesn't need to know anything about you... I was a proponent of the federation concept from 1990 up to ~2007. PSYC had an url-based federation strategy for addressing since 1995 - back then the idea was revolutionary compared to IRC which is oligarchic, not federated. Around 2007 I started understanding the power behind Tor, GNUnet and co. It actually took me years to fully grasp it - so deep is the paradigm shift. Only the DHT can withstand the dominance of the cloud - federation can't (and anyone who thinks federation and the cloud are working together has accepted that federation isn't functioning properly - there should be no large clouds of ownership by single companies). > The benefits of XMPP are interoperability, the open standards process, > and the large number of XMPP providers you can choose from. If you don't > like one located in the US then pick it from some other country. If > don't like any of them setup your own. You list things that I don't see as being beneficial. I already explained why interoperability and standards aren't helpful to deal with the current challenge to our intimacy. The idea of having to choose a provider is terrible. You should be able to be a free participant by yourself, the way you can, thanks to DHT technology. And the idea that choosing another provider keeps your data away from the evil ones is illusory since all your friends are either on Google or Facebook. I probably thought the same way a decade ago, but now I know it is all wrong. Or rather.. back then I didn't realize there was a better solution to the problem. On 11/19/2013 09:12 PM, Peter Saint-Andre wrote: > On 11/19/13 12:56 PM, Philipp Hancke wrote: >> There is the hypothesis that any federated network tends to >> cluster around a number of large nodes. E.g. for XMPP this would be >> gmail, jabber.org, jabber.ccc.de (applause to their efforts on >> making themselves unreliable!), ... > > This is true even of unfederated networks (Facebook, Twitter, > LinkedIn, Skype, the current crop of cool new mobile chat apps). My > hypothesis: human beings are herd animals and prefer to flock together > in large numbers. "Are you on hot-new-service-X?" It's much easier to > think and act that way than to strike out on your own. No, I think it's in a wrong assumption of the federation principle, that you can trust your university, your company or your boyfriend better. Most people don't have any reason to trust anyone, so they pick what is likely to have the least interest in them personally - that's usually a large silo offering. See also http://secushare.org/federation The solution to the dilemma is to give them a software in their hands that does everything by itself in a fully distributed manner. No need to choose a server. No centralization effects. > Some argue that this is all a waste of time and that it would be more > productive to start again (as Carlo says, redesign the entire stack). Sorry if you catch me nodding here. And believe me it wasn't easy to give up a marvellous piece of federation technology such as the psyced server - but it no longer satisfies MY needs for digital intimacy. I still use it, as in my eyes it's the least bad, and fippo still works on its cutting edge XMPP S2S capabilities (thank you!) - but I really want to be on a different planet with a distributed untraceable unlinkable authority-free communication system. And it is no longer sci-fi. The prototypes are already out there. > I have a great deal of sympathy with that attitude, and I do think > that eventually we'll need to replace a lot of what we have now (even > at the physical and link layers, e.g., more open hardware, wireless > mesh links instead of centralized ISPs). But this is going to take a > long time, and until we have more of that built out IMHO we need to do > what we can to better secure the current generation of federated > technologies. The problem is that I hear 90% of the people say something like this... that is there are 90% working to maintain the status quo and only 10% working on getting the new solutions off the ground.... of a 100% of people that are sufficiently competent to do anything at all... At a point in time when the new solutions only need 10% of the work to get started compared to the 90% of work it takes to maintain the old things. And the news remind us daily of the reasons why we should act instead of spending time on insufficient tools. But history repeats itself. When the first cars were developed, 90% of the engineers where probably focused on refining the efficiency of horse carriages. > Let the conversation continue... :-) :-) On 11/19/2013 09:42 PM, Philipp Hancke wrote: > Yeah, http://vimeo.com/77257232 talks about that -- and the lack of open > products. Oh yeah, Aral is great. Don't always agree with the conseguences but I love his analysis. > I do think that webrtc gives us a good chance to move the baseline > experience from basic IM + presence to rich federation. And heck, we've > got some movement here ;-) I think WebRTC is just the Web 3.0 - it's the same hype we had back when AJAX was introduced. AJAX would make the entire web super interactive.. which it *did* .. and yet the way it is used the most is as a surveillance system built into Facebook. WebRTC *does* allow every website to do all kinds of funky P2P things, but as long as there is no DHT technology in the mix, servers get to decide who you are and if you are allowed to have an end-to-end encrypted exchange with somebody else. And for the majority of users that server will have Google in its domain name. In five or so years we'll hate WebRTC because it killed the last remaining reasons for people to install custom software, so they can fully give up on privacy and have Faceboogle manage ALL of their computing needs. Let's hope I'm wrong this time.
