Cover Image

3.2 release

September 13, 2018 - Reading time: 2 minutes

Commit: d326e580f3cf399fbe965df11a04357fbec12ae0

This is a minor release which continues on the base of Debian 9. The main change in this release is the introduction of a new web based user interface, which aims to make installation and management of the system easier. This is part of the bigger goal to try to push self-hosting into the mainstream and make it more accessible to a wider range of users with a reduced requirement for technical knowhow.

The new user interface was designed for minimum complexity, to operate on screens of any size and without any need to have javascript enabled. Installation may be carried out using only a smartphone running a stock browser. No secure shell logins are required, but that can still be enabled after initial setup if it is needed.

The website and logo have been changed to give it a more appliance-like look, and in future releases the descriptions of individual apps will be moved into the web user interface itself as context sensitive help. More support for languages other than English is also expected in the next version.

Images and source code are now obtainable via dat archives. This should be more scalable than the previous arrangement, because archives can be independently seeded by any number of peers.

On the hardware front there is now experimental support for a few additional single board computers: Beaglebone Green (the non-wifi version), Banana Pro and Beagleboard X15. Running from a SATA drive, rather than microSD card is now also supported, and this can improve system performance dramatically especially if you connect an SSD.

The backup system has been simplified such that there is no longer any need for separate keydrives or special formatting. This means that you can buy a USB drive in a shop, plug it into the server, select backup from the web UI and supply a password to encrypt with and it should then work. If you leave the USB drive attached then it will automatically do a backup once per day.

For installation instructions see the main site. Existing installs should upgrade automatically.

At the present time self-hosting is something only done by people with a high level of technical knowledge, but it doesn't have to remain that way. Version 3.2 is the first version of Freedombone which potentially could be deployable to a mass market - especially if the onion version was used which avoids the need for domain registrations or port forwarding.

On the decentralized web

September 9, 2018 - Reading time: 4 minutes

Decentralization is maybe on the way to being a buzzword. I was reading a Guardian article about it recently, and the article was sufficiently awful that I thought I'd do a deconstruction of it here.

The proponents of the so-called decentralised web...


Isn't the so-called decentralized web really just the web?

With the current web, all that user data concentrated in the hands of a few creates risk that our data will be hacked. It also makes it easier for governments to conduct surveillance and impose censorship. And if any of these centralised entities shuts down, your data and connections are lost. Then there are privacy concerns...

This is all true, but it's not the primary reason why decentralization is desirable. If you're running your own decentralized web server there's also a risk that will be hacked too.

The main reason why we want decentralization is that centralized governance doesn't work. Also silo companies which are practicing governance (badly) but claiming that they were mere neutral carriers of information are hypocrites.

Not only does centralized governance in silo systems not work, it produces bizarre and unjust outcomes. See some of the articles written about Facebook's censorship rules and how they're applied. Also see Twitter's defense of far right thugs. Attempting to do governance by AI will be even worse, and I think we're just at the beginning of seeing the consequences of that.

The services are kind of creepy in how much they know about you

Well, yes, but if it was merely about creepyness I could almost live with that. The problem is that the current situation with silo systems goes far beyond creepyness into the territory of doing actual damage to the lives of their users. Not caring about people getting harrassed or dogpiled is part of that problem. Technology is supposed to be an enabler improving life, not something which disempowers and which you may fear using.

The same tech that can protect users in the DWeb from central surveillance might also offer a shield to criminals

See, there are plenty of criminals on Twitter. Not only are they on Twitter but they're being shielded by it. Occasionally Twitter has purges in which some bad people are kicked out, but most remain and often there's a lot of collateral damage of innocent bystanders. There have been dubious bots creating a murky economy of selling followers for the best part of a decade, and they mostly ignored it.

How will my everyday experience of using the web change? If it is done right, say enthusiasts, either you won’t notice or it will be better

"Enthusiasts" is a curious word to use here. Not "experts" or "people who built the internet"?

Trying to market the "DWeb" are merely "better" also misses the point. What we're trying to find a solution to here is nothing less than how to practice good governance in the 21st century. A dictatorship of Facebook and Twitter isn't working out real well with regard to that question.

For the internet, and therefore the rest of life, to be well governed it needs to be run by and for the people who are using it. People need to have a stake in the game. Not just "Zuckerberg calls the shots and the rest of the world falls into line". This isn't about whether apps are convenient to use or not. It's fundamentally about what kind of life you want to live, and whether you want to be a contender or merely someone being "nudged" by an algorithm.

One thing that is likely to change is that you will pay for more stuff directly – think micropayments based on cryptocurrency

One of the biggest problems at the DWeb summit which this article mentions is the conflation between decentralization and blockchain technology. Cryptocurrencies which currently exist - especially Bitcoin - aren't really decentralized. Yes, anyone can run a node, but who generates the new currency and who is getting the most value out of it? Not just theoretically, but practically, in reality. So far that's always been a very exclusive club of beneficiaries, who are mostly the usual suspects. This isn't true decentralization. It's more like a pyramid scheme with cryptography.

At present I'm not convinced that blockchains have much of a role to play in decentralization, but append-only lists might.

Issues of growth

September 6, 2018 - Reading time: 2 minutes

It now looks like the fediverse is well on the way to becoming something mainstream-ish. I expect that over the next year the degree to which it succeeds will be the extent to which my timeline is able to resist turing into something resembling Twitter.

So far it's mostly been a success story. The last Twitter exodus in August did bring with it new challenges though. There was some kind of dogpiling scandal involving a minor celebrity and the lesson from that is that celebrities can bring with them a lot of toxic baggage from the Twitterverse which isn't necessarily trivial to mitigate against. Even on Mastodon it appears that people are easily enthralled by celebrity, and willing to give them far more benefit of the doubt than J Random Mastodon newbie would get.

Maybe other celebrities will be deterred by that debacle, but with the growing network effect we're likely to see a similar story begin again soon enough. It does raise questions about the extent to which the fediverse can avoid classic Twitterisms, like dogpiling of targeted users.

There was also an anomalously high level of squabbling between instance admins. Fortunately that only lasted for a few days and then things returned more or less to their usual condition. As I've mentioned before, the configuration of instance blocks kind of works itself out over time and settles into a new pattern.

One thing which concerns me is that the larger instances are continuing to grow without any limit on number of users, and that as they do so undesirable Twitter-like social dynamics begin to play out. I think what's needed is renewed emphasis on running your own instance and keeping the size of instances small. When instances get very large they become impossible to moderate even with a dedicated team, whereas with small instances peer pressure alone is usually enough to avoid bad behavior going unchecked. Small instances are a key advantage, since they're something which Twitter and Facebook can't do.

Cover Image

Building for Scale

September 4, 2018 - Reading time: 3 minutes

So far the Freedombone home server project has been aimed at people who know how to use GNU/Linux and are not terrified by the sight of a commandline, but for the next release that's going to change.

The next release will have a simplified web based user interface suitable for the mythological "average user". The previous menu system will still be available, but will be for the more advanced users.

I'm not actually a web developer and my knowledge of front end web technologies is very limited. In a job interview not that long ago one of the interviewers berrated me for never having learned Django, saying something like "I do not find it credible that you have not learned Django yet and have not been making money doing that".

To avoid the mess of dependencies which many contemporary web apps appear to entail, for the Freedombone web user interface I've tried to keep it very basic and follow the principle of do the simplest thing possible. I decided early on to avoid javascript. Although it's popular, Javascript often isn't trusted and many people block it altogether with NoScript. So the software architecture of the new web interface is HTML, CSS, a small amount of php and a daemon in the background made with bash. The daemon does all the important stuff, like installing apps or making backups.

Experienced web developers will probably laugh at the crudeness of this implementation, but it works and should be straightforward to maintain. The design can be simplified because it's only expected to be used by whoever is administering the system, so concurrency of inputs doesn't need to be handled.

As a general principle I've tried to keep only a few objects on each screen of the web interface. This keeps the cognitive workload down and the number of things within the buffer size of biological working memory. If there's too much screen clutter then that will make it hard to use. I've stuck to a simple color theme which is hopefully high contrast enough for low vision, and the amount of wording on each screen is kept as small and as direct as possible.

A tricky part of the new user interface was the backup system. If you're running a server then keeping a backup of data is essential. The previous system required making separate keydrives and backup data drives and also included a LUKS formatting step. For a mass market type of system I thought this was too complex, involving too many steps and with too much chance for someone without scrupulous opsec to make mistakes. So I redesigned how backups happen. They're still encrypted with GPG, but the keys are stored on the backup drive and encrypted with a password. This means that it's possible to buy a USB drive, plug it into the server, select "backup" and it will work without any separate formatting step. If you leave the USB drive plugged in then it will make backups automatically once per day. If you later lose the backup drive then the password still protects the keys and therefore the rest of the data.

Another thing about passwords is that I've followed the existing policy of by default not allowing the user to select their own password. This is different from most other systems, including FreedomBox. Instead on first startup the system gives you a random password and tells you to write it down or store it in a password manager. I'm going on the assumption that if the user chooses their password they will choose the name of their cat, or password123, or something else which is trivial to crack.

I've also been rearranging the website such that it assumes a mass market type of deployment, with a mockup of a boxed product in the admin guide.

Whether Freedombone actually does become a mass market thing remains to be seen, but this is a first attempt at moving it in that direction.

Common misunderstandings of the fediverse

August 18, 2018 - Reading time: 2 minutes

I don't ordinarily read the Hacker News site but Mastodon is trending on it again so I thought I'd read the comments and see if anything can be learned from them. The TL;DR is that there isn't really anything new here. It's the same misunderstandings as existed a year ago.

The top comment, that is, the one with the most votes, provides a good indication of the most common misconceptions.

you want me to get excited about Mastodon? Show me something exciting I can do with it that I can't do with twitter, instagram, or Snapchat

This assumes that there is some set of technical features which are better. There are a few, but to focus on those misses the point. The main point of the fediverse is that it's not centralized. It's has federated governance rather than being a dictatorship by some deluded CEO. Fediverse systems are also Free Software, so you have the advantages of the freedom which that provides. I can't fork Snapchat and make a customized version of it.

Alternatively, is there some new and novel porn that Mastodon will allow me to access?

I don't know of any porn instances as such, but in principle there's nothing to prevent that happening.

Or is there a new generation of FIFA stars on Mastodon? Or new generation of NBA stars?

This assumes that celebrities are what social life should be about, and there is no point in joining a system which doesn't have them. Not having celebrities is really a feature not a bug. Celebrities only provide the illusion of community. They're not actually a substitute for developing real relationships, and are a distraction from that. Celebrity culture is broadcast culture. It's not about participation or reciprocity.

There's nothing to stop celebrities from creating their own fediverse accounts. In the past some did that. But they always quickly leave once they realize that they're not going to get millions of adoring fans, and are not immune from criticism or from being kicked off if they abuse their welcome. This is in contrast to Twitter, where celebrities can break the rules but receive special treatment because of their status.

I mean, it might work? But I think Las Vegas hit on a much better method...

The fediverse isn't about stars, or creating stars. Nor should it be. The fediverse is more about friends.

Considering the future of the web

August 6, 2018 - Reading time: 3 minutes

Does the web have a future? I was listening to the talks from the Decentralized Web Summit recently. A couple of them were mildly interesting, including the one about legal aspects. Mostly though it wasn't all that enlightening and there was a big cryptocurrency presence with a highly technocratic "brogrammer" narrative.

What this and other factors indicate to me is that the web is in trouble, and not just because of "Russians". The Russia paranoia in the US and also frequently mentioned at the summit has reached ludicrous levels, such that every bad thing on the internet now seems to be blamed on Russia. I think it's a sign that the political system is weak and disintegrating and looking for someone else to blame. Replacing analysis with magical realism.

But there are other problems. The main browsers which most people use seem to be inextricably entwined with a Surveillance Capital business model. They're increasingly supporting centralised schemes. Only Beaker Browser, based on Chromium, seems to be going in a decentralized direction.

What might happen if current trends continue?

In a business as usual scenario in which you just assume that a few giant companies will try to maximize their profit by fully controlling end users I have a few predictions:

  • Common internet devices will have no operating system. Instead they will have a ROM delivering screen display functionality and a network stack with integrated DRM. It will not be possible to root your phone or install an alternative image.
  • Running Free Software on a laptop will be something that only people using very expensive open hardware designs manufactured in small quantities can do. All other laptops will have a fully locked down boot process which isn't end user modifiable.
  • Only licensed and regulated social networks will be permitted. No ordinary user will be allowed to run one without risking jail time. An official registry of licensed site operators will be set up by every government. The license fees will be high enough to exclude most of the population.
  • While "hackers" of a certain kind were somewhat celebrated during the Web 2.0 phase in future they will return to being persona non grata. Not just people doing crimes with computers, but in the broad sense of the term as anyone trying to customize their computing experience outside of corporate limits or run their own systems outside of the official licensing system.
  • Systems like TOR won't be beaten but will be rendered sufficiently impractical by ubiquitous blocking of known nodes that almost nobody will be able to use it.
  • The main technology companies will implement something like a virtual decentralized layer on top of their centralized "serverless" system. This will give the illusion of differing communities having varying degrees of "autonomy" and "privacy", while all still being under centralized control. This, and not AI, will be the solution to the moderation problem. Leaders of the various sub-communities will be individuals who are centrally appointed and operate under government license, which can be revoked at any time should any of them decide to "go native".
  • Systems like Aadhar will be rolled out in every country. Aadhar was just a trial run for the far more restrictive identity systems which followed.

This is a darker future. We're already in the dark future of the web compared to its origins in the 1990s. I think this kind of future is preventable if enough people choose to do something else and don't support restrictive laws or regulations.