What is the future of programming?

April 17, 2018 - Reading time: 2 minutes

I was watching a talk by Bob Martin about "The Future of Programming". It's an amusing tale, but it says far more about the past than the future. I was expecting him to say at the end that the future is going to resemble the past and that software will mostly be written by highly discipined, minimally supervised middle aged professionals of no particular gender who have all signed up to a code of ethics. But he didn't say that and instead he ends up predicting what happens a couple of years later with Zuckerberg testifying before the US congress and the impending regulation of "big tech".

So what is the future of programming? I don't think it will be fully automated, but it will probably be partially automated. There's still a lot of hype about Deep Learning right now, but none of the fashionistas are paying any attention to genetic programming. I think that user interface design will become more of a well defined thing and that there will be genetic programming systems which can largely automate the creation of user interfaces. If you can define in vague terms the kind of thing you want then a system can automatically produce candidate screen arrangements from which you then choose from and itterate until you are satisfied with the result.

But much of programming - especially the behind the scenes stuff which is more detailed and requires more knowledge of hardware specifics - I expect to continue to require human programmers.

The code of ethics which Bob Martin mentions isn't a new idea, but it's interesting to follow through with what the implications are. Codes of ethics don't come out of nowhere and they usually aren't mass adopted because a clever CEO somewhere wrote them down on a blog. Those types of things imply professional organizations, such as guilds or unions. Organisations bigger than any particular company and capable of applying pressure to rogue bosses to keep them in line. We don't have anything like that yet for software professionals, but there are signs that it might be on the way. Not long ago there was the first strike by software engineers attempting to join a union at a startup company in the US, and although it seems that the outcome in that case was not a good one it does set a precedent for future organizing of that type. If there were to be a global union of software engineers capable or organised collective actions then I expect the gender problem and maybe some other problems not mentioned in the talk would quickly go away. Perhaps that's too optimistic and the gender problem is actually more complex than that, but with a significant weight of organized labour behind it I suspect that progress on these problems could be made far more rapidly than otherwise.


Freedombone 3.1: Prospects for a better internet

April 16, 2018 - Reading time: 3 minutes

It has been quite a while since the last official release, so it's about time for another. Freedombone 3.1 continues on a Debain 9.x (stretch) base and there have been a few new applications added since last year, the most notable of which are Pleroma and PeerTube. Both of those apps possibly might have a big future if current trends play out the way I think they will.

This release also includes significant improvements to the mesh version, allowing you to change protocols on the fly. Presently there doesn't seem to be any clear winner in the battle of mesh routing protocols, so it makes sense to include the most common ones and have the user decide. The mesh system is now also pure IPv6 and I like to think that this system is a kind of proof of concept for what the internet could become if supporting legacy software and the client/server paradigm wasn't an obstacle.

There has also been a change of logo. The graffiti style logo was used from the beginning and although I still like this logo I wanted something which was more consistent with the ASCII header of source files and the message of the day within the software itself. So the new logo is really just a colored in version of the ASCII logo. An early criticism was that perhaps the logo should be just an icon of some kind, because it's possible that the system will end up being used in non-English speaking areas. I think that's a reasonable concern and although it hasn't been a problem so far it might be worth investing in some new logo artwork in future.

A question I always ask myself when putting out new software is "is this still relevant?". The world of software moves quickly and things which were once important become no longer so as the technological landscape changes. Freedombone is one of those curious cases where it's not me that's aligning with the world but the world that's coming to meet where I am instead. The issues which motivated the creation of this system are becoming more relevant over time, rather than less. Things like net neutrality under threat, censorship, W3C approving DRM, infrastructure centralization and fragility, growing realization of how out of touch Silicon Valley companies are with most people's lives, aggressive demonetization and the end of the idea that advertising can be a "win-win situation" for creators of web content.

Change is obviously needed, but what kind of change? Just "writing to your MP", as Open Rights Group frequently recommends might be necessary sometimes but isn't sufficient. I think the public have to take matters into their own hands and reclaim the internet as a platform for everyday life rather than just as a vehicle to be used cynically to increase the size of Zuckerberg's bank account. Hosting web systems at an individual or community level can be part of that, and although it's not yet consumer grade easy it is becoming more feasible for more people.


Zuckerberg versus the US congress

April 11, 2018 - Reading time: 4 minutes

I watched most of Mark Zuckerberg's testimony to the US congress while also thinking of the "great Facebook trial" mentioned in the Freedom in the Cloud talk from 2010. This isn't such a trial. In fact, it's the opposite. Almost without exception, congress critter after congress critter were lining up to praise Mr Zuckerberg and his site in glowing terms. They were falling over themselves to thank him for coming, for the wonderful blessings which his site had bestowed upon the world. They praised his intelligence, his business acumen and even his patriotism.

The Zuckerberg appearance was a display of America's most powerful engaging in mutual admiration. That congress people felt it necessary to ingratiate themselves before him says a lot about where power really resides and who has the goods on who. Zuckerberg is one of the top ten wealthiest people in the world - a multi-billionaire. It's possible that if he can steer Facebook out of it's current difficulties then he may go on to become the world's richest man and own a large fraction of the planet's resources. If current trends continue then at some time in the foreseeable future one man will have more wealth than half the world's population. Things really are looking that bad.

The predictions about what would happen in this inquiry are turning out to be accurate. There will be mild criticism of Facebook. Zuckerberg will make some superficial changes to privacy settings and terms of service documents. He might pay a small fine, relative to his profits. And then the business model will continue as if nothing had happened.

One of the great tricks of the inquiry process was to have four minute slots for questions. I'm not highly familiar with the internals of US politics but when I saw this I thought it was a stroke of genius. The questioners usually took 3.5 minutes to ask their question, leaving mere seconds for Zuckerberg to give only the briefest and most boilerplate answer, or just avoid answering altogether due to running out of time. This allowed him to dodge many of the more interesting questions, such as exactly how "shadow profiles" get created and whether it's possible to opt out of them (it isn't), or how Facebook tracks web site visits via "like" buttons or "tracking pixels".

Zuckerberg himself appeared slightly nervous at first, but mostly his demenor was confident and assertive. This wasn't someone being brought to heel for transgressions by the mythical "checks and balances". It was more like the master telling the slaves what the new Facebook terms of service will look like in the next year or two.

So other than theatre, is there anything which can be learned from this?

Zuckerberg says that not just political campaigns but anyone with a Facebook group and some significant number of followers will be required to submit formal identity documents to the company. This could result in another round of purges and an exodus from Facebook into either Twitter or the fediverse.

I had expected it, and may have even mentioned it in past blogs, but now there's no doubt. Zuckerberg made clear that he is going to use AI to moderate Facebook. At one point he said that there is no number of employees he could hire in order to review the content of the site. It can only be done with AI. This is a high risk strategy, but for a centralized silo system there aren't any other options which wouldn't break the business model. I expect that there's a large probability that AI based moderation will go badly. It might even be Facebook's ultimate undoing.

Really the only way to moderate communities is with human oversight by people who hopefully are in posession of some form of wisdom and who are embedded within those communities and understand their history. Only people have the knowledge and context to be able to evaluate social events within diverse cultures and situations. A single centralized system is going to struggle with this, no matter how advanced the AI algorithms are. Context collapse could be rampant. A lot of folks might get purged or miscategorized.

As the titans of the state and the oligarchy slug it out in a grudge match for supermacy over personal data, this potential looming catastrophe could be a huge opportunity for the fediverse to demonstrate that community moderation is superior to centralized AI moderation, and is the only truly scalable way of supporting meaningful social relations in the 21st century.


Email via Onions

April 6, 2018 - Reading time: 2 minutes

I use org-agenda, the Emacs task manager, as a TODO list and the problem of getting email to work from an onion address has been a remaining very low priority task for the last couple of years. Not many people need this sort of functionality, but as time passes the problems with conventional email get more acute, especially if you are running your own server.

The problems with existing email can be summarized as:

  • You need a domain name, which costs money.
  • You need a TLS certificate. This isn't as much of a problem now as it was a couple of years ago, but LetsEncrypt is becoming a single point of failure.
  • The protocols were devised during the "profdoctor" stage of the internet, when most users were academics and everyone trusted everyone. Security was an afterthought, and the consequence was a massive spam problem.
  • Port forwarding has to be done for NAT traversal. What if you don't control the internet router?
  • Indiscriminate blocking based upon IP address ranges is increasingly a problem.
  • Some ISPs block email ports.
  • Some ISPs force users to proxy outgoing email via their own server, making censorship or MiTM a possibility.
  • PGP/GPG is needed for content security. A lot of people whinge about the unusability of email encryption.

Using onion addresses gets around the above issues. With onion addresses the public key crypto comes for free, so PGP isn't strictly required and the nay-sayers can stop whining. If you're paranoid enough then you can still use it as an extra encryption layer. Using onion addresses also ensures end-to-end security between email servers.

So long as you're willing to put up with a random-looking email address, and your friends are sufficiently geeky, then onion addresses solve a lot of niggly problems.

Recently I've put some effort into making this work on Freedombone and managed to arrive at a solution where you can send email between onion addresses or between an onion address and a clearnet address. Configuring Exim to do this is mind-bendingly tricky, but possible. This is also a sufficiently niche thing that there is not much information available out there, and what information exists is usually either far out of date or just wrong.

Support for onion email addresses will work "out of the box" with a new Freedombone install. There is also an app called bdsmail, which does something similar but using I2P as the transport mechanism. So you can take your pick, whether you're a Tor fan or an I2P fan.


The Stallman Directive

April 4, 2018 - Reading time: 3 minutes

In an episode of Linux Unplugged they talk about Richard Stallman's proposed solutions to the problem of companies spying on people and then using the data in dubious ways. After a lot of meandering the actual discussion is about an hour into the show.

So what's the solution to this? Cambridge Analytica isn't the first company to use data in sketchy ways and it won't be the last. I also don't really agree with Stallman that legislation is the answer, since here in the UK the data protection act has existed for decades and even though there are many violations of it it's largely ignored.

For example, the data protection act says that data collected about people is supposed to be used by the "data controller" for a specified purpose, not for purposes different from the one for which the data was originally supplied, and also that people should be able to obtain copies of their data without unreasonable delay. When you think of the world of advertising companies and data brokers and so on it's easy to see that these basic rules are being broken routinely. Data supplied for one reason ends up being used for entirely other purposes. Maybe somewhere in the terms of service there are buried descriptions of what happens to personal data, but realisticly nobody except lawyers reads those documents and the problem boils down to what constitutes meaningful education and consent.

Things that have been tried and which we know don't work are:

  • Legislation similar to the data protection act. It very rarely or never gets enforced.
  • Simplified terms of service documents with fancy coloured icons. Still nobody reads them. In an era of technology monopolies often users don't have a realistic choice about whether to sign up for a service or not.
  • Naming and shaming companies when they abuse personal data. They just carry on doing the same anyway.
  • Browser plugins which do client side encryption. Have existed for a long time but since they're not installed by default practically nobody uses them.

In the Linux Unplugged episode FreedomBox is mentioned as a possible solution to the data ownership and privacy problem. I like this idea, but I think there's also another possibility which is non-corporate community management of systems - especially social networks. That is, the kind of federated model which exists already on the Open Web. To some extent the work involved with storing and managing communications data can be collectivised within an affinity group so that each user of the system doesn't have to take on the whole responsibility by themselves.

A couple of years ago it would have been easy to dismiss the federated model as something old-fashioned, perhaps resembling the bulletin board era before the internet, but now there are thousands of Mastodon installs and what appears to be very active communities around them who are not just the previous demographic of hardcore Stallmanites. What exists today is a pretty substantial proof of concept for an exit strategy from the current data dilemmas. It's not that today's fediverse is ultra private - far from it - but it's conceivable that better privacy features could be added.

What I think organisations such as FSF, EFF and ORG need to be doing is getting behind projects like FreedomBox and promoting them and showing people how to install and maintain them. If data is increasingly managed in a non-corporate way and perhaps also at a more municipal level then at least when it comes to devising legislation the pro-privacy side of things will be in a much stronger bargaining position.


Another Blogging System

March 31, 2018 - Reading time: 1 minutes

The popular Ghost blogging system has been in Freedombone for a while. Recently I was trying to update it using the current Node LTS version (8.9) but not getting very far. The command line app had its option to specify the user account deprecated, and that seemed to be an important feature without which the installation process became a lot more complex.

I was struggling to get the ghost command line to work without a lot of errors and was also thinking that it's 2018 and surely blogging software doesn't need to be this complex to administer. The essence of blogging software is pretty simple, and probably it doesn't require these thousands of javascript dependencies.

So I've decided to remove Ghost from Freedombone for now. Instead I've replaced it with Bludit. Bludit is much simpler and easier to install. It has no database, so moving it from one domain to another or making backups is just copying a directory. The amount of RAM needed is negligible, so it should run even on the most minimal single board computer. It also of course supports RSS via a plugin.

Perhaps Ghost will return in future, but for now I think Bludit is a better option for self-hosting. When you're self-hosting web systems it's not just the bling which matters, but also the practicality of maintaining the system over time and on low cost hardware.

This means there are now two blogging options on the server version of Freedombone - Bludit and HTMLy. Both are databaseless and written in PHP.


About

The blog of Bob Mottram, a Free Software hacker and maintainer of the Freedombone project.

Web site

Email/XMPP: bob@freedombone.net

Matrix: @bob:matrix.freedombone.net