Freedombone Blog

Your Data. Your Server. Your Place.

Abolish Silicon Valley

Here is an interesting interview with Wendy Liu about the problems of the technology industry described in her book, Abolish Silicon Valley. These problems aren't really all that new, but as software has become a bigger part of the economy and everyday life it has just become more obvious that capitalism mediated through and amplified by software technologies is something grotesque and often anti-human, not even meeting many real human needs.

One point raised is that we should democratize the creation of technology, and this is really what Free Software has been about since the 1980s. When I'm developing some Free Software there is no boss belittling me or telling me I'm not allowed to do it, and systems created within that paradigm can be a lot more focused on what people really want or need out of software.

But Free Software hasn't been without its own problems. It emerged from the ivy league US universities and hence much of its history has reflected the sorts of upper middle class interests which people who attend those institutions are accustomed to, which are typically not exactly the same as the general population. Many of the problems we now see are really classism amplified and enforced through technology, and in its current formulation the Free Software movement doesn't have solutions for this. One really obvious indicator of the underlying divide is that most people who develop Free Software can't afford to fly to conferences in arbitrary locations on the globe at least once per year, and this tends to mean that only certain middle class narratives are told and become integrated into the lore of hackerdom. On rare occasions grants might be made available to try to increase diversity, but nobody wants to become someone else's charity case.

What I think is needed is something like Free Software, but with enough of a surrounding organization to it that the value it generates can't easily be captured by large corporations such as Google. We definitely also need standards making organizations which are not just corporate consortia, as W3C is.

Epicyon Search

As with other fediverse servers, the search function in Epicyon allows you to look for a few different categories of things, such as emoji or hashtags or shared items. In addition you can now search through your own posts. This is full text search, but limited to posts which you've sent. It enables you to answer questions such as "what was I last talking about with this person?".

To search your own posts select the search button and then enter a keyword with a ! character at the beginning. You can also search on multiple keywords by using the + character. eg. !libre + laptop

Unauthenticated full text search in general is considered a bad idea, because it enables the sort of systematic harassment campaigns which have occurred over the last few years. But authenticated search on your own posts won't be deleterious to privacy and is of not much utility to trolls searching for people to target.

Collaboration during Crisis

The pandemic is undoubtedly a huge crisis, but it's not as if the time before that wasn't also a different kind of crisis. Many people are now working from home and using videoconferencing, and the problems with the proprietary systems for that are starting to become well understood.

During the pandemic it may be even more important than before that your communications remain private. You don't need to use proprietary tools which spy on you or leak your data. This is where self-hosting or running p2p apps gains additional importance.

So does Freedombone have any better alternatives? The answer is yes.

The main apps which you can install for videoconferencing are NextCloud and Matrix/Riot. There is an app installable within NextCloud called NextCloud Talk, which then allows you to do video chat between multiple participants.

Riot (the web client for Matrix) can do video chat on a one-to-one basis, and you can do chat between three or more participants via the Jitsi integration. The particular Jitsi server which is used can be configured from the Freedombone Web admin system by selecting the Riot app and then choosing Settings. Unfortunately, Jitsi isn't an app within Freedombone because it's just not stable on low power hardware.

If you only need voice chat, not video, then Mumble is the best app to use. It has been around for a long time, works even with low bandwidth internet connections and is reasonably secure. This may be a more practical way to hang out with friends during lockdown.

When it comes to getting work done in a collaborative real-time way then CryptPad or EtherPad apps can be useful for that. Etherpad permanently stores documents on the server, whereas CryptPad is designed for more ephemeral document creation within a Tor browser. CryptPad even has a collaborative spreadsheet and source code editor. One thing to watch out for with CryptPad is that the first time you access the site your browser window may appear blank for a while and perhaps ask to continue waiting. This is because it's downloading a lot of javascript from the server into your browser. Just wait and it will eventually appear.

Outside of the Freedombone project there is also other Free Software which you can try. Jami also does videoconferencing and so does qTox. qTox can also be routed through Tor for extra security. Jitsi Meet is also installable on Android or LineageOS via F-droid.

Static Analysis for Epicyon

Recently I discovered a bug in Epicyon which was just a missing function argument, and since my background is with languages like C, where this sort of thing would be caught at compile time, I was thinking that there ought to be some static analysis tool to find bugs like this automatically. It turns out that there are a few for Python.

The tool I went with is flake8, which imposes a certain code style and also finds syntax errors, missing imports and other things. It's already packaged for Debian, and so this doesn't change the status of Epicyon as potentially being included within a pure blend.

While using flake8 other bugs were found, and they were mostly minor ones in lesser visited parts of the code. I've also added a script called static_analysis which runs flake8 on all the source files, apart from the unit tests.

So now I can have greater confidence that the code is doing some approximation of what it's supposed to be doing, without variable names with typos in them or missing imports.

Improving onion support

I've been improving the support for the dual use case of Epicyon in which the instance is primarily on a clearnet domain but can also be used via an onion address. Previously when accessing via an onion address in a Tor browser it would often try to revert back to the clearnet domain, but now in nearly all cases it will stick with the onion address.

This kind of dual use case is typical for apps on Freedombone, and it gives you an alternative way to get to your sites if the clearnet becomes censored - such as if there is a hostile corporate firewall between you and your server. Due to the existence of bridges it's difficult for firewalls to entirely block access to Tor.

The future seems more uncertain than ever and so making use of alternate domain systems, like onion addresses, DAT, SSB, I2P, IPFS and so on is probably wise, at least as a fallback. Censoring things via DNS poisoning or blocking has historically been the go-to way that authoritarian governments try to stop people having the right to read in times of "national emergency".

Relaying and Hashtag Federation

I just saw the talk about hashtag federation in the fediverse and since I havn't written anything on this topic here are my current thoughts.

I think relaying of posts, in the style of an email open relay, is probably a bad idea. It's probably a bad idea in the fediverse for the same reasons that it's usually a bad idea for email. The most obvious issue is that it easily enables spam. For example, suppose there was a hashtag for a currently urgent event. A spammer could then just flood that hashtag with ads, or a political adversary could post random garbage with the hashtag attached in order to flood out the signal with noise and make it less likely that people will pay attention to that topic.

The other issue is post integrity. Usually this is ensured by a http signature, but if a post is relayed then how do we know that the post stored on the relay is the same as the original? An evil relay could alter public posts to deliberately create flame wars and instance blocking.

So I think relaying of posts and hashtags could create more problems than they solve. In the scenario mentioned in the talk you may still get to know what's happening in a protest because people you follow will be boosting posts with the hashtag. Boosting becomes a decentralized way of distributing hashtags around between instances, without breaking the integrity checks via signatures and directly following the chain of trust from one person to another. In the relay model you need to somehow trust that the relay is not evil and it becomes too easy for bad actors to try to influence what people are thinking about a topic.