Freedombone Blog

Freedom in the Cloud

Freedombone at 36C3

At the recent 36C3 congress there was a talk about the Freedombone project for the first time. It's in German and there aren't any English translations but since I've given a similar talk in Manchester earlier in 2019 I know roughly what's being described. The slides for the English version of the talk can be downloaded here.

Freedombone has been going for quite a while now, but having someone other than myself doing a talk about it at a CCC event where there are likely to be people who are interested is some kind of significant milestone for the project.

Every year I review what projects I'm working on and try to assess whether they're still relevant and worth continuing with. Technology moves quickly and what may be highly relevant one year may be technically and/or socially obsolete the next. But in the case of self-hosting projects - of which Freedombone is one - this still seems more relevant to the current time and the likely near future than at any point in the past. If anything, the problems which Freedombone tries to overcome are only becoming more acute and more conspicuous to the average internet user.

XMPP simplification

The XMPP app on Freedombone has been improved a little by going to a single configuration file and also using the Debian package. Previously it was using a very hacky nightly version of Prosody, and the reasons for that are historical and no longer apply.

For most of the time that the Freedombone project has been going XMPP was being renovated and having all of the features which you would expect from a modern chat app added. Things like end-to-end security, working avatars and client state indication. So if you wanted to run Conversations on Android and have all of the server tests pass you needed to be compiling a recent version of Prosody from source. Debian moves at a glacial pace, but now the Debian packaged version is good enough.

The previous XMPP notifications system has also been replaced with sendxmpp, and this reduces the amount of maintenance needed.

XMPP may be old but it's still one of the most practical IM systems. An XMPP server can run even on the most minimal single board computer - unlike certain other chat systems that could be mentioned - and also supports the use of onion addresses. Many people are unaware that WhatsApp is really just an XMPP server with a proprietary client app and federation turned off.

The Ecosystem is Moving Away from Monoliths

At the recent 36C3 Moxie Marlinspike - the developer of the Free Software chat app Signal - gave a talk about the problems involved with with decentralization. It was recorded by accident and then later taken down from CCC's media site, but essentially it was an elaboration upon a blog post which he wrote in 2016.

Even in 2016 it was a contested opinion that decentralized or federated systems could not compete with monolithic ones, but in the intervening years the case for decentralization has become stronger. So while the ecosystem has moved, Moxie's opinions have remained stuck in 2016. "Move fast and break things" is no longer considered a desirable mission statement, even within silicon valley.

In 2020 running a global chat system from a monolithic server on AWS, and in a manner which requires you to give out your mobile phone number, doesn't seem like all that great of an idea from a security and general ethics point of view. For example, how do we know that "ghost members" aren't being added to chat groups, as GCHQ suggested? Who is auditing Moxie's server and who else at Amazon has physical access to it? Use of phone numbers also opens up a variety of security problems. And that's even before wading into the quagmire that is the Electron-based desktop client.

Undoubtedly there are problems remaining to be solved in the decentralized chat space. If you've ever tried using OMEMO for group chat on Conversations then you'll know what I mean. It soon turns into a comedy of errors, because every participant needs to have the public key of every other participant. Assuming that people often have a couple of devices this makes it a 4N^2 problem. It needs to become possible to do secure group chat with 20 people without requiring herculean coordination efforts.

Matrix/Synapse may be doing better with its private chat room feature, but there also need to be usability improvements to eliminate the key verification nightmare.

So the ecosystem is moving. Not in Moxie's direction, but it is moving. An easy prediction is that the next decade will be more volatile than the last. Expect economic, political and environmental shocks. The last decade may have been the era of tech monoliths, but in the turbulent future those systems are going to fail, and fail hard.

Minimum cost self-hosting

A Freedombone image is now available for the Orange Pi Zero, which is one of the lowest cost ARM boards at around $10-15. If you include a power supply, a small microSD card (8 or 16GB would be ok) and an ethernet cable then the total cost of ownership is in the $20-30 range.

Orange Pi Zero board

The board conspicuously includes wifi, but in this disk image wifi isn't enabled or used. Onboard wifi typically requires proprietary drivers, which is out of scope of the project. The current Debian device tree for this board doesn't appear to work and so I've based it on Armbian instead.

There are some review videos on YouTube for this board which indicate overheating problems, but in tests I havn't encountered any issues like that. Similar to the Beaglebone Black, it hardly gets warm although in this case the CPU is significantly more powerful than the single core Beaglebone. This might have been a power management device tree problem, but just in case it wasn't it would be a good idea to ensure that the CPU isn't directly in contact with anything which could be flammable or melt (like 3D printer plastic).

A limitation is that this board only has 512MB of RAM. That means that some apps, like Matrix, won't be installable. But there are still many other apps which don't need much memory. You could still run XMPP and ActivityPub servers and maybe a blog.

Creating an Armbian image required adding another command to Freedombone, called freedombone-distro. So if you have an image set up and working and want to then make it redistributable you can run this command and the disk can then be safely cloned to as many other boards as you want. The new command adds a file which causes a factory reset to happen on the first boot. So each new install will get unique passwords and keys.

Once you've cloned the image to a microSD card then the setup time on the Orange Pi Zero is about 15 minutes. This board also doesn't need much electrical power and so potentially under favorable conditions could be solar powered. It's small physical size also makes it a possible "roaming server" that you could carry around.

AberMUSH with graphics

As a bit of light-hearted fun during the holiday season I've been adding graphics to AberMUSH. AberMUSH is a type of Multi User Dungeon (MUD) game with a Dungeons & Dragons type of fantasy theme. It's based on AberMUD which was originally written in the late 1980s on a mainframe computer at Aberystwyth university.

The codebase is completely rewritten in Python, but it's based on the original AberMUD universe of roughly 1000 "rooms" and developed in approximately 1990-91, then later released under GPL license in 1996. Maybe one of the earliest GPL'd games.

AberMUSH screenshot

AberMUSH is not so much a game as an exercise in digital archaeology. Trying to reconstruct an approximation of something which existed in decades past, but also with new features added. As a game it's so anachronistic that it seems quite improbable that anyone today would play it. Also because it's a MUSH there is no real objective to the game other than to socialize and perhaps fight in a fantasy environment. There are no quests, no points and no high scores table.

In keeping with the anachronistic theme the graphics are ANSI codes with something like 16bit color depth. This type of primitive graphics would have been possible on the more advanced DEC terminals of the 1980s, although storing hundreds of such images - even with compression - probably wouldn't have been possible with the hard disks of that time. So it's a kind of retro future project based on a past which wasn't quite feasible.

The graphics are sampled from real CC0 licensed photos and converted to a mere 60 columns across, giving a blocky 1980s teletext-like aesthetic which conveys some impression of the scene but allows your imagination to fill in the details. Another aspect of the impossibility of this project is that the public domain or Creative Commons resources which I'm making use of didn't exist in the 1980s (or not to anything like the same scale).

On the Labour Defeat

There's the old saying: no matter who you vote for, the government always gets in. And they did indeed this time, with the biggest Conservative majority since the 1980s and the biggest defeat for the Labour party since the 1930s.

I rarely voted for Labour, but did in this recent general election specifically because of the persona of Jeremy Corbyn. Someone with that kind of grassroots activism background who was involved in street level campaigns against racism and nuclear weapons is a person I can respect even if I don't necessarily agree with every policy proposal. It was possibly the only point in my lifetime when there seemed to be a realistic chance to elect a socialist government. Also the pledge to abolish benefit sanctions is a high priority to me. The benefits system is very punitive and causes a lot of unnecessary suffering and premature deaths. It's the main reason why food bank use is as common as it is. People weakened by starvation will not fight for liberty. They become passive, resigned and averse to change out of fear of losing what little they have.

I think the Labour party lost for a few reasons. That the mainstream media were very biased against Corbyn was obvious. In the 2017 election they just considered him a joke and so there wasn't so much opposition, but this time they thought he had a real chance and so they threw everything they had at him. The second brexit referendum policy was especially unpopular and it would have been better if Corbyn had just chosen one side or the other and stuck to it. Also the Labour party took their traditional voters for granted and probably should have done a lot more to explain where the money was coming from for their various policies and exactly what effects new spending would have in particular constituencies (i.e. that it wouldn't just be frittered away in corrupt housing scams and gentrification). There was a sense that the policies were mostly ok but that at a time of extreme austerity when most people are completely broke and living precariously it was very unclear where the money was coming from and who it would be going to. By contrast before the last Labour win from a Conservative government in the 1990s they were falling over themselves to explain in excruciating detail how their plans were costed.

I expect that the Labour party will now elect a centrist leader and return to being politically radioactive. That's not because centrism is popular - the LibDem leader lost her seat and Change UK were completely wiped out - but because a centrist would have a much easier time with the mainstream media. The tabloids will potentially support a centrist under certain conditions if they make the right noises, look like a sharp-suited lawyer and don't eat too many bacon sandwiches or have a Marxist father. To win mainstream media approval they will need impeccable upper middle class credentials.

Parliamentary politics is of course only a minor aspect of politics and in the next few years it will presumably continue to be a largely irrelevant dumpster fire. The important stuff will be outside of parliament, organizing for survival, opposition to privatization, street level actions and building solidarity wherever possible. Technology will no doubt play some role in that, but mainly it's down to human factors.