Freedombone Blog

Your Data. Your Server. Your Place.

Notes during Pandemic

I thought for a long time about whether I should write anything about the pandemic of 2020 here on this blog. It's such a serious situation that in future anything I might write now could appear to be hopelessly naive or disrespectful. Many mistakes have been made, and I think that's primarily because nobody has experience of this type of event within living memory.

Something which the pandemic has already shown is who is really important in the economy. It's not the highly paid people, like bankers or tenured professors. The people who deliver the most value to the economy, and who keep it going, are the supermarket and warehouse workers, the delivery drivers, care workers, farmers, cleaners, bakers, nurses and refuse collectors. The people who are typically on minimum wage or zero hours contracts. There's a paradox that the people which society values least are actually the ones most essential to its continued functioning.

The crisis will eventually pass, and when it does I hope that the people who got us through it are appropriately recognized. I also hope that grief and anger can be effectively transformed into lasting change. We must not return to the old world which existed before the crisis. In the new economy nobody must be denied medical care or food or housing, and the well-being of everyone, rather than private gain for a few, must be the main priority.

The Cloudflare Conundrum

As an extra firewall option I've added the ability to block Cloudflare IP addresses within Freedombone. For now I'm not going to make it the default and instead leave it as an option within the freedombone-sec command. The reason for that is because Cloudflare has become so pervasive that blocking it by default could break things.

Cloudflare is an expanding centralized system implementing a sort of internet based firewall or firewall by proxy. It has sometimes been described as "the lazy admin's firewall". So if you're a corporate sysadmin on a six figure salary and you'd rather spend time on the golf course than configuring servers then your go-to solution is to proxy your traffic through Cloudflare and hope that they do a good job of filtering any incoming bogons. The trouble is that this proxied Man In The Middle situation then turns into a hazard, because it's a point at which third parties can exert control without the knowledge of sender or receiver (Alice and Bob in the security lingo. Cloudflare would be Eve). Unless you absolutely trust Cloudflare, it breaks the transport layer security.

One problem on the immediate horizon is that Gitlab will be using Cloudflare soon. If cloning a repo goes through a Cloudflare proxy then there is very obvious potential for targeted nefariousness to occur. Imagine a government issuing a secret order to insert a bug into a repo when it is cloned by a certain IP address, without the knowledge of the git hosting company.

At present the Gitlab mirror of Freedombone is being used for updates, so I may need to rethink that and move it elsewhere.

Blogging in Epicyon

Very basic blogging functionality has been added to Epicyon. There's now a blog timeline and you can select "blog" as a category when creating a new post. Blog entries are entirely public and at present they're not editable after being published, although that may change in future.

The maximum content length in terms of raw text has been increased to 32K, so that's easily enough to allow very long ranty blog posts with lots of meandering.

Blogs are published using the "Article" ActivityStreams type, and that seems to be the way that other fediverse blogging software does it too. As usual it's possible to reply to blog posts as if they were any other fediverse post, and the usual moderation settings also apply. There's an upper limit on the number of replies per post in order to avoid hellthreads and replyguys.

Once published your blog is visible under https://yourdomain/blog/yournick. Replies will only be visible if you are logged in. This isn't really a privacy feature in the familiar sense, it's more intended to avoid marketers scraping everything and trying to build profiles of how people interact.

For now I expect to continue blogging here on Bludit. Fediverse blogging is in its infancy and might become a bigger thing in future. As it stands right now Mastodon - the most popular fediverse server - doesn't appear to have the capability to display Article type posts other than showing them as a link.

DMs and Emoji

There are some recent major fixes for sending DMs and posts including emoji within Epicyon. Formerly if you were not running in debug mode then DMs just wouldn't send. It was a minor bug in the code, but with large effects.

Emojis may still not federate perfectly - especially custom ones which aren't in the standard set - but they should work more reliably than before.

Prepper Pontifications

Like most people, I'm not good at predicting the future. But my intuition is that the environment for people running independent or "open web" systems is going to get harder in the coming years. The trajectory over the last 20 years has been towards centralization and I think this is going to enter a more aggressive phase in which earlier ideas of openness are entirely jettisoned and there will be moves to produce fully contained national or regional networks, similar to Iran or the experiments in Russia, in which services are only provided upon presentation of a government issued ID (eg. Aadhaar).

So I think what we ought to be doing is to be preparing for a future in which some of the assumptions about the internet which we presently hold no longer apply. Assumptions such as globally available open networks in which server A can talk to server B without regard for national borders. This probably means more emphasis on mobile, p2p and "offline first" systems which can sneakernet their way around any officially imposed restrictions. It also means more emphasis upon community owned network infrastructure so that it's more difficult for any single organization to have control of everyone's communications.

The state of p2p apps on mobile right now isn't encouraging. Because they need to keep connections open they tend to consume too much battery power. So what's needed are p2p systems which expect intermittent connectivity and which can operate in a store-and-forward mode. If the person you're trying to contact isn't online then maybe the message gets sent to someone else in your contact list who is, and who can then relay the message if necessary.

I hope I'm wrong about this and that things are actually going to redecentralize. But, as someone pointed out, nobody ever got rich by giving away their power. So the software industry with its very capitalistic focus probably isn't going to embrace decentralization in a substantive way. If they do then their business models evaporate. So if there is redecentralization then it's going to require a movement sufficiently large that the incumbents can't ignore it. Centralized systems are also extremely convenient for governments, so the route of legislation and regulation of "big tech" might not go much beyond posturing and empty rhetoric. Sabre rattling without any followup. For the most part, they're quite happy with Facebook or Google being a single point of contact.

Advice to Jack

Dear Jack,

You don't need to ask Elon Musk how to fix Twitter. Elon may know some things about rockets, but aside from that he will only give you bad advice. He is not the average Twitter user and doesn't experience what most of your users are experiencing.

I am glad that you have come to me for a second opinion. I appreciate you taking time out from your busy schedule. Giving all those fascists blue ticks must take up a lot of your time. So here's what you need to do:

First, take a long hard look at your bank account and any other assets which you may have. Ask yourself "can I live modestly on this for the next few decades, or indefinitely? Do I personally have enough?". I think I know what the answer will be. Then ask yourself "do I really need the money, or am I embarked on a more general project to do something for the world?". To "put a ding in the universe", as the late Steve Jobs put it.

It's going to be the latter.

So how to improve the world with Twitter as a starting point. You won't be able to fix any of the existing problems with AI. That will only make the situation worse. Turn Twitter into a set of fediverse instances. You could do it by country/state (twitter-uk, twitter-us-ca, etc) or by topic, or both. Country is probably easiest, since the user migration can be automatic. Go all-in on ActivityPub. Send some people to W3C to fix the protocol specification to properly include all of the features actually in use in the current fediverse. You don't need to be a genius or invent anything new. It's all been done for you already. All you need to do is produce a nice document which is easy to read, with examples. Then turn your company into a non-profit foundation which maintains the instances and contributes to the evolution of open standards.

You may be wondering how this solves the "fake news" or bot armies problem. It doesn't. But if you implement the federated standard with all of the moderation controls, and let admins do their thing, then you will find that the bad actors become contained. They lose their global reach and ability to mobilize rapidly. In a federated system the problems that you're trying to fix become more tractable. Users can migrate around to whichever instance suits them and there's a self-organizing "invisible hand" type of effect. New spinoff instances will appear and some of those you originally set up may fail, but that's ok.

You can spend the rest of your days as an ambassador for open standards, an open web and instance governance best practices. This is how you put a ding in the universe. If you just carry on the way you are doing things now then you'll go down in history as "the guy who helped rig elections" or "the guy who helped give nazis a platform". I'm assuming that's not the sort of legacy you'd prefer to leave.