Freedombone Blog

Freedom in the Cloud

Pi-Hole on Freedombone

The ad blocking system called pi-hole has now been integrated with the new web based user interface of Freedombone. This blocks ads at the DNS level on your home network. It's not perfect and doesn't block all ads, but it does help to improve the user experience and speed of browsing the web. One thing I notice in particular is that it doesn't block ads on YouTube, and that Google has been adopting devious ways to avoid ad blocking by using randomly generated subdomains to serve advertising content from.

For a long time I didn't really care about ads and the internet didn't depend highly upon them. Then I distinctly remember the occasion in 2007 when my web browsing experience went from having discreet banner ads which I didn't care about to having actually offensive ads shoved in my face in a highly disrespectful manner. From that time onwards I started using browser based ad blockers, and then eventually pi-hole.

Pi-hole has its own web based user interface, but I've made no attempt to integrate that into the Freedombone web UI. That's because it requires logging, and from both a security and a performance perspective I'd rather avoid any additional unnecessary logging. If you're running on a microSD card then writing the minimum amount of things to disk is important because I/O bandwidth is low and the disk itself wears out eventually.

Continuously Integrating

I've now set up a continuous integration (CI) system for making image builds for the Freedombone system. This is something I had been wanting to do for a while, because building images by hand is laborious and not always reliable. If during a build a repo fails or a certificate expires somewhere on the internets then you have to start again. The details of the new system can be found here.

In compressed format Freedombone images are typically just over 3GB in size. Even on a fast multi-core machine builds can take an hour or more, because it's creating a minimal Debian operating system and then installing and configuring many things on top of that. In the past, and even now, I don't have a spare laptop or desktop machine to dedicate to continuous builds which would be powerful enough to make multi-gigabyte images within a reasonable amount of time. But ARM SBCs are getting good enough for this task, with a combination of a fast CPU and also the ability to run from an SSD which gives I/O performance which is an order of magnitude better than EMMC or microSD.

Various CI systems exist, but I thought I'd do the traditional thing which is to make one out of a bash script. In the old days, before the now well known CI systems existed, hackers would just create some scripts to compile overnight and report the results back by email which could be viewed in the morning. My CI system, called BirbCI is not a lot different from that except that the results are reported on a web page. Originally it was 80 lines of bash. It has grown a little, and is now a few hundred lines, but it's not all that complicated and is very general such that any type of build in whatever language you choose could be supported. The web page on which results appear can also be customized.

So in future it should be easier to do releases, since at any point in time there will be a bunch of ready made images. It will also be easier to know if anything I do with the source code breaks the build.

Government Internet

It has come to my attention that Jeremy Corbyn is now promoting the idea of a "British Digital Corporation". This mostly seems like a bad idea to me and I'm in favor if keeping the government out of my internets as far as is practically possible. Having a nationalized version of something like Facebook would be really bad for privacy, because when the government knows the contents of your private life then this doesn't usually go well. In the last century using far less sophisticated equipment governments used knowledge of people's private beliefs against them in terrible ways and it would not be a good idea to repeat that.

Also there's currently a lot of interest in regulating the internet, but I think we should be really cautious about this. Many privacy-centric people approve of the European GDPR, but regulation cuts both ways. One day it might be in your favor and the next it might not. We already know that governments tend to intensely dislike encryption and want to spy on their citizens as much as possible. After Snowden there was no rollback of government surveillance powers - quite the opposite.

If a hypothetical near future Corbyn government were to try to improve the condition of the internet with some sort of decentralization programme then what should it do?

The first thing is incredibly easy: fund free software development and have a policy that any software created or supplied for government use must be under a Free Software license. No more proprietary lock-in.

Instead of a "British Digital Corporation" make something like a "Free Technology Fund" and divert whatever money would have been spent on proprietary software or SaaS subscriptions into it.

Designate some of the radio spectrum to be used for public internet provision. A sort of "citizens band" but for internet data. That will enable long distance wifi on a band which doesn't require individual licenses.

Regulate the ISPs to supply municipal mesh networks to every city. Some percentage of any new infrastructure must be municipal mesh. Once a significant number of people start to realize how much public mesh networks chould change the communications landscape then I think there would be a big "aha moment" and a whole new phase of technology development.

Regulate in favor of encryption. That citizens have an inalienable right to communications privacy if that's what they wish to do. Make it illegal for the government to interfere with private digital communications (aka "equipment interference").

Regulate that internet routers supplied by ISPs must at a minimum be able to run some number of internet services. Things like an xmpp server or cloud server such as NextCloud. That's well within the capabilities of current technology and would greatly assist with decentralization of services.

The final and ultimate demise of Google+

And so Google+ is being shuffled off into oblivion, like many other useful or semi-useful Google services before it. I was on it for a couple of years, but didn't post much there. By the time it arrived I had started using Friendica, and the decentralized networks were just more interesting, more anarchic, and a lot less corporate.

The thing about the security issue with Google+ mentioned in their blog post is no doubt real but also a red herring. I expect that whoever is in charge of these decisions was just waiting for an opportune moment to announce the shutdown of the service, and a security bug is a convenient event on which to do that.

My main memory of that system was something which became known as the nymwars. Google tried to copy Facebook's "real names" policy, and that had some pretty bad outcomes. It was obvious that in the quest to become the next Facebook Google was prepared to throw some people under the [Google] bus. At one point Eric Schmidt went on the record to say that he didn't care about anyone who wasn't able to use their "real" name, and that people in at risk categories should just get off his platform. It had been known for at least two decades that consistent pseudonyms don't lead to the kind of bad behavior which was claimed, but advertisers (Google's real customers) wanted the "robust social graph" based upon names which they could cross reference against other banking and purchasing records from data brokers. It was an example of where the interests of Google's users and their customers came into conflict.

Google+ never really got any traction in the social networking field. The technology was ok and a few people found a home there, but it was centralized and proprietary and so not of much interest to people like me. It was used by some "open source" people who I thought ought to have known better, but that's probably because their business interests were closely associated with Google or that they were working there.

In the unlikely event that there are any Google+ users reading this and wondering where to go next, I'd recommend that they get an account on a fediverse or Hubzilla instance. Those systems can't be arbitrarily shut down, and you can run the software yourself rather than just being another SaaS victim. Proprietary software service dependency is a problem, and anyone who claims to believe in open source should be practicing what they preach.

Proxying email

Continuing on email integration with the web interface of Freedombone an email proxying screen has been added. This only applies to clearnet installs, so if you're running an onion version then you don't need to be concerned with this.

Why would you need to proxy your email? Well, the current state of email systems on the internet - as you may already be aware - is quite dire and heavily favours a few giant companies. If you're running an independent email server, as is the case with Freedombone, then it's highly likely that any emails you send will be blocked by other servers and you'll get a "delivery failed" type of message perhaps accompanied by a difficult to parse error. Even just a few years ago this wasn't always the case, and this aspect of the internet has been becoming increasingly closed to independents. Email blocking today is highly indiscriminate, with entire IP address ranges or countries being blocked by some systems. There doesn't need to be any actual evidence that you were sending out spam and in most cases you're just discriminated against by default because you're not one of the big companies. It is possible to get around this via proxying your emails through an SMTP server run by your ISP or another email service providing company. It's a less than ideal situation, but can make the difference between being in control of your own email or becoming a SaaS slave.

The email proxy screen can be accessed via the Mail icon by selecting the logo at the top of the webmail login screen. It looks like this:

Once you've entered the SMTP proxy server details then select Update and you'll then be ready to send out emails through it. That's all there is to it.

If you're sending to onion based email addresses then the proxying doesn't apply because it gets routed through the Tor network instead.

Solid Venture

Tim Berners-Lee has started a company called Inrupt to back his decentralized web project called Solid. There's an article about it here.

I'm sympathetic towards anything which is trying to re-decentralize the web and bring it back to a condition which isn't one of "everyone in my database", as happened with web 2.0. But being backed by venture capital isn't a good sign. Producing public code with venture capital always seems to result in one of two outcomes:

  • The venture fails and the project becomes abandonware
  • The venture succeeds and the software users get locked into some very contrived and usually disagreeable commercial arrangement which they hate

With venture capital the terms of exit - that is, how the users of the system are eventually going to be monetized - has already been pre-arranged at the beginning. If you've seen the relevant TV shows where entrepreneurs "pitch" to capitalists you'll know what this is about.

In the software context exit from venture capital typically means forcing people to take out subscriptions or switching the license to something proprietary or doing the "open core" thing where the core codebase remains as a useless stub and anything of value is in the form of closed addons or a closed enterprise edition. Or you just sell it to Microsoft or Google and they shut it down because it's rivalrous to their existing products or goals. That has happened plenty of times.

A recent-ish example of venture capital would be something like Makerbot. Lots of hype about how great open source hardware/software is and how it's going to change the world, create decentralized manufacturing, etc. After venture capital exit the whole thing goes closed. Taking a look at the website now it's totally corporate and I notice not only is the software closed but there is not even a GNU/Linux version. That must have been quite a kick in the stomach for the original founders, or perhaps they knew that was going to happen as part of the exit deal.

So what would be better? I think the evidence on this is pretty clear. He could start a foundation or a non-profit organization or a "social purpose corporation" like Purism. That would increase the chances of avoiding having his project cynically used and then dumped as so many venture capital backed things have been in the past.

If it looks as if Solid is going to be something useful and it's under a suitable Free Software license then I'll include it in Freedombone as an app. Solid has already been around for a few years and the code is up on Github, but as far as I'm aware it's not in a production-ready condition yet and forming a company is about trying to get more developer effort focussed upon getting it into a viable condition.