If BTsync ever goes open source or SyncThing ever achieves the quality and functionality of BTSync, then achieving autonomy over our data will be easy.
I use BitTorrent Sync with my FreeNas box. It's absolutely amazing. I am able to completely subvert the cloud and have all my data synced across devices. The mobile app is a user-friendly delight. I was able to share 15 GBs of vacation videos with 10 of my non-techie friends by sending them a read only key to a shared folder. All of them got it right away with no technical questions or issues.
Most importantly, I have all my photos and videos synced as I take them. This means I don't lose precious photos from a trip if my phone accidentally falls in the ocean. My phone, laptop, NAS, iPad, all have my photos backed up providing good data redundancy. No cloud services involved, no risk accidental publishing something private, no risk of an account hack, and no expensive data storage plans.
The only problem is I have to trust BitTorrent's proprietary software to do the heavy lifting for me. This is why I want the SyncThing project to catch up.
Fun fact: An open source[1] version of BTSync called Snakebite was introduced back in 2006, predating BTSync by 6-7 years.[2][3] These days, it's not well known at all, and the Internet seems to have mostly forgotten about it, but there it is. Van Jacobson made a couple of offhand references to Snakebite at a Google TechTalk he gave in 2006.[4] The student who created it went off to do international NGO work or something, but his co-conspirator ended up working at BitTorrent, Inc for a bit.
I don't know what BTSync is like today, but a few years ago when the call for beta testers first went out, its UX as described at the time was more or less the same as the way Snakebite's web interface worked.[5]
In what ways do you find SyncThing lacking when compared to BTSync? I started using it for work (cautiously) a couple of moths ago and have found it to be very similar (with respect to stability and ease of use) with BTSync, if not superior. Note though that I haven't used BTSync since its first days.
> I was able to share 15 GBs of vacation videos with 10 of my non-techie friends by sending them a read only key to a shared folder. All of them got it right away with no technical questions or issues.
I appreciate SyncThing's security first stance, but it would be incredibly helpful if it was a bit easier to share specific synced things with non-techies.
1) Punching holes through Firewalls - BTSync has the strong upper hand for that.
2) Much easier share structure. Synchthing still feels very fiddly compared to BTSync
I had a large corporate job that BTSync would do but I dug in my heels and tried out SynchThing and I had to buy licences for BTSync. It is working out very well.
The exceptional mobile app (iOS client) is the platform's killer feature IMO. A lot of folks use their phones as their main computer outside of work these days. I couldn't find an equivalent for SyncThing.
Aside from that what I really like about it is:
- consistent UI across platforms
- unlimited folders
- free
- Web GUI for FreeNAS plugin is excellent
- local downloads on the same network are FAST
- share keys without needing approval
- BitTorrent protocol
- "It just works" (it really does)
I have no experience with SyncThing. But to me, open source is the only thing SyncThing has going for it over BTSync. At least on paper.
Trust is indeed a huge issue that seems to be misunderstood and misapplied in the software community. Stallman's views on trust may seem radical, but he's pretty much right. Over and over I see the things he warns about come true and I trust companies and other entities less and less. It's kind of disheartening to see the huge potential of cloud infrastructure, amongst other technologies, going to waste.
I used to roll my eyes at him. I thought he was just a nut. Turns out, he was right, and I was wrong. I hate the fact that he's right, because the warnings he made seemed so obviously stupid to implement.
Stallman stubborn and incredibly unreasonable. There are many things I disagree with him, but when he is right he is right. I'm very grateful that he exists. RMS reminds me of this GBS quote:
“The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.” ― George Bernard Shaw, Man and Superman
His views only seem radical because of the way he presents them. Easily his biggest mistake is naming his movement Free Software instead of something like Software Liberties or Software Rights, and then refusing to change the name at any point after the realization of this error. Then he says things like, "They're trying to put a cloud inside your head." Which is just laughable. Most of the time he's speaking very generally without citing specific facts to back up his arguments (In the video he mentions that software is malicious, why not mention one of them so everyone knows what he means by that). Which causes anyone who doesn't know what he's talking about to write him off, and the people who do know what he's talking about don't need to hear what he has to say.
In a real debate about these topics, people usually hide behind capitalist ideals to explain the immoral use of software. As opposed to trying to argue that immoral use doesn't exist, or isn't prevelent.
Here are two of Stallmans' writings addressing "Free" and "Cloud".
> Why Open Source misses the point of Free Software
> When we call software “free,” we mean that it respects the users' essential freedoms: the freedom to run it, to study and change it, and to redistribute copies with or without changes. This is a matter of freedom, not price, so think of “free speech,” not “free beer.”
> On the Internet, proprietary software isn't the only way to lose your freedom. Service as a Software Substitute, or SaaSS, is another way to give someone else power over your computing.
It is a false dichotomy for Stallman to keep saying the only alternative to the word Free is Open Source. I have written to him and suggested terms such as Liberating Software, which is more accurate. Or at least Freeing Software. But he never even responded.
The argument made against "Software Liberties" is that any word that is similar to liberalism is highly associated with the US two-party political system. RMS has repeatedly suggested that the word "liberty" is superior over "free" in nations outside the US where that association doesn't exist.
I'm pretty sure the word "liberties" is used more by the tea party and other right wing movements than by the left. Who is making this argument? Do they have any data to back that up?
There is also lots of points where he's pretty detached from reality. One reason he doesn't browse the web is that non free software javascript would somehow hurt him. He's the reason why GCC is so monolithic and why so much progress was hindered in the last years. He thinks that non-copyleft licensed projects can't work when there are tons of counterexamples.
>One reason he doesn't browse the web is that non free software javascript would somehow hurt him.
I run a script blocker and ad blocker for exactly the same reason. Do a quick google search for "malvertising" and you'll discover he's got a point.
Stallman is extreme in all things. He doesn't use mobile phones or credit cards either, IIRC. I can't afford to be as extreme as him, I use a pre-paid visa card for online purchases and temporarily whitelist scripts on the web as I need them.
However, companies like Google, Microsoft, Comcast and Paypal would have you believe that an existence without the products they are pushing is completely impossible, and I think it's both an important and worthwhile thing to be the man standing at the other end of the spectrum proving that they are full of shit. That's what Stallman is doing.
One reason he doesn't browse the web is that non free software javascript would somehow hurt him.
Not using social media is considered a badge of honor by many. Not using the web (although that's not entirely true in RMS' case, he just heavily limits it [1]) should be considered a commendable feat, too. Since it's RMS, though, it's just another opportunity to disparage him.
He thinks that non-copyleft licensed projects can't work when there are tons of counterexamples.
RMS himself has encouraged use of non-copyleft in the cases of e.g. Qt and Ogg Vorbis, either as transitional licenses or as means to free up the software when the alternative would have been remaining proprietary. He says as much here: https://lwn.net/2001/0301/a/rms-ov-license.php3
Not using social media is considered a badge of honor by many.
Sure, but why? Because it's difficult? Because it's useless newfangled morally-corrupting stuff?
Not using the web ... should be considered a commendable feat, too.
Again, why? The web is useful. Is it also commendable to cook all your own food from scratch, do all your laundry by hand, avoid use of electricity, etc?
Mostly because you descend into a circle of procrastination and self-hate. And the funny thing is, they are engineered that way: facebook doesn't want you to keep the connections with your dear ones, all they want is to keep you more and more on their website, scrolling mindlessly. That why I blocked the site in /etc/hosts, and only use messenger.com and pidgin with the new facebook plugin.
I blocked it in /etc/hosts and also deleted my account permanently. After doing this my sense of life's possibilities became enhanced... The world stopped feeling overdetermined, even predetermined, by what was on facebook.
Facebook's seemingly innocuous site has turned out to be an incredibly intricate mmorpg where your character is some uncannily "realistic" version of "you," and whose map slowly begins to dominate your territory. It is an extremely addicting game for some of us.
His internet habits have come to pass for a few reasons.
He is extremely security conscious. He doesn't like "active" content and so uses a script to download the web pages he wants to read for later browsing from an off-network computer. This has nothing to do with the license status of the JavaScript. Do you run IE? Or do you run Firefox or Chrome with ad blocking?
He prefers not to trade personal information to pay for access to communications platforms that have little additional utility to e-mail from his perspective. I'd disagree that this is detached from reality. He just doesn't hang out in the same bar as you.
Regarding the GCC, he's made a calculated trade-off of modularity and simplicity for the sake of the GPL's "walled city" of free software. Complecting for effect, if you will.
As for his opinion of non-copyleft software, I think you'd need to qualify your "can't work" phrase. I say this because I think he's absolutely right if we qualify the phrase as "can't work to protect consumer's long-term freedom." I would disagree with your characterization if you are claiming RMS thinks that only copy-left licensed software can be successful. I'm fairly sure RMS sees both Windows and Mac OS X as harmful successes.
It was my first time meeting Stallman at the Indie Tech Summit (where I also met the CloudFleet guys). He's a little eccentric, but he's one of the reasons I'm now on a Linux machine instead of a Mac!
The battle for desktops and laptops is still not even close to won. Proprietary microcode in everything is on the rise, motherboard firmware is less open every generation of x86 hardware, and now we are seeing SSD microcontrollers be exploited and be otherwise untrustable.
Gains have been made, in that GPUs are much more open now than they were 10 years ago from AMD and Intel, and AMD has done a good job supporting their chipsets in coreboot for the last several generations of hardware, but it is still practically impossible to buy off the shelf parts and build a computer you actually control unless you accept AMD's microcode blobs for GPUs. And its not something to ham fist and say "don't worry about it" because there have been multiple instances of bugs in the microcode the GPU boots with having bugs in it that break the graphics stack on Linux. Freedom is valuable everywhere even if you don't practically see yourself taking advantage of it.
I know. I'm not saying we should ignore desktops. But things are on the right path there, I think. I can order a brand new (and inexpensive) Rockchip Chromebook tomorrow and get it going on a fully open stack. Not even CPU microcodes, although I don't know about its SSD microcontroller. I think this is remarkable.
Now, if we talk about mobile, there are only a few niche projects like Neo900 which might release extremely expensive, outdated and half free hardware. On the software side of things, Mer is pretty much dead, and Replicant offers very limited functionality only on cherrypicked old hardware.
Bunnie Huang (of MIT fame, original cracker of Xbox, proponent of open hardware [see: Chumby, Novena, etc]) has a really interesting talk given at the Media Labs in '15 at his alma mater[1]. It's about 1:15 but fully worth the watch including the QA, if you have any interest in 'open hardware'. That Rockchip run's on a fairly complicated 4core ARM. So which while the instruction set may be open, so is Intels. They'll happily ship to you their 3 volume multi-thousand page ISA. (Open is when you get to see any of final Altium/Cadence files that were used for the tape-out to make production wafers). At best you might get a few block diagrams. Good luck getting anything more than that. The closest you'll get to something open might be collaborative open standards a la the OpenPOWER (still, not that open) or RISC-V (which is probably still fab'ing at what, 65nm? 45?)
Anyways, that Rockchip is far from open. watch the talk to see his rationale behind choosing Freescale as his microprocessor of choice. He remarks on how $2.25 SoC picked up on the streets of Shenzhen have the full capabilities to run on GSM, which is really pretty remarkable. Obviously they're stealing IP and probably using grey-market tech/seconds that failed QA, but when he talks about the innovation _within_ that grey-market its fascinating. Even with his PhD in EE from MIT, experience in taking consumer products to market multiple times, fluency in Mandarin to aide in his ability to navigate the markets of Shenzhen, he'd have a real difficult time making a low-unit production run to compete with half the functionality of a low-level Android at twice the price because of the massive barriers to market. (Starting with easy things like UL certs and proper EMI shielding to more difficult political issues in getting a phone like that through the FCC and to the consumer). There's no economies of scale to help when Johnny doesn't know why he needs OSS.
Tangentially - if the N900 was still around I'd pay retail for it.
[1]http://www.bunniestudios.com/
[2]The reason it's so cheap is because they're clearly not paying any licensing fees to the appropriate IP owners. Every time a phone gets pumped out in a market where companies have litigious recourse, you have compliance with FTDI and pay your taxes to use USB, rent your little carved out spectrum from the FCC, etc.
Are there any non-license encumbered protocols similar to USB? I know DisplayPort is royalty free. How does that even work when you can run USB over Displayport?
I know there is no open band 4G standard, and while WIMAX is close its only advertised for support on restricted radio bands, which is not good enough. But radio spectrum allocation already is an extremely fucked up mess that needs dissolved all on its own.
There's only a license for USB if you want to use the USB trademark, or if you want your own Vendor ID. Pretty much every chip with USB already has paid the money for the Vendor ID because it makes headaches due to collisions, etc, much, much less likely. However, if you need an id, http://pid.codes/ has pids for your use for free. USB over DisplayPort, the company almost certainly has paid for a USB vendor ID, for much the same reason. If you're making a few million chips, the amortized cost of the license becomes less than a penny. Displayport, if you don't want to carry USB, there's no requirement to -- the displayport connectors on my video cards certainly don't carry USB.
Regarding similar protocols, there really isn't anything. One of the lessons from the Bad Old Days is that not having a centralized registry is that you get frustrating conflicts and huge interoperability problems.
With radio spectrum allocation, it's fucked up for a number of reasons, and dissolving it would cause even more problems. Radio astronomy needs clear areas of bandwidth so they can look over the sky and analyze, emergency responders need the same so people can be directed quickly, local broadcasters need it so that people can actually broadcast. Cell phones need them so they can communicate with towers. Radio technology is /complicated/ and at higher frequencies, it only gets moreso. That's why devices need licensing -- if someone screws up the radio hardware/software, it can easily impact more than themselves. Abolishing any sort of spectrum allocation would only lead to a commons that would quickly degrade and send us right back to corded devices.
I just want to point out there is a distinction between allocating spectrum for certain purposes and selling it to private companies. I would never recommend not having a frequency band restricted to emergency communications, though I admit I'm not informed enough about astronomy to know what is optimal there, but I still feel outright saying "you cannot produce radio waves of <these> frequencies, ever" is a very blunt solution.
My larger point is that we have observed in the last twenty years that while signal congestion can be real, we can also now build radios sophisticated enough to deal with it much better than in the past. Things you cannot have interfered with like air traffic control and emergency broadcasts should absolutely be given their own channels, but technology has improved enough that we can certainly stymie their band allocations they are given today without compromising integrity assuming the use of more capable radios.
But even then, I'm not strongly arguing to do any of that - I think it is possible, but I also don't think its particularly necessary - we could simply de-privatize most of the sold off spectrum to private companies to be used for public communications and in the common interest. Think of the Internet bandwidth over air we could get if we had gigahertz of available channels between the 500 to 5000mhz bands.
Another frontier that the Free Software community should set their sights on is virtual reality. The potential impact of VR is enormous, and one of the leading VR development and content creation tools (Unreal Engine) recently open-sourced thier product (though I'm not sure if it was done with an FSF compatible license). Unity, the real giant in the VR arena, and Oculus' own code are closed, if I'm not mistaken. I'm not sure how open Oculus' competitors are (HTC Vive, Playstation Morpheus, and Microsoft's Hololens), but I wouldn't be surprised if they're all closed. Making a difference in the openness of the ecosystem at this relatively early stage in its development could make a big difference.
Google is working on an Android based virtual reality OS [0], hopefully that will be free. Google Cardboard has a repo but it's just binaries. Valve/HTC are ostensibly working on opening their Vive headset through OpenVR, but the repo [1] is a bunch of binaries as well. Oculus freed the DK1 firmware [2] (not the sdk though), Linux support is coming after launch (probably not free though). Slight aside, Palmer said in an interview that they've noticed that people spend more time watching movies than gaming on the GearVR, so there's definitely tracking code in there. Finally there's OSVR, which seems the most promising, though the actual hardware maybe not so much[4].
Ultimately, I think there's enough to be optimistic about. Someone definitely should work on extending X11 or Wayland/Mir to VR, though I'm not sure how doable that is at the moment. Plus things are moving quickly right now, which complicates things even more. Probably will be good to wait for standardization, which Palmer has said will happen eventually, or build a mobile os for vr.
>ne of the leading VR development and content creation tools (Unreal Engine) recently open-sourced thier product (though I'm not sure if it was done with an FSF compatible license).
Nope, sadly absolutely non-free. A blnice example how the term 'open-source' is ugly.
In addition to phones. It's obvious hardware should be tackled as most mobile hardware has firmware that is proprietary. Plus some hardware has features that is hard or impossible to turn off.
Really cool project! As CloudFleet was one of the first backers of Mailpile (disclaimer, I co-founded it), I've always loved their concept and am stoked it's coming to light :)
Anyone find it funny that the video is on a non-Stallman CC-ND License?
> Q6: Can you comment on the Creative Commons licence?
Richard Stallman: The thing is, it's meaningless to talk about Creative Commons licence. The bad thing about Creative Commons is that it has produced a broad series of licences that have nothing in common. In fact, if you look at these licences and determine what is the freedom that is common to all these licences, the answer is: nothing.
Yep. Add to that all kind of attempts to erode the ownership of digital goods by all kind of stores which pretend they sell you something, while really they only rent it (for no good reason). DRM and its kin come along with that. Support DRM-free stores and boycott DRMed ones to vote with your wallet.
Stallman just has a way of putting things that makes you feel doing otherwise is wrong. I never thought of data autonomy this way and I've been fine with using popular cloud services till now
Stallman does a good job of calling out cognitive dissonance, as do most individuals with wisdom.
The question is why are you and others "fine" with running your services on someone else's systems? I think the answer lies in what Stallman said about keeping your software and data "under your control". If someone has control of the services you use, or the data you store in those services, there exists a clear manner in which revenue can be generated, the product improved and their ability to run it better than you increased to the point they can market it as the only way to do it. In a way, the public cloud exists because people don't want to spend (or have) the time to understand how to run the services in a reliable way themselves, on their own equipment, in their own domain.
The argument becomes exactly what you hear everyone from software interns to VC parrot: I trust Amazon to run my servers better than I can.
By taking a bit of trust from a bank account, and giving it to someone else, users are able to "put off" having to understand how services and systems operate. They are, in a way, willing to ignore the fact the service and data is outside their control in some use cases that actually matter. This is what Stallman meant when he said "put a cloud in your mind".
That "cloud" is actually cognitive dissonance. Literally believing your data is safer on someone else's servers because you could never run it better than they could, while at the same time being totally OK with not having any control over where it is stored or who has access to it.
If cost (and the time associated with it) were no objection, where would you choose to run your services and store your data? If you had a choice between running it at my house and running it at your house, which would you chose?
I'm fine with relying on other people because I do it for every other part of life already. I don't grow my own food, I don't produce my own medical supplies, I don't build my own wifi devices and I don't pave my own roads. No one engaged in modern western-civilization does; we all rely on everyone around us all the time to live and do things.
Cloud backup services, VPSes, photo-hosting sites, Twitter, whatever, they're the exact same thing. If something about these services isn't fair or just, the answer is to find an alternative, inform our friends and neighbors, work to change laws, etc., whatever, not just try and do it all ourselves in some pointless attempt at individualism.
If cost and time were no object, I'd pay someone else to manage every single bit of my infrastructure, and task them with the responsibility for making sure it kept working. I wouldn't ask how, it'd be their job, the thing I'm paying them for.
(If I had any knowing of the details, I probably wouldn't want them to build a server and buy colo space, though, because of the resource consumption that would imply. All that electricity for redundant server hardware to endure disk crashes and so on? What a waste!)
You are essentially completely strawmaning the argument ... or, more likely, not understanding anything at all.
Nobody suggests that we should give of division of labor. Got that? That's just one big fat straw man that you made up. People (like RMS) simply analyse what kind of power structure results from how specifically the division of labor currently works/where it currently seems to be headed. And then he points out where those power structures might not be in your interest, so you might want to do something about it.
So, sure, you don't grow your own food. Nobody suggests you should. People just suggest that maybe it's not in your interest to sign a contract that prevents you from buying food from anyone but Foodle Inc., even if they promise you the easiest food on planet earth. Maybe with one option out that has "migration costs" of 10000 USD attached to it. Or that it might not be in our interest to have any entity know everything about us, because that makes them a very powerful entity, with huge potential for abuse of power. Because there is a difference between your doctor knowing very private things about you and one company having a database of all of those private details of all citizens.
Also, you might not have noticed, but someone is trying to inform you that something isn't fair and just. But it seems like you aren't listening. And what people are also pointing out is that finding an alternative is not really an option if you are locked into a service affected by network effects.
> If cost and time were no object, I'd pay someone else to manage every single bit of my infrastructure, and task them with the responsibility for making sure it kept working. I wouldn't ask how, it'd be their job, the thing I'm paying them for.
In the hypothetical discussion we're having, I gave you unlimited time and resources. With that, you chose to let someone else to manage and control your data instead of managing and controlling it yourself, for what appears to be no gain. The logical conclusion is either a) you don't care if someone else has ALL of your data, or b) you don't understand that giving someone else your data will eventually result in the loss of control over that data over some given period of time.
When the only criticism to "a cloud inside your head" is "laughable" I can't help to think it comes either from malice or ignorance. A real argument should carry more weight. (And I realize this goes both ways).
I know, but the bias to think that it's malice or ignorance is much stronger than it ought to be, so if we don't all consciously practice the benefit of the doubt, things are guaranteed to get acrimonious.
In the video stallman states that nonfree software is in the control of the developer who owns it, which is true, but isnt a developer of free software equally in control of their software? I dont look into the source of every program on my OS, even though if i was to use 100% free software, I could. This means I am equally depending on the developer of the free software not to be malicious as I am the nonfree software.
> This means I am equally depending on the developer of the free software not to be malicious as I am the nonfree software.
You're typically not the only person who is capable of looking at the code. If there are malicious features you can, in principle, go and see what they are and disable them. More likely, you can depend on others to do it, or you can even hire someone to do it for you. These options are not even available with non-free software.
There is a further purely psychological matter. People are more likely to behave nicely if they feel watched. If they are publishing the source code, they are less likely to be malicious, because they know that anyone can, in principle, inspect their malice. This results in fewer malicious features.
In the case of Firefox doing things like Pocket or Hello or whatever, people can and do go ahead and replace Firefox with things like GNU Icecat or Debian Iceweasel that can remove these unwanted features. Or Firefox extension authors can provide extensions to modify almost anything about Firefox, a task which is facilitated by having access to all of Firefox's source code.
They're not equally in control, as you can study, modify and redistribute the code. If you want to make your own version of the software, they can't stop you. So they're not equally in control.
You are relying on them to not be malicious, but you can also rely on anyone who wants to examine the code not to be fired or imprisoned for doing so. That's better than with proprietary software.
The point is that even if you personally didn't look over the source code, you'd be able to if you'd like to, and it's likely that people other than you have already looked at it.
This greatly reduces the opportunity for a developer or some other entity to introduce malicious code -- and even if that occurs, you reserve the right to remove it yourself and modify the programs you use as you see fit.
At least with free software there is the hope that malicious code will get picked up on by someone with an interest in reading the source, who would then make that functionality known to others.
I'm sorry, but this is profoundly naive. If the name "Richard Stallman" weren't attached to it, you wouldn't have watched this video.
The world doesn't have time for everyone to deploy their own server. I mean, honestly, ask yourself if you even have time to do this, or if it's just yet another project that's going to get piled on top of the Raspberry Pi and Beaglebone Black you have sitting in your projects box. Plus, everyone operating their own server is an indescribably large security catastrophe waiting to happen. IoT is a perfect example of this. Those exact same massive companies opaquely hosting your data struggle with security issues on a daily basis and even they can't always get it right.
The answer to data autonomy is end-to-end encryption. Full stop. We need a protocol that gives exact, one-to-any (one-to-none, one-to-one, one-to-many) control over sharing. That can be enforced cryptographically. It would be nice if that same protocol also had a consensus algorithm for data deletion, so we could avoid this whole "right to be forgotten" vs "free speech" debate.
There is at least one example of such a protocol. I know, because I'm the one developing it [1], and I've been incredibly frustrated at how difficult it's been to build awareness, because my name isn't, for example, Richard Stallman.
Is it naive though? Naivety is a suggestion showing a lack of wisdom or experience. Stallman has this in spades. I'd peg this as 'idealist'.
To wit, imagine a world where:
* Everyone has a block of static, globally routable IPs (no NAT).
* Consumer broadband etc was less asymmetric, and not strangled my media conglomerates.
* Everybody ran a decent operating system with a package manager that handled updates for all their software.
* Server and P2P software was so easy to use that it became invisible
* The Internet hadn't become synonymous with 'the Web' for most people in the 90s/early 2000s. (Remember when we used to talk about 'the Web' just like how we talk about 'the Cloud' now? That's because, as far as most people are concerned, it's the same thing.)
... in such a world, suggesting everybody run their own server doesn't seem so crazy. In fact, there's still a lot of grass-roots belief in these ideals : http://redecentralize.org/
> The world doesn't have time for everyone to deploy their own server. I mean, honestly, ask yourself if you even have time to do this, or if it's just yet another project that's going to get piled on top of the Raspberry Pi and Beaglebone Black you have sitting in your projects box.
If there is something naive here, I would think it's this? What is so inherently difficult about deploying a server? If you want to find out what the right thing to aim for for the future is, it's not useful to base that decision on what is currently the case. By that measure, thirty years ago, you would have argued that computers for everyone was naive (honestly, ask yourself, who would have the time to learn how to jumper the IRQ and IO port assignments and all that?), and yet, somehow, we managed to end up with everyone carrying computers around all the time. Notice, though, how people don't actually manually assign IRQs on their iphones?
I mean, what is even the fundamental difference between a "server" and a "client" that makes one of them so incredibly difficult and dangerous, but not the other? It's both just software talking to other software over the network. Yes, if you have crappy software, you can end up with huge security problems. Ever heard of Windows 95?
>The world doesn't have time for everyone to deploy their own server.
I heard people say the same thing about smartphones before the iPhone - that they would always be the preserve of nerds with too much time on their hands.
>I mean, honestly, ask yourself if you even have time to do this
I'd actually like to once there's a sufficiently easy to use project to automagically set up and configure a raspberry pi.
It doesn't sound like he's advocating that everyone run their own server. He said that if you require your data be available all the time, then you should run your own server; otherwise, you should keep your data on your computer.
That being said, I don't see a problem storing data on someone else's computer as long as that data is encrypted and I alone have the ability to decrypt it. Trusting someone to encrypt your data for you when you give them your data is essentially the same thing as giving them access to the unencrypted data.
> Trusting someone to encrypt your data for you when you give them your data is essentially the same thing as giving them access to the unencrypted data.
Absolutely agreed, which is precisely why it's so important to be end-to-end, which implies client-side encryption. Unfortunately, this is a totally different environment than we're used to; it doesn't break the internet, but it definitely breaks the web. Part of the challenge of the work I've been doing on this problem has been to envision exactly how this new thing would work. It's really cool stuff, but it's a dramatic departure from what we're accustomed to.
> It doesn't sound like he's advocating that everyone run their own server. He said that if you require your data be available all the time, then you should run your own server
The problem is, total availability is exactly what we've come to expect from the vast majority of internet use. This is particularly true of the most popular websites. Facebook, google, etc wouldn't work with totally intermittent data availability, but for a growing number of people, they are the internet.
Yes, I wonder if RMS has any objection to clouds where the user data is encrypted end-to-end, like with Tahoe-LAFS. Does that count as running your own server if you have client-side encrypted data through Tahoe backed up on Amazon servers? Or is there too much info leaked, or some other way that Amazon could engage in hostile behavior with respect to data it cannot read?
If there is no risk of surveillance or lock-in, he'd probably be ok?
After all, "cloud" is a pretty ill-defined term. He certainly doesn't object to things because someone calls them "cloud-something", but because of the power structure they entail--which happens to include stuff such as surveillance and lock-in with a lot of the stuff that's currently being sold as "cloud services".
Open formats and standards that are fully usable on other platforms are also important. Many companies provide "export" functionality, but actually using your own data from some XML file often means a non-trivial programming project.
You need formats where you can make them usable easily, using free software (ideally several options), on multiple different kinds of platforms (cloud, local pc, mobile).
I agree that preventing node-locking is a critical step in being able to make data decisions. I'm on a bit of a personal crusade against lock-in, actually, but I'd argue that's different from the kind of autonomy (probably better described as agency [1]) we're referring to in this context.
Having control over information creation, retention, and sharing is what I would describe as agency of data possession. Node-locking, open standards, etc, create what I would describe as agency of data use. They're both incredibly important, but you can't use data without possessing it.
It is naive, and it's poorly articulated, unfortunately nearly broaching the 'tin-foil hat FUD, disregard everything he says, that nutter' territory (see: his "cloud" analogy). I like to think of Stallman as Chomsky -- a little out there, really attached to their ideologies, but usually they bring up a conversation that's worth having.
The second I heard this, I as did you thought about the problem of hosting your data at a DC; likewise, I too saw the 'everyone hosting their own server' problem[2]. It's no coincidence that there are at least 3 of us (StravosK and the #letsauth HN crew, you, I) working on this. Many more[3] in fact that we might be reaching the "too many NoSQL solutions out there" problem.
I agree with you I haven't had time to go over your work but consensus algos for removal of data is an impossibility (the second someone has access to the decrypted data is the second it's fully compromised at the read level[1], and only later can one mark the data as unreliable. Consensus to determine what's unreliable is possible, though fraught with peril. There be dragons.) Secondly - and I say this as someone who's working on software similar to what you are writing - in order for crypto to be adopted there needs to be a lot of things. Primarily, there needs to be one, at worst two, solutions - or we'll suffer from complete and total 'choice overflow' (i.e. which NoSQL solution do I use? There are 50!). Secondarily, crypto should ideally be written around known algos, and more importantly, known algo implementations (e.g. libsodium) which are based around concepts and have been heavily audited. Finally, there should be interop between the systems. I.e., keybase.io has already solved the problem of getting techies to adopt asymmetric crypto/figure out how to exchange keys/etc by tying a users FB identity to it. Not the ideal solution, but the best trade off for user adoption. Awareness is hard, but if we all band together (#letsauth + keybase.io + Automattic is a realistic possibility), I don't see it being impossible.
Bottom-line: _Ensure interop with previous implementations so we don't overwhelm the internet with choice, effectively shooting ourselves in the foot_
[1] I can write an IO device driver in a weekend that'll clone bit-for-bit anything that hits a specific directory, segment of memory alloc'd by a process, etc. Once your information is out, it's out for good.
edit: [2] On second thought, not as far-fetched as it may seem. ARPAnet was designed around maintaining network communication in case of nuclear disaster, and if you read the spec sheets that came out during that time decentralization was their solution. Everything from routing (RIP, OSPF, BGP, take your pick) to SMTP (the RFC is rife with the capacity to handle server unreliability) was designed with the intention of dealing with this. Not only that but before NAT took over, effectively every machine was effectively capable of operating as a server. It wasn't until say the mid 90s that the distinction between workstation and server became clear. Effectively, you trusted your sysadmin to not read your mbox/maildir and he acted as your technical agent. When my friends and I were dicking around with BSD and Slackware in middle school and early high school (oh what rebels), we ran our own SMTP's acting as backup MX for each other when our Pentium 2's were rebooted by our parents. This is all a long way of saying, not everyone needs to run a comm-server, just one (or two if you need a 'backup MX') per social network in order to offer their services to people within their social "web of trust".
Edit2: Yeah, #letsauth on freenode is the defacto standard, thus far. And have an upvote, my good man, for caring enough about security to do something about it, and speak about it's subtleties on a Sunday afternoon.
This is maybe a discussion we should be having elsewhere, but for lack of a dedicated thread somewhere, and because I think it's interesting, I suppose we might as well keep going on the tangent. Moving forward though, is there anywhere dedicated to talking about this kind of stuff, or should we set somewhere up?
> consensus algos for removal of data is an impossibility
There may be a bit of a semantic barrier here. What I mean by consensus removal is "can we, as a society, decide that it's okay to delete this piece of data?" That can be done as a zero-knowledge algorithm. The approach I've taken with it is, loosely speaking,
1. Author Alice publishes (encrypted) data, tells server "don't delete this"
2. Alice shares with Bob; Bob also tells server "don't delete this"
3. Alice tells server "now it's okay to delete"
4. Alice can see that Bob is preventing deletion
5. Alice provides social/legal/political pressure to Bob to remove his hold
6. Object gets deleted
Technically it's implemented in a way very reminiscent to name binding and garbage collection in memory-managed languages. It's worth noting that no, this isn't something that's solvable strictly with in-protocol actions. The external pressure step is necessary to prevent deletion. But that's exactly my goal; we're never going to be able to solve profoundly complex social problems with algorithms.
I use BitTorrent Sync with my FreeNas box. It's absolutely amazing. I am able to completely subvert the cloud and have all my data synced across devices. The mobile app is a user-friendly delight. I was able to share 15 GBs of vacation videos with 10 of my non-techie friends by sending them a read only key to a shared folder. All of them got it right away with no technical questions or issues.
Most importantly, I have all my photos and videos synced as I take them. This means I don't lose precious photos from a trip if my phone accidentally falls in the ocean. My phone, laptop, NAS, iPad, all have my photos backed up providing good data redundancy. No cloud services involved, no risk accidental publishing something private, no risk of an account hack, and no expensive data storage plans.
The only problem is I have to trust BitTorrent's proprietary software to do the heavy lifting for me. This is why I want the SyncThing project to catch up.