Slashdot Mirror
Eben Moglen Calls To Free the Cloud
paxcoder writes "You have been informed about Diaspora, a (to-be) distributed free social network. What you may not have known is that it was inspired by an excellent talk by Eben Moglen called 'Freedom in the Cloud.' But it doesn't stop there. At Debconf 10 this month, Moglen went further, and shared his vision of a free, private, and secure Net architecture relying on ('for lack of a better term') freedom boxes — low-price, ultra-small, plug it into the wall personal servers. He believes they will catch on since they will eventually cost less than a router, provide more functionality and freedom to the user, and even help your friends bypass any censorship by encrypting and routing their traffic. Since hardware is being taken care of, we are called to assemble the software stack. The title of this sequel talk is How We Can Be the Silver Lining of the Cloud."
Hardware that no one has adopted with software which no one has written is not a replacement for social networking sites.
...can't wait for these wall-wart 'freedom boxes' to get rooted on an astronomical scale.
Imagine a Freedom Beowulf Cluster!
Hoping not to have to set aside the time to wade through all the annoying happy talk just to find out there's no technical meat. Someone please just tell me: are they nailing down a protocol spec first so that we can all do our own interoperable implementations, or at least all contribute code, and so not have the time wasting nightmare that was the Freenet project?
We don't need yet another new programming language. Let's just pick an existing language and fix its flaws.
Am I misunderstanding, or is the entire premise of this vision relying on 99 dollar, Linux powered, "plausible deniability" boxes?
How does encryption tie into a 99 dollar wall-wart? Privacy? Mesh networking for country living?
I just don't see it.
I see where he's going with this, and while I expect that certain aspects of the concepts will eventually be implemented in different ways, we have to be clear that the idea of everyday people administering their own servers is just not practical. I realize everyone here sees it as something we're willing to invest our time in, but most people don't. Servers exist for a reason, there are people (called system administrators) who can specialize in making sure the server software you're accessing, your data, etc. all are secure and have 99% uptime.
I'm not the kind of person who thinks that there is a divide between a sort of tech elite and the unwashed masses who will never understand this stuff. I'm one of those people who thinks that even your grandmother can learn how to recompile Apache given enough time, interest and dedication. The problem is that doctors are busy being doctors, plumbers are busy being plumbers, parents are busy being parents, and so on an so on. Even as a software developer, I prefer to not administer my own servers if I don't have to. I have friends who are very intelligent people who are very accomplished in non-computing fields who use virus and adware-ridden Windows machines. I don't suspect they're interested in taking the time necessary to fully secure a server that holds a digital representation of their life.
So this idea of a total peer-to-peer networking is not an approach I think we should pursue, not because it's not technically achievable (it totally is), but because it's not practical on a social level. This is reflected in the difference between Appleseed's approach to open source social networking and Diaspora's: Appleseed uses a federated node structure, and Diaspora claims to use a P2P, although we haven't seen the code yet, this was the original promise, and since the EFF is backing the project, it fits in with what Moglen is suggesting here.
We'll see where we end up, but I worry that if we push for Moglen's approach, we may see a small ghetto of tech savvy users who adopt it, while everyone else chooses to remain with the proprietary systems, because they're just that much less hassle. It makes much more sense to me to push for federated, hosted solutions, so that an ecosystem of servers (administered by professionals) can exist, and users can move freely between them.
Michael Chisari
http://opensource.appleseedproject.org/
Servers exist for a reason
Unfortunately, the reason is no longer "to make it easy for people who cannot administrate their own server." All too often, the reason is becoming "to collect data from people and sell it to marketers, by convincing them to do things they were already doing before on a server that is programmed to collect data."
Like so many other things, though, I see this is as becoming relegated to geeks who actually care about the issues, and remaining completely unknown among the majority of people. Case-in-point: email cryptography; most people are not doing it, not because it takes too much effort to verify keys, but because they are completely unaware of cryptography.
Palm trees and 8
That's one of the dumbest things that I've ever read here.
For people who hate watching video as much as I do, here's a transcript: http://www.softwarefreedom.org/events/2010/isoc-ny/FreedomInTheCloud-transcript.html
> and users can move freely between them.
The proprietary world has yet to invent a mechanism for that, and it's been a known problem for a long while (decades). Data "liberation" is challenging and, even if you don't think that is a problem, cross-realm authentication is all but nonexistent. They have little incentive to provide these things unless people demand them, and by and large people don't. (And before you bring up LiveJournal's OpenID protocol, I've two things to say: 1) it's not worthy of the trust placed in it because not all parties srongly authenticate each other, and 2) note that commercial OpenID providers do not, and fundamentally cannot by nature of the beast, make it easy to transition from an identity rooted at one to an identity rooted at another.)
The only truly distributed bring-your-identity-with-you schemes out there have come from the open, usually academic, world: PGP, SPKI/SDSI, E rights, the Petname system and protocol, and so on. Similarly, shared, secure-against-the-owner storage is not something social network companies have huge incentives to produce, but it exists in open research: TAHOE-LAFS exists and Diaspora has made vague promises to being similarly secure.
Anarchy$ dd if=/dev/random of=~/.signature bs=120 count=1
Thank you! Since YouTube rose to prominence, so much unnecessary video content has been produced, especially when it comes to software-related presentations.
For every software-related presentation where video is useful, there are hundreds of other videoed presentations where a transcript containing a few code snippets and some screenshots would've been much more effective at conveying the message.
The worst are those involving some non-native English speaker who can write English perfectly fine, but can't speak it worth a damn. So they stand there for an hour, speaking unintelligibly, often exhibiting poor presentation practices like standing in front of the screen or talking quietly. I don't have an hour to waste watching such bullshit. Had they just written an article, they'd have gotten their message across perfectly and within a few minutes rather than an hour.
When I saw this story I had just finished watching this movie.
There's a part when the Canned Heat is playing that a guy jumps on the stage and hugs the singer. He embraces the invader and keeps singing. When the instrumental part starts the singer whispers something in the guy's ear and the security people carry him away. Those were civilized times.
Freedom works, that's how the Cold War was won from the Soviet Empire.
In the freedom vs. security war a thousand battles are lost by the freedom side every day everywhere but in the end freedom always wins.
System administrators are the big brothers who keep us all safe, but we are better off if we have at least some bit of insecurity. I think a peer to peer network is the best idea, not because it's practical in a day to day basis, but because, practical or not, the unwashed masses always know better.
Your data, and consequently you or your business, can be locked into an application even on your own server. I fully support the people running their own distributed server architecture but I think one important step toward that is getting data portability, part of what I call a new fifth Freedom to Migrate.
Put Freenet on those boxes and i get what i understand by the term "freedom".
Case-in-point: email cryptography; most people are not doing it, not because it takes too much effort to verify keys, but because they are completely unaware of cryptography.
Sure I could do that at work but we are forced to use Exchange now, and for me that means OWA on Linux. I could paste in ASCII armored PGP messages but I am pretty sure that this would get me a tap on the shoulder from corporate IT with the possibility of being shown the door on the spot.
So fair enough its their workplace but some countries are going the same way (see UAE vs RIM) and my country (Australia) wants port blocks and filtering on http.
So maybe encrypting your email will eventually be regarded as a security risk (for the country, not the individual) eventually.
http://michaelsmith.id.au
Great idea, but will they really be practical without net neutrality? ISPs seem determined to choke us of enough bandwidth to host our own servers without some 'premium' package or some other sort of BS. For both home and work (small business), it's cheaper for me to pay for remote server space even though I'd prefer not to.
I don't like the word 'cloud' at all, either. It's just a buzzword for server the tech-world is trying to convince the business-world they can't live without. It gets guys like my boss to ask me, "I keep hearing about this cloud thing, it sounds like we need to get on that, should we?" No.
"From the depths of my skeptical and rationalist soul, I ask the Lord to protect me from California touchie-feeliedom."
I love pointing out unnecessary port blocking in the U.S. - most major U.S. ISP's block port 80 outbound, along with various other mostly email and FTP related ports just for the hell of it. I know that Time Warner, before it left Houston, had a nasty habit of sniffing traffic and if they determined you had a VPN session open to a work based server they insisted you buy a pro account.
The preceding post was not a Slashvertisement.
Troll, eh?
Please tell me how well will your cloud work when you can be cut off with the flip of the switch? Three strikes, and you're out. And how many of your ISPs let you run a web, ftp, or any other kind of server? Read your contract... They could probably nail you for your bittorrent
For justice, we must go to Don Corleone
That's one of the dumbest things that I've ever read here.
I don't know... you've written some spectacularly dumb things, Mr. Anonymous Coward.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
"and even help your friends bypass any censorship by encrypting and routing their traffic." This is actually a reason for it not to go mainstream... if you see what I mean...
I'm split on this. Mostly I think it's excellent because it sounds feasible to get a lot of people behind it, which would then make it quite effective. It'll bring back a level of "privacy" that we took for granted not many years ago. It will also open up the connotations that come with that, although I'm sure that has/will be discussed to tiring length.
But where my concern really is, is the trend that those in power see something like this as if it's only purpose is crime. They will be scared of this, because it will undermine their ability to do their job. When there's something they are scared of, they clamp down on it and make an example of someone. If you're that person it doesn't matter if you've done anything wrong, because they will find something, and bend it to the context that allows them to say you've broken a law. eg It could be an image sitting in your browser cache that they can object to based on someones' religion, that came in an ad on a page.
Early adopters will face significantly higher risk than those adopting once the project is well established. In this countext I see three distinct routes:
At one end of the scale, you may even get buy in, but hopefully won't attract too much negative attention. Potentially, you may have a more "legit" user base who have positive community concerns. At the other end of the scale, things could get rather ugly. The authorities will. not. like. you. They will do everything in their power to shut you down, and there will be significant risk to innocent people who had good intentions at heart. This is also very likely to attract the people who the authorities will have a legitimate concern over. You're going to get those in any scenario, but the proportions will make a big difference.
Take care. I really do believe this has a legitimate positive place in modern society.
Funnyhacks - Wierd, unusual, and fun hacks
Nobody care about freedom, and that is why the idea is doomed. People want to connect with their friends on facebook. You start talking about computing freedom, their eyes glaze over and they suddenly remember they need to go clean their fish tank.
99% of people only care about their own personal convenience at the moment. Nothing beyond that.
It's fine to build a better server. But a network is not just the nodes; a network is also the paths, and the paths, my friends, are not anything either the telecomm concerns or the government are going to allow us to control, or have any of our own. And this gives them, if they think they need it, complete control over these new systems. If traffic passes over their paths that concerns them, they'll just shut it down.
So while I appreciate the idea, it's literally only half-baked. Wake me up when someone builds an inexpensive network in unregulated RF space. Until then, control, and therefore freedom, is unattainable.
I've fallen off your lawn, and I can't get up.
Nevermind... Probably doesn't read much.. And the message went straight over her head anyway..
For justice, we must go to Don Corleone
We already have cloud computing. Anyone with a desktop or a laptop participates. We're the protocol stack acting as the proxies for each website, manually propagating stories by email or blogging..
What we really need is the equivalent of TCP/IP for social networking. A protocol that anyone can develop any software for. Because I guarentee you, once Disporea is done it'll just be the same programming language holywars, backend storage arguments, security concerns, comparisons to facebook. Etc.
Make a protocol, a real protocol, not JSON, take something off the shelf and come up with useful ways to trade information. Folks will build libraries on top of that, frameworks on top of that, and finally applications on that.
Properly designed protocols last a long time. Applications are obsolete within weeks or months.
If I remember correctly, it is us who rooted the boxes from the alien ships. Will Smith is still alive, so we're safe.
But how do you know this? I thought Will Smith pointed his flashy thing at you to make you forget.
We are doing our part at http://amahi.org Come see what our wall wart can do.
In Otherland there's Treehouse (I can't believe it, there's no Wikipedia article for it!) which is no fixed thing but somehow hovers over the 'net. The only way to free the Cloud would be to use it for and by some "underground" protocol(s) or application(s). Use encrypted, distributed and redundant storage whereever you can find it and have an own way to use it, with no dedicated servers and no central user database.
I don't think you can free the cloud but maybe you can install a free ghost on it. It's silly to fight the cloud (and it's expensive too -- when costs come, the freedom goes), it may better to just use it.
Just look at what some governments are telling Research In Motion (blackberries) that they have to hand over the encryption keys. I am not sure that they will allow such systems to exist. Sad state of affairs when one does not have a right to privacy. The public might think its cool at first, then FUD will be spread and the average Joe will be prohibited from installing such a device. Nice concept, but the governments will not allow this to take off. It might be best for this to unfold slowly and without much fan fair. Then if it is designed properly, it will become hard for governments to discern who has these units. But then again the old witch hunts may start again. Just plain sad over all.
Had they just written an article, they'd have gotten their message across perfectly and within a few minutes rather than an hour.
SRT (SubRip text) is a file format containing timed text, where each piece of text has a start and end time. YouTube accepts SRT for subtitles, as seen in this video. So do HTML5 audio and video. So ideally, if you want to read a video instead of watching it, your user agent should provide a way to view the SRT directly.
Just this week a platform was announced, http://bit.ly/9KFubG, that combines the ARM based Plug computers and the Amahi Home Server. This could be an excellent candidate for a One Click install App for the Amahi platform. I think we may be on to something here.....
The Pointrel approach towards that by me: http://sourceforge.net/projects/pointrel/
But see also NEPOMUK etc. http://semanticweb.org/wiki/Semantic_Desktop
Working towards use as FOSS public intelligence tools: http://slashdot.org/comments.pl?sid=1746980&cid=33177866
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Ugh. It's in Java!
I'm sorry. I don't want to seem ungrateful, but I just don't need the headaches that come with a Java runtime. Easy installation and maintenance is a must for a successful end user software. Adding a runtime that isn't really all that open source mucks things up needlessly. Plus it runs more slowly.
I like Tor. I'd like to see a distributed Facebook clone built atop Tor.
We don't need yet another new programming language. Let's just pick an existing language and fix its flaws.
has been that we must move quickly to beat the 'authorities'. but once they catch up we must have something that is resilient to attack from the 'owners' of the network.
Comment removed based on user account deletion
OK, I just read the transcript here: http://www.softwarefreedom.org/events/2010/isoc-ny/FreedomInTheCloud-transcript.html
And I'm not saying I don't respect Eben Moglen, or what he says there. Sure, he lays out great ideas, ideas worth doing.
But he is still misguided. The war he is proposing to fight mainly with distributed home-based technology to ensure some privacy through encryption can't be won. As long as we have an economic system based mostly on greed (and also ignorance), everything he tries to do will fail, if only because, after he wins, greed will buy new laws from ignorant people and put him in jail, and then greed will go house to house and pull every one of those wall warts out, getting neighbors to turn in neighbors who have them ("If you see something, say something"), same as people with radios were turned in in various countries in WWII. See:
"They Thought They Were Free: The Germans, 1933-45, But Then It Was Too Late"
http://www.press.uchicago.edu/Misc/Chicago/511928.html
He should know that ISPs will be able to track down every one of those things in short order, if only by hiring a million people out of the 20 million or more unemployed in the USA to go house-by-house with blanket search warrants and portable packet sniffers looking for "unlicensed" equipment. And other countries will find the things even faster. So, his approach is, at best, a slightly delaying and confusing action. Greed and ignorance will win unless we directly address greed and ignorance (well, even addressing greed and ignorance indirectly and subtly may be OK, too. :-).
Do I have an alternative? Yes I do. As I outlined here:
http://slashdot.org/comments.pl?sid=1746980&cid=33177866
where I wrote the following paragraph:
As I see it, there is a race going on. The race is between two trends. On the one hand, the internet can be used to profile and round up dissenters to the scarcity-based economic status quo (thus legitimate worries about privacy and something like TIA). On the other hand, the internet can be used to change the status quo in various ways (better designs, better science, stronger social networks advocating for things like a basic income, all supported by better structured arguments like with the Genoa II approach)
http://w2.eff.org/Privacy/TIA/genoaII.php
to the point where there is abundance for all and rounding up dissenters to mainstream economics is a non-issue because material abundance is everywhere. So, as Bucky Fuller said, whether is will be Utopia or Oblivion will be a touch-and-go relay race to the very end. While I can't guarantee success at the second option of using the internet for abundance for all, I can guarantee that if we do nothing, the first option of using the internet to round up dissenters (or really, anybody who is different, like was done using IBM computers in WWII Germany) will probably prevail. So, I feel the global public really needs access to these sorts of sensemaking tools in an open source way, and the way to use them is not so much to "fight back" as to "transform and/or transcend the system". As Bucky Fuller said, you never change thing by fighting the old paradigm directly; you change things by inventing a new way that makes the old paradigm obsolete.
Now, might such a public intelligence system run well on a system of wall warts like he describes? It probably would. But it does not absolutely need them. So, while they may be useful, the conception of cooperative sensemaking and cooperative design of a better future is by far more important.
And here is a document I put together that decribes four heterodox economic alternati
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
I'm not going to click that.
One other link: :-) http://www.progress.org/fold21.htm
"Social reformers must first eliminate their own ignorance to educate themselves to gain knowledge of the basic causes and remedies for social problems, including the economics, politics, and ethics of the problems and solutions. Then when they educate others, they must at the same time invoke their antipathy to the problem and arouse their sympathy with the remedy. When the masses are roused with sympathy and armed with knowledge of the remedy, the few greedy opponents will either be swayed themselves to join the righteous battle, or be overwhelmed by the greater force of the righteous revolution. To remedy social ills, replace ignorance, apathy and greed with knowledge, sympathy, and charity. "
And another link, while I am at it, too:
"What Social Science Can Tell Us About Social Change"
http://sociology.ucsc.edu/whorulesamerica/change/science.html
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
You try cranking them out as fast as good old AC does, and your quality will probably drop too.
Who is John Cabal?
Darknets... if the government and big business fear these things then you can bet that they are worth looking at. We need to start looking at our personal data input / output as valuable and personal and something that we give access to on our own terms. For the next 100 years there's going to be an arguement about the rights that private citizens have to make their data and communications secure, kind of secure, or open.
And even if it did start working, THEY won't allow it.
Well with the right mesh software and some cheap high-gain antennas, yes. We can circumvent the power of incumbent networks in urban and suburban areas by building our own Othernet - where everyone can be anonymous and the limit of bandwidth is the contributed aggregate. Latency would be too high for gaming and VOIP outside the local area - but local sharing, VOIP and gaming would be fine. Encrypted offsite backups on a cooperative basis could be arranged. We could help each other in our mutual best interest. We could even build neighborhood clouds if we wanted to. In LA, in New York, in all of the major markets it's absurd that people pay for Internet links when all of the value is flowing the other way across the link. Building our own networks would shift the balance of power. IPv6 could be helpful here.
We need a WAP wizard to set us free, someone to market the guerilla wireless Othernet and related devices. A few brave souls to get it started. That's all. Some people are already doing this with fiber or copper gigabit fenceline networks, using wireless bridges to cross rights-of-way (roads and so on). Most of us posting here have more advanced networking in our homes (gigabit), more powerful PC's, more storage left unused (many terabytes) than the core Internet had in 1995. That should be sufficient for our towns or cities now. Wireless bandwidth is up to a limit of 600mbps, which will do for crossing a highway.
We've been conditioned by our consumer societies to accept that the wire that connects us to The Internet is based on a bill from a company. Nothing could be further from the truth. We are the value in the Internet - consumers with desires to be fed. Network enough of us together and the wider Internet will build a bridge to us . Ultimately the idea of paying for Internet could and should go away for most of us. Let the vendors build the road if they want our consumers in their markets. This is entirely what Google's high-speed broadband initiative is about. The people are the money, and the links are currently too slow to capture all but a small fraction of it.
Help stamp out iliturcy.
+1 insightful.
Wait! Whats a sig?
I'm not sure. It seems the other way around. As soon as Cold War ended freedom in western democracies stated deteriorate gradually. Seems the Cold War was what was keeping freedom alive in democratic countries. Or may be a conservation law is at work here - as freedom increase in one place it decrease in another.
Email is a decentralized protocol, but there are reasons why people give up their privacy and prefer web mail for convenience. What Eben Moglen described is basically making decentralized protocols for everything including social networks and such. But even when we created the perfect decentralized protocols of everything, I don't think that it will prevent data mining and protect user's privacy.
To simplify the view, just lets say we can do everything with email, let's say all the user's personal data are stored in email messages. To really protect my privacy, not only I'd have to host all my emails, but I'd have to set up my own email server as well. Not only I shouldn't use the web interface, but I also should't use the POP/IMAP/SMTP services that Gmail or Yahoo or my ISP provides. Now building my own web interface would not be so hard, as I'm hosting my own server. But making sure of my server is on most of the time and physically managing and backup my email data on my server would not be so trivial. What happen if I travel oversea and my server crashed or my home went out of electricity? What happen if disaster happened and everything in my house including the server and backup are gone?
So have these problems are exactly the reason why people choose Gmail. By hosting the server on the cloud, all the uptime, backup, and management problems are solved out of the box. Of course there might be better solution than Gmail, but I doubt if it will success commercially. Now lets say we created free software stack that performs better than Gmail and work out of the box. With the software in hand, all we need is just a place to host the server. User would then have three choices: 1. Buy a server plug and host it at home, 2. Purchase web hosting and host it as a black box in the cloud, and 3. Let Google host the same software for free but with storage and data shared with everyone. While option 2 is supposed to be the optimum choice, majority of people would still choose option 3 simply because it is FREE.
So IMHO the real challenge to make the public to adopt a decentralized architecture is to come out with a better business model. Simple hosting charges won't work when there are free alternatives, and there is no way to make black box hosting free. Average Joe will neither want to purchase troublesome sheeva plug nor would they want to pay for hosting in the cloud. Decentralized architecture will not prevent centralized hosting and data mining, what it does is allow us to switch from one provider to another easily. Whether the user choose a free provider that mine data or become their own provider, its entirely their choice.
The other problem with privacy in decentralized architecture is that you actually get less privacy when you use centralized identification. People here often complain that they don't want Facebook to know they like or comment on some random webpages. While that might be a problem, most of our information can already be found in the Internet publicly. If OpenID become the norm, my ID at Slashdot, Twitter, Facebook, Digg, YouTube, and whatever random forum should remain the same. This would be even true for a decentralized data architecture because you need a universal way to identify yourself. With OpenID, a simple Google search will reveal this post I'm writing in Slashdot, the comment I gave on random YouTube video, the articles I digged and liked, and whatever sites that I participated in. Actually all these information already available publicly, but what really stops Google on mining it is the lack of unified ID.
In conclusion, while a decentralized data architecture might seem good, it doesn't help much if most of our information is already available publicly. Protecting private data is only feasible unless we can find a way for providers to provide hosting services. And even if all these problems can be solved, I still don't think the privacy problems could be solve with just that.
500 years ago Moglen was a programmer, so obviously he knows his shit. Since then he's been writing GPL licenses, which by their terms are great but are ridiculously poorly drafted. If FOSS had a better attorney friend, who wasn't also a churlish twat, things would be better. tl;dr -> fuck eben moglen.
You mean online media companies are acting kind of like magazine, radio, and TV companies? You'd think that if people in general had such a huge problem with that, they'd have made a bit more of a stink about it before it hit online media. But, no, people generally realize that the advertising roles of the media they consume are the major subsidizers of that media, and although they may be somewhat annoyed at the marketing aspect, they put up with it knowingly. And people don't use cryptography because they don't, in general, feel a need for it. Kind of like how they hold conversations in public without worrying about being overheard, or talk on telephones that could easily be tapped.
Comment removed based on user account deletion
Ten year ago I had a similar vision. In the meantime I wrote the sw stack.
You can find it at askemos.org .
The nerdy part: one of the nodes runs at the sheeva plug here and another one on my segate dockstar.
The reason encryption in email fails is because it is too much of a hassle. I don't see myself sending keys out of band to every entity I communicate with. My friends might be open to it, though they probably would't really care and might complain. Forget ever sending encrypted mail to contacts you have yet to meet or to businesses.
If encryption in email is to break through, it should be handled somewhat automatically and transparently to the users. Making sure someone who you have never met can read your mail but not others through encryption is a very hard problem.
Comment removed based on user account deletion
Who said you can't use more then one OpenID ?
Who said you can't backup your data encrypted at a friends home.
Who said you can't just have more than one plug in your home ?
Eben also suggested we use more wireless, so if you have a DSL or cable at home and the connection dies, you would just automatically use the wireless of your neighbour.
New things are always on the horizon
With telcos/cablecos rushing to destroy Net Neutrality so they can doublecharge us for carrying traffic between some endpoints (like competing services or customers of other ISPs), in addition to the fees they already collect from up and down the connection chains, we should all encrypt all of our traffic, and run it all through proxies. Then the backbones can do nothing but raise fees on their next hop neighbors, because they know only the QoS priority bits we choose to reveal in the envelope packets for the contained traffic.
We can do this today, though preconfigured edge HW we can carry with us (USB dongle, mobile phone) would make it easier to prepackage it for the masses. Where can I point non-techs today to find instructions for making an encrypted tunnel and proxy for all their traffic across their cablemodem/ISP, including browsing, email and downloads.
--
make install -not war
For those leary of bitly links, http://blog.amahi.org
If OpenID become the norm, my ID at Slashdot, Twitter, Facebook, Digg, YouTube, and whatever random forum should remain the same. This would be even true for a decentralized data architecture because you need a universal way to identify yourself. With OpenID, a simple Google search will reveal this post I'm writing in Slashdot, the comment I gave on random YouTube video, the articles I digged and liked, and whatever sites that I participated in. Actually all these information already available publicly, but what really stops Google on mining it is the lack of unified ID.
If you don't want the public to see what you say, consider not saying it in a public forum. If I have a single login, and I use it to speak in a public forum, then presumably I *want* to speak in public, and Google is providing a useful service by letting people map my name to my public words. If you want to speak in private, publicly visible internet forums that you logged in to with a public ID are the wrong medium.
If you put a + at the end of a bit.ly url you can see the statistics and where it links to like so..
http://bit.ly/9KFubG+
In this case it's going to: http://blog.amahi.org/2010/08/11/amahi-for-the-marvell-plug-computer-released-get-yours-free/
I'm one of those people who thinks that even your grandmother can learn how to recompile Apache given enough time, interest and dedication.
She's dead, Jim. But if she were still alive I'd agree with you.
So this idea of a total peer-to-peer networking is not an approach I think we should pursue, not because it's not technically achievable (it totally is), but because it's not practical on a social level.
You could have said that about internet access ten years ago. Most people today are running servers, they just don't know it. Their computers are all spam servers because they've been infected with viruses. I don't see how implimenting turning wifi routers into repeaters would make it any worse.
We'll see where we end up, but I worry that if we push for Moglen's approach, we may see a small ghetto of tech savvy users who adopt it, while everyone else chooses to remain with the proprietary systems, because they're just that much less hassle.
If was well designed it would give completly free (both beer and speech) internet to everybody and wouldn't need administering.
Free Martian Whores!
Sure I could do that at work but we are forced to use Exchange now, and for me that means OWA on Linux. I could paste in ASCII armored PGP messages but I am pretty sure that this would get me a tap on the shoulder from corporate IT with the possibility of being shown the door on the spot.
So fair enough its their workplace but some countries are going the same way (see UAE vs RIM) and my country (Australia) wants port blocks and filtering on http.
So maybe encrypting your email will eventually be regarded as a security risk (for the country, not the individual) eventually.
Of course Exchange will use TLS encryption by default, so your mail should be safe in transit. At least as long as the receiving server supports TLS also.
Their computers are all spam servers because they've been infected with viruses.
Users unintentionally running a spam server because of an infected system doesn't exactly bolster your case. :)
if was well designed it would give completly free (both beer and speech) internet to everybody and wouldn't need administering.
Has there ever been a server system that was so well designed and intuitive that it didn't need administering? Isn't that what Microsoft tried with Zero Administration? I think there's a reason unix, with all it's complexities, won out.
I'm not saying it's impossible. But when even the best server management software out there is too difficult for the majority of users, I think it's simply impractical.
The biggest problem is that we need fixed IP addresses so we can get data to and from people we know without going through a central authority.
I have not RTF, so it may already be mentioned. But it seems to me that most data mining/collection is to ultimately make more money through advertising.
Therefore if everyone ran adblock and advertising revenues fell to zero, this would get rid of quite alot of the corporate involvement in the internet, which to me seems to be the root of the problem of privacy erosion (obviously some governments too).
Granted that this would lead to a great reduction in the volume of content on the internet, but i'm not sure that would be such a bad thing, as the crappiest would go first. And people will pay for (hosting/content) what is worth keeping (now pandoras box has been opened as it were). For example, wikipedia has been quite successful in raising money from the general public. Also I would probably pay for google if it meant no data collection and impartial search results.
This would probably mean the internet would more resemble what it was in the early days (linked universities etc...) but would that be a bad thinig? Maybe i'm being a bit elitist about it.
j
sorry for posting AC, i'm too paranoid to make an account ;-)
Users unintentionally running a spam server because of an infected system doesn't exactly bolster your case. :)
I wasn't trying to make the case that the average user would be a competent admin, the point was that having a box between their modem and PC that was an open internet connetion wouldn't make the situation worse.
The term "think outside the box" originally was some marketing guy telling his salesmen "sell the sizzle, not the staek". Some "outside the box" thinking is needed here -- a network node that needs no administration. You have to not think of the internet as a network -- does the internet have an admisistrator? Nope.
Free Martian Whores!
Let's say we've all got "freedom boxes" at home. (And I've already got a Sheevaplug, it's very handy.)
So: I want to access the "freedom network" from my laptop, and I see my encrypted access point and say "use this". I use my Diaspora social networking stuff, my tweet-clone, whatever, and now I want to do a Google search: does my traffic to Google traverse the "freedom network" ala tor? If so, how does Google not remember who I am from a prior session cookie when I was on the public Net? What about performance? What about hostile trusted CAs like Etilsat and CNNIC?
But suppose all of that is solved, how am I reachable from the rest of the public Net? Do we all use one dyndns service that can be brought down ala Napster? If we don't, how do we make a distributed dyndns that is itself not subject to MITM or traffic analysis?
But suppose all of that is solved, how do we prevent one leak on the public Net from linking our "freedom network" identity(ies) to our "real life" Facebook/LinkedIn/Twitter/etc. identity?
How much administration is involved in a Kazaa server? A Skype server? An eMule/Kad server? Oh, yeah, when they are trivial to setup we call them "p2p nodes" not "servers".
Call it what you like. Maybe what we need is not a server in every home but a p2p (friend-to-friend?) node in every home. Actually, that is sorta getting to one of the points of the talk: calling some computers "servers" and others "clients" makes for an artificial separation between normal users and big companies.
Personally, I think the idea of it running on a little box is a distraction from the issue. We need a usable friend-to-friend network protocol. Projects like Appleseed and Diaspora are working on that. Once a protocol exists and is more or less settled, the nodes using the protocol can be on every computer or on dedicated hardware or running over their own wireless mesh; it does not really matter.
The protocol can use Kad (or Freenet or i2p) type bootstraping to connect itself to a peer-to-peer network and then make encrypted backups on friends' nodes. The big problems in my mind are (1) if everything is distributed, how do you control identities? (i.e. it's easy if everyone only uses their own computers/phones where they have a private key stored, but that might not be realistic) and, somewhat related, (2) it seems any distributed social networking solution will require a program running on the user's computer, and users don't like installing applications. The separate box vision fixes that somewhat, but buying a new box to join the new Facebook would likely prevent any large-scale adoption. The solution is to make it semi-distributed so users can switch to using multiple different servers instead of just Facebook, but then you might get the GMail problem: there's tons of e-mail providers but a significant proportion of people just use GMail. To address this, the protocol will have to have account portability built into its core (unlike e-mail where your address is tied to your provider.
Peer-to-peer networks solved that issue a long time ago. Kad, Freenet, Tor, and i2p all have ways for a client on the network to maintain an identity tied to something other than an IP address. People should be identified by public keys not IP addresses (especially as mobile internet becomes more popular so static IPs become even more difficult). Figuring out how to tie those keys to real people reliably is a separate issue... but then again Facebook does not even attempt to provide anywhere near that level of security on who you are actually talking to, so leaving key verification/signing to the cryptography geeks/paranoid would probably not be a huge issue.
Centralization breaks the internet.
http://blogs.howstuffworks.com/2010/08/16/is-our-technology-sapping-our-brains/
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Servers exist for a reason, there are people (called system administrators) who can specialize in making sure the server software you're accessing, your data, etc. all are secure and have 99% uptime.
The whole "client/server" paradigm is so 1969.
Besides, as one of these so-called 'system-administrators,' I'd like to point out that The People In Charge are determined to ensure that neither the software, data, or anything else will be anything like secure, nor have 99% uptime, by running Windows Server everywhere. The people who buy servers don't have to run them, and don't make their purchasing decisions on technical considerations. The people who run the servers keep things patched together with random Linux boxen running kludgey Perl scripts that the powers-that-be neither know nor care about. And you wonder why people would prefer to just have their own little server on their home internet connection. My router is a broken laptop running Ubuntu Server. Took a couple hours to get up and running, beats the hell out of a Linksys router, and oh, look, I can run Apache on it! You don't need a sysadmin for one home server. You need a sysadmin for a farm of incompatible systems that break all the time.
I have friends who are very intelligent people who are very accomplished in non-computing fields who use virus and adware-ridden Windows machines. I don't suspect they're interested in taking the time necessary to fully secure a server that holds a digital representation of their life.
Really? Have you installed Ubuntu lately? It's easier than installing Windows!
So this idea of a total peer-to-peer networking is not an approach I think we should pursue, not because it's not technically achievable (it totally is), but because it's not practical on a social level. This is reflected in the difference between Appleseed's approach to open source social networking and Diaspora's: Appleseed uses a federated node structure, and Diaspora claims to use a P2P...but I worry that if we push for Moglen's approach, we may see a small ghetto of tech savvy users who adopt it, while everyone else chooses to remain with the proprietary systems, because they're just that much less hassle.
So it wouldn't make sense to do a compatibility layer between the two systems, to allow for interconnection between those who are either lazy or unsophisticated, and those who take their free software/cypherpunk zealotry to hitherto undreamt-of levels? Hell, how hard would that protocol be? OpenSSL and some XML feeds?
"One who would code for the lazy and unsophisticated must take care that he does not thereby become lazy and unsophisticated." -- Nietzsche's ghost
It makes much more sense to me to push for federated, hosted solutions, so that an ecosystem of servers (administered by professionals) can exist, and users can move freely between them.
Technocratic apparatchik. Actually, I think I've called you that before! :-)
To understand recursion, you must first understand recursion.
"The people who run the servers keep things patched together with random Linux boxen running kludgey Perl scripts that the powers-that-be neither know nor care about."
sounds like you're a shitty sysadmin