Ok, I was able to get on hypeirc via yggdrasil. /connect y.irc.cjdns.fr
.
Good enough.
I've been trying to get on cjdns for a bit with no luck.
I think the issue is that I haven't been able to find peers that are actually up and working.
Here's my peering credentials, if you want to instead connect to my cjdns node. Perhaps if you're on the wider cjdns network, then I will be able to connect?
"138.197.93.75:63494": {
"login": "default-login",
"password":"p0kmqxkc22up5hsbyp6xlv2fc1s7zv7",
"publicKey":"nnkcmt4pmbyjy4su20bkfqt6gkm554h9np7xnvhk03uk1m20mx90.k",
"peerName":"evbogue.com"
}
How does that work? (That lite clients are able to read all private messages?) - @bobhaugen
Hmm, not quite true. The lite client can't read everyone's private messages.
The issue is that with ssb-ws
you could websocket into another sbot and request their indexes, which contain decrypted private messages.
So with a lite client from a pub, you accidentally end up sharing private messages sent to the pub with the public web.
Here's an example exploit, just to be clear:
Alice and Rob are on the same local network, or otherwise know how to directly contact each other's sbot.
Alice requests Rob's query indexes over ssb-ws
.
Rob's ssb-query
sends his indexes over muxrpc
to Alice.
Alice records the ssb-query
index to her computer.
Later, when Rob isn't around, she reads all of Rob's private messages that he'd decrypted on his own machine with his private key.
I'm not sure, I'll give it some thought. I remember there was an ssb statistics chart way back in the day kept track of active participants, but if I remember correctly it was an expensive computing task to run.
{ "type": "edit", "branch": "%s7joiEBvcM+Jco0O5+IveZKBIKN0tLAMPELH9q6KCSQ=.sha256", "root": "%I6FaCzdXcKAiZp0LVhwVluDeDkhNPGQXEqNEkUFLq34=.sha256", "updated": "%s7joiEBvcM+Jco0O5+IveZKBIKN0tLAMPELH9q6KCSQ=.sha256", "original": "%s7joiEBvcM+Jco0O5+IveZKBIKN0tLAMPELH9q6KCSQ=.sha256", "text": "> @ev does the problem of exposing private message data only appear in lite clients? - [@bobhaugen](@iL6NzQoOLFP18pCpprkbY80DMtiG4JFFtVSVUaoGsOQ=.ed25519)\n\nThis should be true now in the latest versions of `ssb-server`. \n\nHowever, between March and September 2018 it was possible to request private messages from friends over `ssb-ws`.\n\nWhile it's unlikely that anyone used this attack over `ssb-ws`, I think it's wise for the current ssbc to disclose that private messages could have been insecure during this time.\n\n> But @Christian Bundy your merge referenced in https://github.com/ssbc/ssb-ws/pull/15#issuecomment-469061078 fixes the vulnerability in the server but also kills lite clients?\n\nYes, one way to fix this vulnerability is to kill lite clients. \n\nAnother way would be to disable private message indexing. This is the solution that I'd prefer, if I'm to continue to use the latest ssb-server.", "mentions": [ { "link": "@iL6NzQoOLFP18pCpprkbY80DMtiG4JFFtVSVUaoGsOQ=.ed25519", "name": "bobhaugen" } ] }
The reason why it's completely unacceptable for lite clients is that everybody is able to read both their own and everybody else's private messages. - @kas
Correct.
@ev does the problem of exposing private message data only appear in lite clients? - @bobhaugen
This should be true now in the latest versions of ssb-server
.
However, between March and September 2018 it was possible to request private messages from friends over ssb-ws
.
While it's unlikely that use this attack over ssb-ws
, I think it's wise for the current ssbc to disclose that private messages could have been insecure during this time.
But @Christian Bundy your merge referenced in https://github.com/ssbc/ssb-ws/pull/15#issuecomment-469061078 fixes the vulnerability in the server but also kills lite clients?
Yes, one way to fix this vulnerability is to kill lite clients.
Another way would be to disable private message indexing. This is the solution that I'd prefer, if I'm to continue to use the latest ssb-server.
@kas I think it'd be cool to see active unique ids, maybe by day/week/month?
What is the current status of private messages in SSB? I am using the latest patchwork and sometimes patchbay. Should I be concerned about my private message content leaking? - @bobhaugen
Good question.
Another update: I've merged a PR that removes these special privileges and released the result as ssb-ws@6.0.0. Please ping me if you have any trouble updating, as I'd love to get everyone running ssb-server@latest. - @Christian Bundy
hey! I didn't see this post, because you did not mention me on it.
@dominic's statements on your issue are factually incorrect, the lite client is still being used by both my team and regular's team.
In addition, I find dominic's denial of my existence deeply troubling.
The issue with the lite client is that private message data is being stored in plain text.
I think security professionals would agree that storing private data in plain text is a security issue.
I'd love to use ssb-server@latest, but it also needs to support my lite client use case instead of pretending that it does not exist.
If the ssbc team cannot support the lite client, and turning off private message indexing, then I will create a fork of ssb that does.
@dangerousbeans β¨πππππππβ¨ These events are very troubling from a press freedom standpoint.
Clearly this is a tragic event that really happened, but when you're spending all of this effort trying to keep people from seeing that it happened, it's no wonder there's so much speculation on the mainstream internet that perhaps there's something in the footage that they don't want known. I mean, why all the ISP-level blocking?
Maybe I just prefer the Mexican tabloids, where photos of headless people in plastic bags are published side-by-side with photos of hot babes.
It's just much easier to believe news when you can see evidence that something actually happened.
I say all this having not watched said banned videos, because I publish to a project that's being synced into NZ right now. I don't want to accidentally run afoul of the unclear rules around what you can publish and can't. And thus, the chilling effect takes hold.
This isn't unique to NZ, here in the USA we have giant corporate social media monopolies deciding what we can and cannot publish.
@enkiv2 oh man, starboard! That was awhile ago.
It is here on M$ Github: https://github.com/evbogue/starboard
And on git-ssb
at: %starboard
So, last night I watched five or ten minutes of the Joe Rogan and @jack as they discussed how much trouble Twitter is having being tolerant of the opinions of the sitting
President of the United States of America (and meanwhile not tolerating everyone else).
If a Silicon Valley company was paying me $25 an hour to sit through the 3.25 hours of this boring podcast --where @jack waved his hands a lot, and Joe Rogan sat there swallowing every hardball question he had (instead handing the hardball questions off to the guy with the red headphones who seemed very well rehearsed) -- I would have watched the whole thing and made $87.
But if you want to watch all 3.25 hours, pay attention for @jack's subtle reference to ssb at some point (I don't know when, I was jumping around.)
Anyway, unlike Joe Rogan + Elon Musk, this podcast was not worth sitting through the Silicon Valley nonsense for. I was left thinking that @jack still has a heart, he's just covering it up with a big black hat, a beard, a big hoodie, and all of his arm waving about the redemption of and reformation of people who disagree with other people in too strong a way.
This podcast would have benefited from some bourbon, and less people-padding between Jack and Joe.
How will @jack save Twitter, when everyone on Twitter disagrees with each other?
How will Silicon Valley continue to make money policing public discourse with shadowbans, while trying make money off content generated by unpaid labor?
If I were @jack, I'd shrug.
Also @dominic suggested we setup a Community Marine Salvage Company - @dangerousbeans
We're going to be volunteering at Nautical Donations this weekend. What kind of questions should I ask them about setting up a boat salvage organization?
Since it's still Avocado season,
Steel straw sponsored by Levi's.
And "what do you call a selfie from some else's camera?". Answer: A portrait.
While cleaning up her computer in preparation for an Arch Linux re-install, @gb happened to find these two videos of me rehearsing for my talk at Chicago Node.js a year ago in February 2018.
After she found these, the two of us spent the evening reflecting how much has changed in a year.
Sorry for the late response guys, I was at work all day yesterday and didn't have the energy to check in after close.
I may have rolled out of bed yesterday with my tact filter maladjusted, or perhaps my missing plug syndrome was acting up?
- Bring maturity to the scuttlebutt developer community - @rabble
Hey Rabble, I agree with @mix about your tone here.
What I want to say to you is this: as far as majority goes, this is non of our first rodeo in Silicon Valley. We've all been coding on this software project a lot longer than you, @Tom, and @christoph.
Before you lecture us about our maturity levels again, I want to suggest that you and your team spend at least one week coding on this project. All of you, and don't hire any consultants to do it. Write down your questions, gather your errors, write some code, and then release it to the public so we can see what challenges you guys are facing as you're coding on Verse.
When you come back from your week-long coding retreat, I then want to invite you to ask questions the right way.
Now, if you don't want to have your team spend actual time coding on this project, I invite you to instead hire Mix and I. I don't know what Mix's rate is, but I'll hire him to you at the rate of $2,500 USD a week. My rate is the same. And if you want Dominic, I'll guess $5,000 will do.
We've been coding on this project for years, and we know what we're doing.
Facebook is blaming a server configuration change [TechCrunch] for the outage.
Meanwhile, Chief Product Officer Chris Cox and VP of WhatsApp Chris Daniels both quit the company [TechCrunch].
But how would a server configuration issue at FB bring down all of the other services mentioned?
@dominic It would be great to have an easy way to delete someone's feed and re-index your flumedb in scuttlebot.
But in the meantime, if you want to delete a feed from your local database, try @Christian Bundy's feed delete script.
Are you ready to go back to Mexico? - @gb
Now moving back Mexico, that's my other favorite fight. Perhaps in an alternate reality, we never would have come back (to America, land of no jobs)...
I love this thread, as it's a confluence of all of my favorite topics I get into fights about: centralized social, Silicon Valley, and the nearly non-existent job market in America.
Someone asked me behind the scenes if I was still working at Levi's (because I'm applying for other jobs), so I figured I'd publish here: I am still working at Levi's retail. I just haven't had that many hours lately -- this gives me a lot of time to code.
The least companies could do is send an email saying βSorry, bud, you didn't make it this timeβ so the applicant knows when not to wait any longer. - @kas
Over the past eight years, I've lost track of how many jobs I've applied to, but I think it's upwards of 1,000.
While it's true that most job listings never get back to you, and many don't even acknowledge that they've received the <form>
post, there is the occasional company that has the good grace to send you a rejection letter. These are usually the companies that are actually trying to fill a position, and not the companies posting fake jobs on HN every month.
...whats your favorite conspiracy people, somebody forgot to pay somebody, us preparing a war with a country with oil... - @hoodownr
I look at the last 14 hours as a preparation for the inevitable: the day that FB goes down and never comes up again. It's interesting to note that my scuttlebot had zero downtime last night, whether my Internet was on or off.
FB is the Venezuela of the Internet. Whether they switched themselves off, or someone else switched them off, it's still possible for someone to turn the lights off. For people who depend on FB, that's a scary thought. For me, it's a non-issue. I wouldn't have known that FB was down if it hadn't been posted here, and it wasn't a major story in all of the papers.
I'd say yes to a FB job if it was near and well paid. my rationale being, the money would help devs who are creating the beast that makes FB irrelevant. - @hoodownr
Yup, if they'd hire me to work towards either saving their company or funding their demise -- whichever, I'm game.
jeez, future opportunities at dishwashing. - @hoodownr
When @gb were working at the restaurant in Fayettenam I got to wash the dishes a few times for whatever reason -- the dish guy had called out, or was late, or he just needed a hand getting the silverware racked and pushed through the dish washing machine.
I always joked around with the kitchen manager that I wanted to transfer -- but the money as a dish washer, especially in NC, isn't as good as serving. Anyway, if one of these restaurants calls me back I'll take the job, I need the hours, and I'm a Pisces.
After all, ssb was invented by a man who'd lived in the woods while working as a dishpig at a sushi restaurant. I'm sure that has something to do with why we were up last night, while FB was down.
@hoodownr as far as other jobs I applied for on this fortuitous day:
@hoodownr in weird, serendipitous timing, today was the first day I've ever even dangled the idea that I might want to work at FB. I messaged a former manager of mine, who now works at Instagram, and I said something along the lines of: 'hey, if Mark is so into privacy, perhaps we could work together!'
I linked to the speed-test, from yesterday.
Perhaps I scared the shit out of them?
Do I give myself too much credit?
Also, note the copyright date. That's a universal sign that a site is neglected.
Did a git update in repo 0qc
- discard messages from the future
- render timestamps
- add edits
- fix compose
- add stars to git-updates and git-repos
@wwZiL9β¦ @gb thx for boosting this.
As the advertisement says: "$500 USD + shipping and handling". So if you're willing to pay for WORLDWIDE, then I'm up for it!
If anyone wants to try the latest version of %0qc, without installing it on your local machine, it's up at a temporary url: http://0qc.evbogue.com/
Did a git update in repo 0qc
- drop git-update backlinks back into renderer
Did a git update in repo 0qc
- videos should stay within messageContent divs
I'm getting closer to the next version of %mvd in the latest push to %0qc that I've been working on for a few weeks.
What is missing? Mutable messages, which I need to refactor in two ways:
- render the edits and diffs from the "one query"
- allow edits from other people via a pull-request model
Will I get to this tonight? It depends on how much coffee I'll risk drinking.
Did a git update in repo 0qc
- re-add a bunch of features from mvd for profile pages
Looks good. How did you guys discover %decent?
@Neil Alexander Upgraded!
@gb I added another cool thing yesterday that I just remembered. You can now see little avatar photos of the people mentioned in the post, at the top of the post.
Screenshot:
@gb Sure. That's %0qc, the experimental client I started working on a few weeks ago.
0qc does one ssb-backlinks
query against each message, and then pulls in all of the messages that link to the message and renders them in various ways.
This is different from mvd
, where I was doing a separate query for votes, replies, labels, and edits.
Now, I haven't implemented replies or edits yet, so I had to switch to mvd to reply to you. Today I'm hoping to re-implement replies and then mutable messages using a pull-request style as pioneered by @regular in his ssb-revisions
.
Then 0qc will allow anyone to edit any message, and you'll be able to confirm the edit before it goes live on your post.
Once all of this is done, I'll merge 0qc's changes into %mvd and release a new major version.
Did a git update in repo 0qc
- finish star/unstar via backlinks button and message render
- break words if too long
- add vote buttons and fix some things
@FromTheTrain I just took out the trash, and I think I can safely say that it's warming up! But it's also snowing a little. The weather says 34F with a possible high of 38F. Balmy!
@w @dan hassan I can speak directly from my experience here about making grants stretch.
When I received a grant to work on mutable messages during the Dfinity grants process, I immediately set the money aside to pay rent.
My rent is a little under $1000 USD per month. @gb and I share our apartment, so I paid rent for five months for both of us. We both work part time retail jobs at Levi's. So we kept our day jobs, while I was working on the grant.
So, I was able to make my grant stretch by allocating it completely to rent for five months, and then making the rest of my income from the retail job.
In another example, years ago @gb saved up $7,000 USD by working at a restaurant in North Carolina. Then, we moved to Mexico City where we were able to dedicate our full attention to working on ssb and related software projects for 9 months, before we ran out of money and had to move back to the USA.
Having lived on and off again in Mexico City since 2013, I can confirm that your money (wherever you got it) goes a lot farther in the developing world than it does countries with very expensive rent.
The challenge I run up against living in the developing world is that I cannot earn on the ground, and since 2012 I haven't been able to figure out a reliable way to make my entire income over the Internet and/or scuttleverse.
@Moonspawn_ oh @rick is in Illinois too! but I haven't seen him on here in a few weeks.
I have noticed that the general response to bad hubs is to ban them. - @Ace
Yah, there is a block feature in ssb that some people use quite frequently. This will stop your local machine from replicating data from the blocked identity.
Maybe we could have a "community score" much like you would see on hackernews forums, or other forums.
Keys and other details aside, it may work like this: Basically, the "community" (whoever that may be) can "downvote" on these people, and after a certain number of downvotes, then the ssb-clients (patchwork) automatically doesnt show the content, but you can force show the content with a little extra effort (clicking a button or changing a config). - @Ace
If you're using Patchwork, there's already a few invisible cosmetic filtering strategies that the team who maintains Patchwork has implemented:
- You only see your friends by default, and have to navigate to another page to see everyone
- You can thread-ban someone by blocking their id
So if you've started a thread in Patchwork, and then you lose an argument, just block the person and they won't show up on the thread anymore for anyone else using Patchwork.
But in my client, I haven't implemented thread-banning, so I can still see a complete discussion, even after all of the blocking starts happening.
Once we start talking about community and bad/good content, we all start to have lots of various different opinions about what good community content is and is not.
The challenge with a distributed system is that people have different opinions, and no one has the power to control what other people are posting.
In ssb, we can only control what we're replicating to our own computers and pubs.
Hi @Moonspawn_, @gb and I are in Rosemont, Illinois.
Other mid-westerners: @polylith is in northern Michigan -- but that's very far from Des Moines.
I read some of the comments, but i am curious to know if there are any "moderation" features planned? - @Ace
That's a huge issue that I don't think has been figured out. How do you ban someone from accessing a thread you're accessing with a decryption key, when they already have the decryption key?
I think one idea proposed has been to generate a new key and start a new thread, without including the banned person. This is totally do-able, but won't stop them from replying to the original thread or continuing to view the thread.
It also won't stop someone from including the banned person, if a person in the group chooses to leak the key.
@Ace I linked to the wrong rabble in my first response, ccing actual @rabble
@Ace Dominic has been working on it for awhile. We can already decrypt these messages in %mvd, but it's not obvious how to encrypt them.
The latest update was @rabble's private groups session at scuttle-camp.
Public Visibility is a problem. There are a number of cases of relevant information which can be mentioned but not linked to or quoted. This is because their authors have not opted in to public hosting. We have a social contract that you can expect your text and images to not appear on the web if you don't opt-in. Their posts can, of course, be mentioned, but as this newsletter will be visible on the web and probably email, there is nothing to link to that would work. Quoting the posts of people who haven't opted in is legally fine, but morally debatable. - @masukomi
There's a lot to talk about here, but here's my opinion about this one thing to start.
I don't think that we should be under any illusions that public content on ssb is not available to everyone. It wouldn't be too difficult for a search engine company to put together a hops: 10
crawler that makes all of ours posts searchable -- regardless of whether we opted-in or not.
Random strangers are syncing our content all of the time, we only have control over not syncing random strangers.
When I post, I assume everyone can (or will) see it in the future.
The solution to this problem is private groups. Because said hypothetical search engine company probably won't know the encryption key for your group conversation.
But, private groups won't have network-wide reach, so there's a trade-off to publishing in private.
and videos (this only works in ssb-markdown
I think):
![video:videoname](bloburl)
Is this evidence that @blaine is right, markdown is hard?
@Ace yup, your pub followed me back: %5H1NW2M... over yggdrasil!
@Ace I think that worked... %IY/u6eA... ?
@masukomi err, wrong repo. It is %0qc
git clone ssb://%V450G577sTQ5JFGJhAGj5WZ4xKBOZjgOZ6W61C+CkqM=.sha256 0qc
oh, some additional notes:
this is using %minsbot and generating indexes in a .ssb/flume/mvd
folder, so it shouldn't fight with Patchwork over the indexes. But indexing may take a moment, so be patient if nothing loads right away. The command line should tell you how far the indexes have progressed.
Did a git update in repo minsbot
- add ssb url, and remove prepublish script
- use progress bar all of the time
- bring back the progress bar
@masukomi I pushed 0qc (one query client) as a new repo called %0qc
It's a big refactor, so expect issues, such as @The Weekly showing up in this thread. Also there's no way to reply or star posts yet.
I plan on working on this separate repo, and then merging this all into %mvd when it's ready for prime-er time.
To get it working:
git clone ssb://%7txrdBX0M01Bj69WqMZ1I+oIgprDLXAjCl1gIDU6QUo=.sha256 0qc
cd 0qc
npm install
npm run build
npm start
and 0qc should launch at http://localhost:8989/
Did a git update in repo 0qc
- tweak readme
- initial commit
@ansuz If you add ssb-links
as a plugin, does Patchfoo work? sbot plugins.install ssb-links
Could OMEMO be useful here? - @kas
I've never heard of OMEMO, I'll read up.
Couldn't you just include a nonce appended to each sequence number? Just need to make sure you don't get nonce collisions between devices then? - @Mathias
Maybe? The sequence number is used when syncing in ssb: so if your feed is at 111 and I only have up 99, then I'll request messages 100 through 111 from you.
This assumption is pretty fundamental to ssb, as far as I'm aware.
@SoapDog I want to give you an encouraging shout to stick with it!!
I also ran into many of the frustrating problems you've listed above, such as depject
not really making sense to me. Though I'd forked minbase from patchbay@6.1.6 so never had to interact with obs
.
I started by ripping as much depject
out as possible, and then finally I realized the depject
almost does the same thing as require
, so I switched to using require
instead. Finally I just threw minbase out and started from scratch with %mvd -- so it has no depject
or obs
.
This way of building is easier (at least for me) to work with, maybe because Node and the browser tells me where my error is coming from when my program doesn't compile.
Feel free to look at mvd
and borrow whatever code you want from there. Maybe even go back to when I first started working on it in the commit log? It was more minimal back then, before all of the various message types and mutable messages were implemented.
I too look forward to a day when lessbot is here. I think the core secure-scuttlebutt
module should stream data into whatever form you want to stream it.
And I want to talk more about getting data into the browser, and storing it there.
@SoapDog Here's the link to install instructions for the version I'm using, put together by @regular: %qkVXgkS...
It's very stable, but it has the private messages leaking over ssb-ws to friends bug -- so I can't currently recommend it.
I forked 11.4.3 clumsily into it's own repo, which i'm using to muck about and hopefully learn some things: https://github.com/evbogue/minsbot
This last one is pretty great, because it's already a URL! In the case of this thread, however, I only see your reply, but not my original post, as I have not chosen to post publicly (feature not bug, I imagine). - @Alberto
Yes, I think viewer is opt-in
only. Viewer is indexed by search engines, because it's plain text. mvd
is a JavaScript app, and thus is immune to Google indexing.
I think the viewer at heropunch is running an old version of ssb-viewer
though, so it shows everyone that the pub is replicating.
However, how to opt-in to being shown on ssb-viewer
is something I do not know off the top of my head.
Interestingly, on both evbogue and heropunch I do see my post, and on the latter I also see a post by Nicolas Stampf, whom I do not even see on Patchwork (I would like to thank him, though I don't know how). - @Alberto
ssb works using friend-of-a-friend replication, so you replicate various levels of 'hops'. I believe Patchwork only replicates two hops out, and it could be Nicolas Stampf is more than two hops from you. I wasn't seeing him either, but then I followed him on my pub and now I see his posts.
Can anyone point me to a resource of what is shown where? - @Alberto
I think it depends a lot on the opinions of the clients you're using, what version of scuttlebot they're using, and also how many hops out you are replicating.
I think the idea with hops is that someday the scuttleverse will be so big that you'll probably be overwhelmed if you sync everyone.
It's also very easy to limit your view of the scuttleverse by reducing your hops to two or to one even, and this limits the feeds that you sync to your machine to just your friends (1) and your friends-friends (2).
@Christian Bundy This might also explain why I've had so much trouble getting mvd to work with the latest scuttlebots over websockets, and why I had to reach back in time to find a working version!
{ "type": "edit", "branch": "%eg4ZE7orgCJdYErmsrKMXPIHXJ7to0hZ0kUKn8SeAXQ=.sha256", "root": "%I6FaCzdXcKAiZp0LVhwVluDeDkhNPGQXEqNEkUFLq34=.sha256", "updated": "%eg4ZE7orgCJdYErmsrKMXPIHXJ7to0hZ0kUKn8SeAXQ=.sha256", "original": "%eg4ZE7orgCJdYErmsrKMXPIHXJ7to0hZ0kUKn8SeAXQ=.sha256", "text": "I want to give a brief update on the status of this vulnerability/bug.\n\nBetween [@Christian Bundy](@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519) [@cryptix](@p13zSAiOpguI9nsawkGijsnMfWmFd5rlUNpzekEE+vI=.ed25519) and I, we've determined this to have been an unintentional bug that was introduced when scuttlebot got private indexing, and fixed when the connections layer was introduced.\n\nI think this means many of the folks out there who are using the latest scuttlebot are not effected, and _should_ be able to consider their private messages secure. (Well, as secure as anyone should consider a highly experimental cryptography project that has not been audited by a neutral third party.)\n\nI've taken the preventative step of turning off private messages in my publically served lite client at http://decent.evbogue.com/ , until I can figure out how to disable private message indexing and/or get it working well with the latest scuttlebot and the lite client. \n\nIf anyone else is using lite clients, you should consider doing the same -- if you're offering connections to peers who are not using the same public/private keypair as the server. \n\nThe only other team I know if who is using lite clients is [@regular](@nti4TWBH/WNZnfwEoSleF3bgagd63Z5yeEnmFIyq0KA=.ed25519) and [@jfr](@e84qV/tx9w1ZiOIxU3+fOpirrT8rP3YqDydRgfk076c=.ed25519), so ccing you guys to make sure you know about this bug. ", "mentions": [ { "link": "@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519", "name": "Christian Bundy" }, { "link": "@p13zSAiOpguI9nsawkGijsnMfWmFd5rlUNpzekEE+vI=.ed25519", "name": "cryptix" }, { "link": "@nti4TWBH/WNZnfwEoSleF3bgagd63Z5yeEnmFIyq0KA=.ed25519", "name": "regular" }, { "link": "@e84qV/tx9w1ZiOIxU3+fOpirrT8rP3YqDydRgfk076c=.ed25519", "name": "jfr" } ] }
@Alberto Not a stupid question.
You can do this: http://decent.evbogue.com/#%i24bPBvo6c4lBob+pnKmD+jYVrixq+7K8kfwJ91vPds=.sha256
Or you can do this
https://viewer.heropunch.io/%25i24bPBvo6c4lBob%2BpnKmD%2BjYVrixq%2B7K8kfwJ91vPds%3D.sha256
You can also run these applications on your pub and link to them.
*this post in no way expresses the desires of the creators (Paul and Dominic) of ssb.
@Christian Bundy This might be a bug.
I ran this in scuttlebot @ latest and got
keys: { curve: 'ed25519',
public: 'IX6Z+bTqzdh5fp2il2TNo93Boozg7C4x8ll4GL0P2n4=.ed25519',
private:
'WxXBxNJS+jZvDUC0W2dJwz+2WxyksqPcqdWyq6Ahx7whfpn5tOrN2Hl+naKXZM2j3cGijODsLjHyWXgYvQ/afg==.ed25519',
id: '@IX6Z+bTqzdh5fp2il2TNo93Boozg7C4x8ll4GL0P2n4=.ed25519' }
public key is: IX6Z+bTqzdh5fp2il2TNo93Boozg7C4x8ll4GL0P2n4=.ed25519
but address is: net:localhost:8910~shs:UTP+w0wJvnKIizcouoV7qAxnOLLKxak/+MpqpmBgxpE=
Then I ran it in minsbot, my scuttlebot @ lts (11.4.3) fork, and got
keys: { curve: 'ed25519',
public: 'wJoWE5pLNKEI3EYGY2LzZpJWWcQrvJ83oDAaLFtqFgY=.ed25519',
private:
'acFLPibSYVXBxYvcJjCzEjpb/5ldImRrTAozP1XRoEbAmhYTmks0oQjcRgZjYvNmklZZxCu8nzegMBosW2oWBg==.ed25519',
id: '@wJoWE5pLNKEI3EYGY2LzZpJWWcQrvJ83oDAaLFtqFgY=.ed25519' }
public key is: wJoWE5pLNKEI3EYGY2LzZpJWWcQrvJ83oDAaLFtqFgY=.ed25519
but address is: net:localhost:8910~shs:wJoWE5pLNKEI3EYGY2LzZpJWWcQrvJ83oDAaLFtqFgY=
I want to give a brief update on the status of this vulnerability/bug.
Between @Christian Bundy @cryptix and I, we've determined this to have been an unintentional bug that was introduced when scuttlebot got private indexing, and fixed when the connections layer was introduced.
I think this means many of the folks out there who are using the latest scuttlebot are not effected, and should be able to consider their private messages secure. (Well, as secure as anyone should consider a highly experimental cryptography project that has not be audited by a neutral third party.)
I've taken the preventative step of turning off private messages in my publically served lite client at http://decent.evbogue.com/ , until I can figure out how to disable private message indexing and/or get it working well with the latest scuttlebot and the lite client.
If anyone else is using lite clients, you should consider doing the same -- if you're offering connections to peers who are not using the same public/private keypair as the server.
The only other team I know if who is using lite clients is @regular and @jfr, so ccing you guys to make sure you know about this bug.
@gb I obviously need a sharper knife to be able to cut sushi. But thank you for highlighting my best attempt from last night. My first looked like a sushi-dilla.
Hi @Teq, I want to volunteer to be included in discussions around moderation features, especially where they relate to the scuttlebot protocol itself.
Minor correction: I sold my iPhone first. You followed suit. - @gb
Correct!
I think the full story has to reflect that there was some warfare happening during and before the Mecatol moment, during which time I took the Quann wormhole (from you) and I cut off your direct access route to Mecatol (you can fill in the details if you want). - @gb
This is correct. But, if I remember correctly neither of us had the Quann wormhole or Mecatol Rex when the game ended. But since we ended early, we will never know who actually won the game!
Yesterday, we got together for my birthday (which is tomorrow), to celebrate by playing Twilight Imperium 4.
I played the L1Z1X Mindnet, and was doing very well. I was three points ahead of everyone for most of the game, and had captured Mecatol Rex early on.
But then, everyone decided that I was a huge threat to the galaxy. I'd formed up at [0.0.0] and still had my flagship [0.0.1]. But then The Speaker pulled an Agenda card in which the Galactic Council voted to destroy all of the ships in and around Mecatol Rex. Thus, half of my fleet vanished in an instant.
To @gb's credit, she voted against the motion, but was overruled by the majority of influence points in the galaxy.
One of my presents was the Galactic Map, under the board. It's basically a giant mouse pad on which your entire galaxy sits during Twilight Imperium 4. It's very nice, because the galaxy does not slide around during game play.
I also received a bag of roasted crickets, some "shooters" of rum and cognac, cake, and a cellular telephone.
My brother was getting a new phone, and found a two-for-three deal at T-Mobile. So I don't have to pay for 20 gigabytes of wifi-tethering per month!
Having a cell phone is kind of weird, because I haven't really had one since 2012. gb and I had a very dumb burner phone for a short time in Fayetteville to coordinate pickups at the restaurant -- but it wasn't useful for much else other than texting.
I'd sold my iPhone in The Mission in San Francisco in March 2012 -- after living in Mexico for three months. I became $360 richer by selling my iPhone. Since then, I estimate that I've saved at least $7,200 ($14,400 if you include gb, because she sold her iPhone too).
But, not having a phone makes you kind of a weirdo, so I now welcome re-integration into society.
As my brother kept saying yesterday: "how was your first birthday in America?"
Right now I'm using the phone to tether a handful of laptops and pmds, which are mesh networking together and with the wider Internet using yggsdrasil (because cjdns is still giving me issues) and I'm also secure foaf gossiping with you, so I must have a long way to go towards the re-integration thing.
In #yggdrasil @ freenode IRC. The room sports 100+ participants. It may be a mirrored Slack channel, I'm not sure. - @kas
Yup, joined. There are many more people in freenode. But it's clearnet! Or slack? Someone said it might be a Matrix bridge.
There are 6 of us at 201:4806:21d5:c971:407f:4ea9:4d7d:e491
.
I was having trouble getting cjdns to work for unknown reasons, so I tried yggdrasil. It worked out of the box, so that's cool.
I joined the irc chat room at 201:4806:21d5:c971:407f:4ea9:4d7d:e491
and the #yggdrasil room from my vps and I'll leave it on.
Where else do people hang out on yggdrasil?
@masukomi Good question!
The personal mesh device (pmd) is an abstract computer concept that I've been thinking about for a few years -- the pi just happens to be what I'm building with right now because it's easily available.
I want the pmd to directly connect with other pmds when they encounter each other, via an adhoc mesh network. Eventually we wouldn't need Internet anymore, because so many people would be using pmds.
But right now it's only using my local area mesh network, since I don't have wifi at my apartment.
The adhoc mesh networking thing hasn't really come together yet, but I want to dedicate some time to figuring out how to make the device reach out to other similar devices by default.
Another contemporary project is @micro's https://baculus.co/, which may also use %mvd (according to the website, anyway).
Right now the mesh network is very manual, and requires the wifi router. I'm open to ideas about how to configure this device to network automatically.
I'd also like to play around with getting cjdns and/or yggdrasil running on the pmd.
@nycmesh-hosted-node I guess I'm on @nycmesh all of the way in Rosemont! w00t.
decent
decent
is, these days, a fork of mvd, but simplified to be as simple as possible for newcomers to ssb. Decent also has mutable messages, but no wikis.
- status: kind of stable
- Github: https://github.com/evbogue/decent.git
git-ssb
: %decent
Try it online at http://decent.evbogue.com/
mvd
mvd
started as an attempt to build my own ssb client -- "minimum viable decent". It uses websockets over shs
to connect to your local or a remote sbot. Previously I'd been maintaining minbase, which was a fork of patchsix.
mvd
is the sbot client I use on my own computer. The key difference between mvd
and other clients is we have mutable messages and wikis.
See also:
- Status: wip, subject to radical change based on what I want my client to do
- Github: https://github.com/evbogue/mvd
git-ssb
: %mvd
{ "type": "edit", "branch": "%7yJUKh5/rFR8h+DvSzyXa/qpVPldgKI6/40zzNXmDIU=.sha256", "root": "%7yJUKh5/rFR8h+DvSzyXa/qpVPldgKI6/40zzNXmDIU=.sha256", "updated": "%6R4kiN5HSj8l7wk7F2SJOpA4Ms5MGwhrq2XUYxXv6Y8=.sha256", "original": "%7yJUKh5/rFR8h+DvSzyXa/qpVPldgKI6/40zzNXmDIU=.sha256", "text": "## this is a wiki on MVD\n\n#### this is an edit on MVD\n\nwoot! this is dope\n\nnice wiki! - [@ev](@8Qee0I/DwI5DHSCi3p5fsl6FyLGArrnDz3ox9qZr5Qc=.ed25519)", "mentions": [ { "link": "@8Qee0I/DwI5DHSCi3p5fsl6FyLGArrnDz3ox9qZr5Qc=.ed25519", "name": "ev" } ] }
looking at this again, the exposed
query.read
to friends is the problem and should have been raised when PM decryption was made transparent. I didn't know that was possible to begin with. As a stop gap we should maybe only listen to ssb-ws on localhost or rip it out all together.
Yes, I think either private messages should be stored encrypted or ssb-query
shouldn't be exposed to friends over ssb-ws
. It's kind of an either/or thing that wasn't really talked about when private indexing was implemented.
Pubs running this shouldn't be that much of an issue, I think, since they don't have the key to access PMs not for them and don't get PMs frequently, at least in the uses I know of.
Yah, I'll just turn the private message tabs off in the lite clients I'm running until a solution is discovered for this.
Thanks for taking the time to look into this @cryptix!
thanks kas, ev and gb. I'm had to leave scuttlefest after the first day due to a family emergency but have circulated amongst dc team.
@dan hassan android @NeB4q4H...
Hey! I'm just letting you know that I saw your messages above.
We have an active discussion going over here: %I6FaCzd...
I'm sorry to hear you had to leave scuttlefest early. :/
Could you specify what this means? The stack has changed quite a bit in the past six months, so I want to make sure that we're talking about exactly the same thing. Sorry for all of the questions, it's just that I'm struggling to understand and reproduce the issue without having all of the details. I can see the bug being triggered on a website, but I can't find the source for that website to identify what's going on. - @Christian Bundy
Thanks for taking the time to look at this, it's helpful to have other opinions about what's going on here.
You're correct that the stack has changed a lot in the last six months, and I've had trouble keeping up because many of the changes haven't been explained or documented very well. I had a lot of trouble getting the network layer to work with the lite client, so ended reverting to scuttlebot @ lts.
If this doesn't effect the latest scuttlebot, then it'd be great to know if this issue only effects my clients and (I think) @regular's clients.
You're correct, I'm using decent-ws
, which lets anyone connect to http://decent.evbogue.com/ or http://ssblist.com/ -- which would mean wider exposure than ssb-ws
, which only allows your friends to connect with you via websockets.
We can go deeper into the design decisions behind decent-ws
vs ssb-ws
, and I understand that decent-ws
is probably not supported by the ssbc.
github for ease of navigation: https://github.com/evbogue/decent-ws and here is the exact code that is running on my servers: https://github.com/evbogue/minsbot
My concern is that this vulnerability may have exposed private messages to friends between March 2018 and September 2018 when the network layer was implemented.
I did not really understand why the network layer was being implemented. But, if it was implemented because of this vulnerability, I wonder if we should notify users that their private messages could possibly have been breached (by friends) between March 2018 and September 2018?
And of course, I would need to look into the security of lite clients, if this is the only kind of client that is effected by this issue.
An easy fix for me would to make it possible to disable private message indexing on the server.
Beyond this issue, it also concerns me that we're storing private messages in plain text from a security perspective. It'd be good to be able to easily turn this off.
Boosting: %UCOV9DL...
Thanks for bringing this up, this is a great idea. I like how GitLab allows us to have private issues for security vulnerabilities, and it's a bummer that we don't have that. For the time being I think our best option would be for folks to privately message SSBC members rather than post public threads if they believe they've found a security vulnerability. - @Christian Bundy
I wish I could have confidently reached out to developers at the ssbc in private, however many of them block me.
In addition, this security vulnerability was posted in public before I was aware that it was happening.
@Christian Bundy Sorry, our messages passed each other in cypherspace
If used with a secure transport, that authenticates the client "transport": "shs" then this is not a problem.
I am using shs
to connect using the lite client, but I'm not using the connections layer over here.
I won't speak for others, but personally I've been offline and haven't seen your messages. Our internet access is extremely limited in both bandwidth and capacity, and most of us have been spending time face-to-face. - @Christian Bundy
Makes sense!
I'd love if you could unpack this issue a bit. Could you post the exact configuration that allows LAN peers to query ssb-ws? - @Christian Bundy
I'm using a fork of the lts version of scuttlebot that doesn't have the connections layer. I've had a difficult time getting the lite client to work with the connections layer in a reliable way.
If the connections layer solves this issue, that's good news, as long as you only allow your device to connect to the scuttlebot.
As @DavidW mentioned, private messages do not appear to be exposed over tcp/ip, which is also good news.
It could be this is just an issue with enabling global websockets, in which case maybe this is just a problem with the lite client(s)?
@ev you must have really pissed people off to have everyone block you like that. None of my business really, but you may want to change your game plan a bit, "plays well with others" is one of those sandbox skills you need to have to get by. Just sayin....
peace on earth good will towards bears - @moid
@moid I know why many of these people are blocking me: It's because I came of age in Bloomberg-era New York where the subway system was constantly telling me: "If you see something, say something." I have to balance that with growing up in (and returning to) Chicago where the saying goes: "Snitches get stitches."
As for sandbox skills: I've never wanted to play in a sandbox with children who are intolerant of other children who are different -- or have different opinions -- than the other children. So between New York and Chicago, I'll continue to advocate for inclusive (and secure) sandboxes for us to play in.
I've been bending over backwards not to accuse anyone of doing this on purpose, as there's no reason to believe that right now. But, if we're using (or have used) insecure-scuttlebutt I'm not going to shut up about it.
@ev just open an issue in GH, especially if you have a reproducible test case and/or can point to the relevant code. Someone will see it there - @moid
After the event-stream
debacle, I'm not quite sure if opening a Github issue in full public view of the entire development community is the most responsible way to handle this security vulnerability. But if people who are not kicked out of the ssbc want to bring this up on Github, then they should.
Update: I'm going to give this a rest and go get some groceries.
I just want to say that it's kind of weird that no one has responded to this from the ssbc, even though a few people at scuttlecamp are obviously able to get Internet, and thus they've read these messages.
A simple: "yah, we're gonna fix that." or "we're working on fixing it right now." would do a lot to calm this down.
Is there anyone at scuttlecamp who has asked Dominic about how to fix this?
I mean clearly this should be fixed, right?
Anyway, groceries and then I'll bang my head against this more tonight. The good news is I'm getting very familiar with the core secure-scuttlebutt
module where all of the boxing/unboxing happens. I hadn't really looked at it until now, because it worked!
Update: I tried the approach @Christian Bundy recommended above in ssb-server@14.1.3
:
const unboxerMap = (msg, cb) => cb(null, msg)
//const unboxerMap = (msg, cb) => cb(null, db.unbox(msg))
And regenerated indexes, but I was still able to view my private messages without my key present in the lite client.
Maybe I was doing something wrong, or this isn't quite the fix. I'm not quite sure yet.
Boosting: %zRYGPCI...
I just hit a wall, because I tried downloading and
npm install
ingscuttlebot@10.5.2
https://github.com/ssbc/ssb-server/commit/0f633f3396be68d6207ec3d2fd1d1f180f2a4662 because I'm on a public wifi connection that's not letting me download leveldb prebuilds for some reason -- and this version depends on an older version of leveldb than I have on my system right now.
Update: I'm unable to get older versions of scuttlebot to build on my machine because of leveldown build errors... So I guess I'm stuck working with minsbot [Github] and scuttlebot@latest [Github] as I try to fix this.
why are some messages leaking while others seem to remain private? - @punkmonk.termux
You're seeing the private messages that are unboxed on the server. Because the pub only has access to it's own private key, it would be unable to unbox messages from other people.
it might be useful to know who this might impact. is it accurate to say that only private messages that were posted via a public facing web client? maybe there could be scenarios where that wouldn't be the case, but that seems to be the pattern and wanted to verify. - %ytjlIM4...
ssb-ws
allows sbot.query requests out of the box, so if you have websockets enabled all a person would need to do is run an ssb-ws query directed at your public key in order to request your private messages over the wire.
I think if you're behind NAT it'd be pretty hard for someone to request your private messages over ws. However, if you're sharing wifi with someone who knows how to do this, it'd be pretty easy to do this. It'd also be easy to do this to a pub, or anyone who's connecting via cjdns (or not mesh networking software).
It could be that the connections layer that @arj implemented would protect against this attack, as long as you've not enabled websockets.
But I wonder if it'd be possible to do this over tcp/ip connections too? Those are enabled by default, as far as I know.
But we also gotta keep in mind that the connections layer was implemented in September 2018, and this vulnerability was first introduced in March 2018.
The thing that is really concerning to me is that no one who hasn't been kicked out of the ssbc has responded to this security vulnerability yet (or opened an issue on Github). It'd be good to know whether or not this effects the larger group of people who are using Patchwork.
I'm not using private messages in a way that I'd be embarrassed or my security would be compromised if someone had access to them. In theory all cryptography will be broken, someday, so I'm not sending things I wouldn't want someone to read.
However, if I'd used Dark Crystal to back up a cryptocurrency wallet private key, I'd be moving those coins about right now to a new private key.
It's impossible to know if anyone knew how to use this attack to fetch private messages, but better safe than sorry in my opinion.
I just hit a wall, because I tried downloading and npm install
ing scuttlebot@10.5.2
https://github.com/ssbc/ssb-server/commit/0f633f3396be68d6207ec3d2fd1d1f180f2a4662 because I'm on a public wifi connection that's not letting me download leveldb prebuilds for some reason -- and this version depends on an older version of leveldb than I have on my system right now.
I'm also a little zonked because of reading a lot of code that I haven't previously read before. I'm taking a break.
{ "type": "edit", "branch": "%IaEHdwQKt1aBo8iwaq37JxoMjrp+Z0aNzu12vugksCg=.sha256", "root": "%I6FaCzdXcKAiZp0LVhwVluDeDkhNPGQXEqNEkUFLq34=.sha256", "updated": "%IaEHdwQKt1aBo8iwaq37JxoMjrp+Z0aNzu12vugksCg=.sha256", "original": "%IaEHdwQKt1aBo8iwaq37JxoMjrp+Z0aNzu12vugksCg=.sha256", "text": "Ok, so I haven't fixed this yet, mostly because of my lack of familiarity with the `secure-scuttlebutt` module.\n\nI should also note that I'm using a fork of scuttlebot from lts, so I'm not exactly using the latest ssb either. The connections layer doesn't work for me, so I can't use the last three major versions of ssb over here. \n\nI tried just commenting out the `unboxer` stuff, and that didn't work because errors started throwing in all kinds of flume modules that I have no control over.\n\nMy first step has been getting more familiar with how `secure-scuttlebutt` works, and how it has changed over time. In the process I did discover when this vulnerability was introduced:\n\n![2019-02-25-162602_1004x109_scrot.png](&gVqUDqFe55vQzk9p2j1dqxQtgQXqb6wS46fK9l2Ao5s=.sha256)", "mentions": [ { "link": "&gVqUDqFe55vQzk9p2j1dqxQtgQXqb6wS46fK9l2Ao5s=.sha256", "name": "2019-02-25-162602_1004x109_scrot.png" } ] }
One idea I have is to just go back to a version of scuttlebot before March 5th 2018. Then I won't have the connections layer or decrypted private message indexes.
Ok, so I haven't fixed this yet, mostly because of my compete unfamiliarity with the secure-scuttlebutt
module.
I should also note that I'm using a fork of scuttlebot from lts, so I'm not exactly using the latest ssb either. The connections layer doesn't work for me, so I can't use the last three major version of ssb over here.
I tried just commenting out the unboxer
stuff, and that didn't work because errors started throwing in all kinds of flume modules that I have no control over.
My first step has been getting more familiar with how secure-scuttlebutt
works, and how it has changed over time. In the process I did discover when this vulnerability was introduced:
Congratulations to @gb, as today is her three year anniversary on ssb!
@kas yah, gb and I were just talking about the dark crystal angle over here. I didn't want to bring it up, but now that you have...
How big of a security risk is this?
Consider if you're in a room full of experienced ssb programmers, all on the same wifi.
Someone could write a script that attacks your ssb server, simply by running an ssb query over muxrpc directed at your public key -- this query will return your private messages.
So yes, this is a high priority to fix this, for me. But, I'm only on wifi with @gb, and I trust her not to make this request to my local sbot.
@cel I do have a case from GoodWill (it was 3.99), here's photos:
The keyboard is: https://www.microcenter.com/product/506957/mini-wireless-keyboard-w--touchpad
Let's move discussion about this security flaw over here, where I can work on this in public.
Private messages also leak in Decent, here's a screenshot:
I think the solution here is to not store private messages in plain text, as they are then made available over muxrpc.
I don't think this is directly exposed in non-liteclients. But, what's stopping someone from pretending to be a lite client and muxrpcing into your local client if they can figure out where your local sbot is?
Maybe this should be posted to Github by someone who is not blocked by Dominic? He won't see this if I post it to Github, because he blocks me on Github -- and he also deletes my comments.
You just discovered the security flaw in secure-scuttlebutt
that broadcasts your private messages to the public over muxrpc
.
You're seeing private messages that have been sent to gwen's pub in the private tab. I can see them too.
I've been working to fix this, but I have to fork secure-scuttlebutt
and fix it myself because the creator of the project refuses to talk with me.
Thankfully, I'm only working 8 hours this week, so I have lots of time to figure out what the hell is going on here.
Apparently, ssb has been around a lot longer than anyone thought...
This is a good use-case for private group messaging.
cc: @rabble
personal mesh device v1
For the past few years I've thought about creating a 'personal mesh device'.
I haven't owned a phone since 2012, but sometimes I find myself wanting a form factor smaller than a laptop.
Since I'm in Chicago right now, and Micro Center is just a short train ride away, I decided to invest some time and money into developing a small portable computer to use as my personal mesh device.
The personal mesh device v1 is built with a Raspberry Pi 3 B+ and a Raspberry Pi 7" display. I broke the USB port off the display board, and flipped the pi for a smaller form factor. Next I attached a $6 usb battery pack with a zip-tie. Finally, I installed dwm, Terminology, and %mvd.
If you want, I can build one for you. My asking price right now is $500 USD + shipping and handling. Or you can build one yourself, which is probably more fun!
Get in touch via ssb, and we can talk if you're interested in having me build a personal mesh device for you.
The other morning I woke up with the idea for a client that uses just one ssb-backlinks
query to load all of the relevant data into a post.
So I forked %mvd and got to coding.
And it turns out I accidentally created nested replies to threads!
How does it work? When I render a post I immediately do a query for backlinks against the post, next I render the links as they come in as sub-posts to the post I queried.
Sometimes this is a little clunky:
- A post in a thread that links to a post in a thread and then links back to the same post in a thread turns into an infinite spiral that destroys the browser (fixed by not rendering posts when they're from another thread -- instead you get a backlink post)
- Some clients aren't very specific about which post they are branching from, so you have to make a decision about which post to thread under (right now this is the first one it finds)
- Sometimes posts render twice or more in the same feed (this is a bit of a mystery, because I'm checking the DOM to make sure the post hasn't rendered already)
Even though some of these issues are fixed, it'll be a bit before I get these changes into %mvd.
The good news is, with only one query, it's very fast:
{ "type": "queue", "message": "%hFDIH496JSw8XlvM15n1rF9xTcfCw4ef4u8ovpQceQM=.sha256", "queue": true }
todo git-ssb
issues, such as %TYQnVaL... should render in %gitmx.
Did a git update in repo minsbot
- add some deps
@masukomi Here at the Successor newsroom, we cannot recommend spending any money on big purchases (school, car, home) while this $166,000,000,000 of delinquent student debt remains at large.
Unless, of course, you're one of the engineers making 250k+ at Google, Apple, Amazon, or Facebook. Then you can, of course, do whatever you want.
@rabble in response to: "I'm hoping that private groups will come along and give us both community structure and privacy."
Private groups is already implemented, as far as I know it's just waiting on a decision about which crypto algorithm to use to encrypt the messages.
We can already decrypt private messages in mvd, it's just not clear how to encrypt them.
Maybe this is something to talk with Dominic about at scuttlecamp?
Did a git update in repo mvd
- integrate styles from 0qc experiments
- point about at gitmx.com
Did a git update in repo mvd
- tiny tweaks to make things work better
- remove invite checker
- render about messages
- proper spacing for boost messages
Did a git update in repo decent
- add static server
Did a git update in repo decent
- upgrade renders and views
Did a git update in repo decent
- make it work with minsbot
@emilbayes Is there a repo for this p2p project anywhere? It'd be cool to check it out.
@Successor To attempt to make the above number more understandable, consider that the total market cap of all cryptocurrencies in the world right now is 122 billion (source) -- that's 44 billion less than total cash amount of delinquent student loans in the USA, as mentioned in the story linked above.
@Christian Bundy hackmd probably provides security via obscurity, but for actual privacy consider using @ansuz and @cjd's cryptpad
Hi @Nate B, welcome to ssb!
The article you mentioned was also briefly discussed here: %kE/95QO...
The critique of DAT and IPFS in the article seems valid to me. I guess that should be encouraging to all of us who've been working on ssb for years?
As for mesh networking software, check out cjdns, if you haven't already. But that's more of a global secure network than a local adhoc mesh network.
@DavidW But I think Manyverse depends on DAT for replication, which wouldn't work in the situation the article describes.
@gb Just so you know, here's how South Bay Marina in Green Bay, WI looks right now:
https://www.southbaymarina.com/live-camera-feed-of-the-bay
(so there's no rush to set sail)
Open questions: slip fees and even overnights at any Marina seems to be expensive.
Do real sailors just never dock? Because it seems like docking is more expensive than renting.
I'm going to reach out to the Crowley's team and see about volunteering at this year's event. You up for that if I ask for a plus one? - @gb
Yah, I'm up for volunteering, if they'll have us! So far their website doesn't say when Yachtapalooza is going to be. But it's still kind of cold here for the boating season to begin.
@gb I did read Cat's Cradle, and I thought was similar to an early version of Fight Club.
Similar to Moby Dick, I wonder if anyone actually reads Cat's Cradle until the end, because the ending was, well... I don't want to spoil it.
We've talked a lot about boats over the years (because we've been working on a boating-inspired distributed social network for years,) but I don't have much practical experience boating. Yes, I sailed a few times, but this was nearly ten years ago and I always had somewhere to come home to.
We went to Crowley's Yacht Yard last year, and looked at some of the boats that Nautical Donations has for sale.
^ that's me trying on the Burberry coat that Gary on the left was attempting to sell me at last year's Yachtapalooza.
Chicago is this weird city where there seems to be lots of boats, but not many boaters. I wonder why that is?
A few years ago Substack and Marina tried to give or sell us their boat when they were leaving Oakland, but we were in Mexico City at the time and didn't have the resources to get up to Oakland to claim the boat. I wonder what happened to that boat?
It seems to me that getting the boat, and then getting it into the water, and then hoping that it works right is the biggest leap here. Maybe it'd be good to hear from some of the sailors around here?
cc @dangerousbeans, @dominic, and who else has a boat?
{ "type": "scat_message", "text": "@punkmonk yup, and I'd like to reduce my dependence on github and build better collaboration tools around git-ssb" }
I got you @bobhaugen. What I think I was trying to communicate in the moment is that I'm open to seeing someone create a distributed social network that works better than ssb.
In the meantime, I'll be here.
I have a lot of respect for what the ActivityStreams contributors have done with their various projects, but it's my own opinion that ssb has solved the distributed social networking problem in a more effective way than federated social networks have solved it.
backchannel (scat) support in %gitmx
I've had support for @squicc's scat in %mvd for awhile.
But today it occurred to me that it might be cool to have dedicated chatrooms for our projects on git-ssb
. Many people use IRC, Slack, and Gitter as open source chat rooms, but what if we could chat about our projects right here on ssb? That'd be cool! So I got to coding.
First, I added root
message to scat messages, and now I can query for chat messages that are aimed at other hashes.
Next, I added a Backchannel button to project pages, so that you can open a dedicated chat window for every git-ssb
project.
Try it out at: http://gitmx.com/#backchannel/%Ae8O3MnfoDjV5BhfZ3wR4GiiBjFc2SxCFMdbIhIlUFY=.sha256
All scat messages are at: http://gitmx.com/#backchannel
Open questions: should scat messages with roots show up in the main backchannel room? We could always filter them out if it's confusing.
Did a git update in repo gitmx
- add backchannel (scat) support to repos
{ "type": "scat_message", "text": "Hello world, this is where we can chat about %gitmx", "root": "%Ae8O3MnfoDjV5BhfZ3wR4GiiBjFc2SxCFMdbIhIlUFY=.sha256" }
{ "text": "Testing", "type": "scat_message" }
@noffle Hmm, ssb-webify
worked perfectly, but Deno errored out...
Downloading http://viewer.scuttlebot.io/web/%26r8T24GOUwwxb2GoSRHczhkACf%2FFepfBJNZ4J4Qs28IQ%3D.sha256/http/server.ts...thread 'tokio-runtime-worker-2' panicked at 'called `Option::unwrap()` on a `None` value', libcore/option.rs:355:21
note: Run with `RUST_BACKTRACE=1` for a backtrace.
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Canceled', libcore/result.rs:1009:5
I guess Deno has trouble with hash filenames for folders too?
open question: how to use ssb as a Deno module manager?
#deno is great, as it lets you request modules from anywhere via http.
But, I can't quite get it working with ssb, because Deno wants your file to have a proper filename. Example: serve.ts
.
This means that
import { serve } from "http://evbogue.com:8989/blobs/get/&CNnGcLf0eX1KPtq1t4GjU7jR24Q1bwuD5FRXT2x8U7U=.sha256";
const s = serve("0.0.0.0:8000");
async function main() {
for await (const req of s) {
req.respond({ body: new TextEncoder().encode("Hello World\n") });
}
}
main();
fails with the error
Downloading http://evbogue.com:8989/blobs/get/&CNnGcLf0eX1KPtq1t4GjU7jR24Q1bwuD5FRXT2x8U7U=.sha256...thread 'tokio-runtime-worker-2' panicked at 'called `Option::unwrap()` on a `None` value', libcore/option.rs:355:21
note: Run with `RUST_BACKTRACE=1` for a backtrace.
thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: Canceled', libcore/result.rs:1009:5
Because Deno doesn't understand the filename .sha256
.
I'd like to find a way around this, so that Deno can remain simple and I can still use ssb as a Deno module manager.
Signing in / Creating an account is just something that's going to have to keep happening. It's just a "cost of doing business". Going with a standard username + password setup that people are used to has a LOT of benefits. - @masukomi
I agree that there's much to be desired as far as speed goes in the scuttleverse. I don't think this is git-ssb-web
's fault as much as the scuttlebot daemon not responding fast enough given the small amount of memory on the scuttlebot.io vps.
We could slap a username/password interface on a lite client, but then someone would have to want to be responsible for keeping all of those private keys safe...
Each of the P2P protocols I know of has strengths and weaknesses. Sometimes a strength in one dimension is a weakness in another. For example, SSB works offline, but then AP works on the Web and is a lot easier for people to get into. - @bobhaugen
ssb also works on the web: http://decent.evbogue.com/ -- no login system required!
I outlined what I thought about the comparative strengths and weaknesses in some other message somewhere in the scuttleverse....- @bobhaugen
This isn't to say I don't think ssb has weaknesses. I'd argue that our client ecosystem isn't nearly as good as ActivityStreams' clients.
I'm personally trying to learn more about how to create a better user experience for newcomers to this project.
We are deliberately working with projects in three of them because we don't know which will work best in which conditions or if that project will survive at all... - @bobhaugen
Yes, there's definitely something to be said about not putting all of your eggs in one basket. I'm definitely dedicated to ssb, but I'm not opposed to finding a solution to the distributed social problem that's better than ssb.
@Daan (the same one) Yes, you're correct, no one is trying to constrain us to using ActivityStreams vocab.
We could change the clients to support ActivityStreams vocab, but because we're using cryptography there's no way to reformat everyone's messages in the past to comply with the spec.
I think it'd be a fun experiment for someone to fire up an ActivityStreams ssb altnet where all of the json schemas are ActivityStreams compatible.
For example, we use the format:
{
"type": "contact",
"contact": publickey
"following": true
}
for messages saying that I'm following (and thus replicating) someone.
If we were to change this, we'd need to re-write this using the example here: https://www.w3.org/TR/activitystreams-vocabulary/#dfn-relationship
{
"@context": "https://www.w3.org/ns/activitystreams",
"summary": "Sally is an acquaintance of John",
"type": "Relationship",
"subject": {
"type": "Person",
"name": "Sally"
},
"relationship": "http://purl.org/vocab/relationship/acquaintanceOf",
"object": {
"type": "Person",
"name": "John"
}
}
Which anyone could do, but will anyone?
Boosting: %ZRwc8ZU...
following their message schemas would probably work, there is just the disconnect between federated vs fully decentralized that is the big problem really. - @dominic
I have the same opinion here. ActivityStreams/ActivityPub is great, and the whole ecosystem is super professional.
The problem is that secure-scuttlebutt
makes ActivityStreams/ActivityPub obsolete.
With secure-scuttlebutt
all I need to know is:
- I have a public/private keypair
- I write signed messages to an append-only log in a sequence order
- These logs are gossiped via foaf replication, local network replication, or even a dht if you're into that kind of thing
This means I can use whatever schema that I want, and it's up to the client to parse it.
Where ActivityStreams actually fails is the lack of cryptography.
I have no idea if I'm getting an authentic message from E14N's pump if I'm running an ActivityPub server on the other end of the Internet. I have to go compare the content with my own eyes and make sure no one modified the message in route to my server.
Anyway, this is only my strong opinion from hanging out on identica, statusnet, tent, pump and diaspora ever since Twitter failed by closing their API.
Every couple of years someone tries to do a federated social network again, and even if it uses the same schema as the last federated social network it still fails where ssb succeeds.
{ "text": "hi @oni, you're not the only person using scat today!", "type": "scat_message" }
@Christian Bundy The only computer game I've played over the past few years is 0ad.
It's similar to Age of Empires, but open source.
I'm not saying no-one should make a distributed GH clone / competitor. I'm saying there's not much need for such a thing because the Centralized open source ones are so good. - @masukomi
You are right, the centralized open source git hosting solutions are very good.
I've installed Gogs and run GitWeb in the past, and they work flawlessly.
In fact, I still use git.suckless.org to clone down dwm
whenever I'm customizing and building my window manager.
I've used http://gitmx.com/ for a variety of things over the years, but the first thing I installed on it was Gogs.
However, the trouble that I always run into when using these software solutions is isolation.
For example, if I'm hosting software on a Gogs instance then everyone who uses my software needs to get a login for my specific Gogs instance in order to leave an issue.
This is why when @cel invented git-ssb I got very excited that this would finally solve the social isolation problem that results from running your own centralized git hosting service.
This means I can view Patchfoo at: http://git.scuttlebot.io/%25YAg1hicat%2B2GELjE2QJzDwlAWcx0ML%2B1sXEdsWwvdt8%3D.sha256
and I can view it at
http://gitmx.com/#%YAg1hicat+2GELjE2QJzDwlAWcx0ML+1sXEdsWwvdt8=.sha256
And weirdly enough because of the nature of gossiped logs, it turns out we're looking at the same copy of Patchfoo through two different portals.
Last night I spent some more time coding on %gitmx.
I made it possible for non-technical people to leave issues via the user interface with an issue button. I've also added @gb's label patch for %mvd, so now you can label and sort git repositories by various topics.
Here's a screen shot from: http://gitmx.com/#label/ssb-client
Did a git update in repo gitmx
- add issue button and fix errors
Doing it in a distributed manner that's also friendly to non-geeks is hard, but I don't know that we really need distributed here. I'm not sure that there are significant enough problems with the centralized versions ( if you include personally hosted on a server of your own type of centralized) to justify all the work of a decentralized one that works for non-geeks and is usable without them having to install special software. - @masukomi
Yes, but can't this argument be made for all centralized social networks? If we put all of our information in one place, and trust it with one corporate entity, then it solves a lot of problems.
I'd rather make the argument that Git was distributed before Github came along and convinced us all to use their software. Now that Github has sold us to Microsoft, it's time to figure out a new solution to this problem.
Personally my concern is that various package managers are starting to build GitHub in as the default.
Yes, this is concerning.
{ "type": "queue", "message": "%6s3ZU3r0smv0fVNKosodZVylVYkRZ3xUfJpdUK5f5lc=.sha256", "queue": true }
@ev %gitmx needs an issue tracker.
The issue tracker should:
- have some way of minimizing closed issues
- issues should link to the repo hash
- show the number of open issues at a glance (on a button maybe?)
I don't think issues should be automatically queued for the repo author, the author can queue the issue themselves if they want to make it a priority.
Should I use the git-issue
type or the post
type? It seems to me that most issues these days are just posts, so I'm not sure if we still need the git-issue
type from git-ssb-web
.
Anyway, I'll queue this message and work on the issue tracker in the future.
Did a git update in repo mvd
- fix spacing and recursive error when fetching thread messages
- add a space before boost handle
{ "type": "label", "label": "ssb-client", "link": "%aj0VHPp9OXTfJl59cJ1xp9gLJRiJPK+kFaI0khzM0A4=.sha256" }
{ "type": "label", "label": "lite-client", "link": "%Wq/vobdcDedC0FBO2UdowxhPcqokSwtf9Og1mjYvQGE=.sha256" }
{ "type": "label", "label": "ssb-client", "link": "%Wq/vobdcDedC0FBO2UdowxhPcqokSwtf9Og1mjYvQGE=.sha256" }
Did a git update in repo gitmx
- render buttons on git messages, render stars on mini messages
- minor style changes
- abstract labels into tools, and tweak git renders
{ "type": "label", "label": "lite-client", "link": "%Ae8O3MnfoDjV5BhfZ3wR4GiiBjFc2SxCFMdbIhIlUFY=.sha256" }
{ "type": "label", "label": "ssb-client", "link": "%YAg1hicat+2GELjE2QJzDwlAWcx0ML+1sXEdsWwvdt8=.sha256" }
{ "type": "label", "label": "ssb-client", "link": "%s9mSFATE4RGyJx9wgH22lBrvD4CgUQW4yeguSWWjtqc=.sha256" }
{ "type": "label", "label": "ssb-client", "link": "%NPNNvcnTMZUFZSWl/2Z4XX+YSdqsqOhyPacp+lgpQUw=.sha256" }
{ "type": "label", "label": "lite-client", "link": "%NPNNvcnTMZUFZSWl/2Z4XX+YSdqsqOhyPacp+lgpQUw=.sha256" }
{ "type": "label", "label": "ssb-server", "link": "%M0TrM+oJT2i/phUJO/fZ2wkK2AN2FB1xK0tqR7SNj58=.sha256" }
{ "type": "label", "label": "ssb-server", "link": "%bEpNCZyU/f+Hi0Jhk6C9SQoNorT9NMyJen2NTCS0vaU=.sha256" }
@gb ok, I queued your request so I can work on it later while I'm offline.
Alright, it's live at http://gitmx.com/ folks.
{ "type": "queue", "message": "%pckujAI12S0FVxJ4AAhxmn+VKvzf9/ysTYqugcDs6fE=.sha256", "queue": true }
Ok, so last night I was thinking about this question of "how do I leave Github?", so I got to coding.
I figured it wouldn't be too hard just to show the git-ssb
posts in a fork of %mvd. So I forked mvd into a new repo and began by changing the views so the focus was exclusively on all of the work that's happening on git-ssb
.
The result is %gitmx
It isn't quite up at http://gitmx.com/ because I'm doing some server admin stuff that will let me run two different lite clients off one sbot. I'll finish that tonight, and it should be live on http://gitmx.com/ tonight.
These commits feel as if they're a step in the right direction, for me anyway. Next I'll need to focus on what tools we need in order to collaborate better on git projects using ssb.
We already have wikis, and an issue queue, but I wonder what else we need?
Did a git update in repo gitmx
- initial commit
Did a git update in repo minsbot
- move config in-house
- require and install ssb-backlinks
I think it'd be great if Github decided to store all of our issues in repos, but I'd argue the entire point of Github is that they don't.
The fact that Github owns our issues is the reason that we can't leave, and the reason our data was sold to Microsoft for 7.5 billion.
Maybe a better question to ask is: how can we start using Git in a way that doesn't give Github power over us anymore?
- The third option is hard but it may be worthwhile: build a bridge.
- You may be accused of "adding to the castle".
- You may be accused of wasting resources that could be used to set up camp.
- The above accusations may be correct, I don't claim to be an expert.
- Building bridges behind you takes time and energy, but makes it easier for others to follow. - @Christian Bundy
Yes, this is somewhere close to how I feel about it.
Am I adding "to the castle" by participating in Github?
In the past when Github was this sort of neutral startup that provided a slick interface to collaborate with your friends using Git, I didn't feel so bad. But now that it's part of Microsoft, I feel the pressure a bit more on myself to not contribute to the castle.
Because Git makes it easy to push to multiple remotes, we're not presented with the all-or-nothing choice that say Facebook or Twitter has asked to make about our data. I can push to multiple castles, including git-ssb
-- which I don't think of as a castle.
Now, I don't log into Github every day. I sometimes forget to push to Github, because it times out when I'm pushing when I'm offline.
But I wonder if I were to leave the castle, and just strike out on my own (well, not quite on my own), if I'd build a better bridge back across the moat?
The castles metaphor can be extended beyond just this case though -- we could be living in the new middle ages where all of the money only goes to people who play ball with a couple of corporations that control almost all the content on the Internet!
I just discussed this entire complex with cryptix and we came to the conclusion that we're not sure if it makes sense to consider anything but mutual follows. - @keks
How does 'mutual follows' relate to the graph and conversation above?
This is an interesting point to consider -- what is easier for non-technical people: keeping issues in a repo, or keeping issues in a separate location (such as on ssb)?
This relates to @joeyhess's blog post that I mentioned in the active discussion going on on my thread about whether or not to leave Github: %eVeovVP...
We definitely don't have to choose between storing issues in Git or using ssb to store messages and then talking around the git repos, since we could definitely do both, but which is the easiest for the public?
Github is definitely easier for non-technical people, and that must be the primary challenge that we're up against as/if we move towards deprecating Github.
@elavoie Fossil energy is definitely something we could talk about here, but I don't know if I quite want to factor this into my decision to leave or stay on Github.
I have a hard time knowing whether or not the lack fossil fuels will to the eventual demise of big tech companies. Really, the first thing that occurred to me is that these companies can probably afford more energy than I can, and thus can probably keep their servers going longer than I can.
And over the last week or so, I have been puzzling the ethical aspect of working for these companies. And I think it would be better for the community to have a Google/Facebook/Microsoft/etc. developer contribute money or time to SSB-related projects than not doing it. - @elavoie
I think it'd be great if these companies could spend some money on supporting ssb, but they haven't yet, (as far as I know).
It'd be great if these companies would actively recruit people from the ssb space, but so far as I can tell being associated with data liberation projects actually limits your hire-ability at these companies.
We just need to be careful that the value created by the community will not be enclosed by a single entity. - @elavoie
Yes, as the core of my question about Github is whether or not this has happened. If I wanted to leave Github, and not look back, could I do this and survive in the digital world?
I do find it amusing that folks in 2018 think that Microsoft is scary when compared to all of the rest. - @Enso
I should clarify that I'm not as particularly anti-Microsoft as I was 10 or 15 years ago. I have a Microsoft Github account, and I have a Microsoft LinkedIn account.
I think it'd be hard for me to rail against Microsoft and also use their software. Years ago, when the whole "Mac vs PC" movement was going on, I was definitely a pro-Mac guy and an anti-PC guy.
Now, in my opinion, all Intel computers are a great place to install Linux.
My question of "why do I have a Github account?" revolves around whether or not we feel that having our data sold to Microsoft was devastating to the open source community.
we can't develop SSB and related projects without interacting with the way society works right now so a short term compromise that enables alternatives to grow progressively is a viable and honorable way of trying to live according to a non-mainstream viewpoint. - @elavoie
Yes, this is exactly what I'm wrestling with. What is too weird for society?
Obviously ssb is weird, and cryptography is weird. But Git is weird too, because it's made up of commits and merkle trees. And somehow Github managed to normalize Git for mainstream audiences. Github managed to make Git so presentable that getting your green dot in for the day became a requirement for developers everywhere.
We probably wouldn't be here with Github, because we never would have met. I couldn't have discovered Dominic's original scuttlebutt module in 2012 without Github -- because where else would I have gone to find it?
But I always had this sinking feeling that Github was going to sell us out. I've tried to leave Github in the past. I've tried self-hosting my Git repos, moving to Gitlab, and I've tried fleeling all of the way to Gitboria (before it went down.)
Gitlab is one option, but it doesn't facilitate the syncing issues across repos, and now that it's Google funded it's basically like trading Microsoft for Google.
This isn't the first time I've wanted to leave a platform, years ago I tried to live without npm. I quickly discovered that living without npm is harder than one might think!
But what is society? Is Github society? If Github is society, then was society sold to Microsoft?
But not everyone uses Github. The creator of Git doesn't use Github. Does that make him somehow a dropout of society?
If I stop using Github, am I also a dropout of society?
Or am I already a dropout, with or without a Github account?
{ "text": "It's snowing in Rosemont, again! ", "type": "scat_message" }
My mind keeps going back to Apple's Think Different campaign in 1997-1998, where this was one of the original posters:
It's hard imagine Apple then compared to now -- they weren't always an overpriced cellphone store. Back then Steve Jobs had just come back (after getting fired from Apple in 1985,) they'd acquired NeXT and rolled out the original iMac with Mac OS X.
There must be something to be said right now about outright rejecting the idea that our data is to be bought and sold.
Anyway, I'm torn. One the one hand, I want to 'live the change I want to see in the world' but I also fear that if I was truly to use software that way I want I'd probably vanish into cjdns and never touch the public Internet again.
If I did what I want to do, I'd become a cryptographically-secure hermit, broadcasting from the depths of cypherspace.
{ "type": "edit", "branch": "%HDuPOcfjRueb7ZJo/iQl3Awnp28AfG4aUUyeKlhyj5w=.sha256", "root": "%UbmyE84JJMc7TkS7gdDW3nnRC4+K69xfTl/CV45B0sA=.sha256", "updated": "%HDuPOcfjRueb7ZJo/iQl3Awnp28AfG4aUUyeKlhyj5w=.sha256", "original": "%HDuPOcfjRueb7ZJo/iQl3Awnp28AfG4aUUyeKlhyj5w=.sha256", "text": "> 1. collaboration with other folx & communities who aren't on ssb\n> 1. making it easier for folx not on ssb to discover my work\n> 1. email notifications of issues/PRs/discussions\n\n> So much of the open source world isn't on ssb, and joining ssb is a nontrivial task. -[@noffle](@C3iYh/12sO1uvKq1KcZXLFxSySzxOkHxXN8rtNB5MGA=.ed25519)\n\nMany of these are the reasons why I hesitate to leave Github too.\n\n[@noffle](@C3iYh/12sO1uvKq1KcZXLFxSySzxOkHxXN8rtNB5MGA=.ed25519) I remember we [had a call last year](%TJC9UQl5ARcPGzEZNNMy3sgF38t1PSTDesj340gYIbA=.sha256) where we talked about making `ssb-npm` easier to install, and we had some good ideas about how to do that, but I haven't made much progress myself. \n\nNow that Ryan Dahl is working on [Deno](http://deno.land), I've relaxed around the npm thing, as I figure everyone will switch to Deno -- and Deno is coming together fast.\n\nWith Deno, I can define a module at a url, and then it will import the url. \n\n```\nimport { serve } from \"https://deno.land/x/http/server.ts\";\n```\n\nI think it'd be trivial to get Deno working with ssb blobs, but it won't be trivial to port ssb to Deno. \n\n---\n\nI'm also on Microsoft LinkedIn, and for me I think that'd be much easier to leave. I only got on LinkedIn last year, because of pressure to find a tech job. That hasn't gone anywhere, so I figure LinkedIn isn't helping anything, thus it'd be easy to leave. \n\nI do still use email, and I find that most other people do to, so when someone isn't on ssb I fall back to email when communicating with them. \n\nHowever, I have this simultaneous feeling that Github is the Facebook of Git, that they've somehow managed to trick us into using it and then sold all of our git analytics and issues to Microsoft. Part of the reason I got into p2p is that I was tired of my data being sold out, so I wonder why I'm tolerating it with Github. \n\nObviously Github doesn't own our repos, which is how I convince myself that it'd also be easy to leave. But the reality is much different than what I want to imagine, as far as leaving goes.", "mentions": [ { "link": "@C3iYh/12sO1uvKq1KcZXLFxSySzxOkHxXN8rtNB5MGA=.ed25519", "name": "noffle" }, { "link": "@C3iYh/12sO1uvKq1KcZXLFxSySzxOkHxXN8rtNB5MGA=.ed25519", "name": "noffle" }, { "link": "%TJC9UQl5ARcPGzEZNNMy3sgF38t1PSTDesj340gYIbA=.sha256", "name": "had a call last year" } ] }
- collaboration with other folx & communities who aren't on ssb
- making it easier for folx not on ssb to discover my work
- email notifications of issues/PRs/discussions
So much of the open source world isn't on ssb, and joining ssb is a nontrivial task. -@noffle
Many of these are the reasons why I hesitate to leave Github too.
@noffle I remember we had a call last year where we talked about making ssb-npm
easier to install, and we had some good ideas about how to do that, but I haven't made much progress myself.
Now that Ryan Dahl is working on Deno, I've relaxed around the npm thing, as I figure everyone will switch to Deno -- and Deno is coming together fast.
With Deno, I can define a module at a url, and then it will import the url.
import { serve } from "https://deno.land/x/http/server.ts";
I think it'd be trivia to get Deno working with ssb blobs, but it won't be trivial to port ssb to Deno.
I'm also on Microsoft LinkedIn, and for me I think that'd be much easier to leave. I only got on LinkedIn last year, because of pressure to find a tech job. That hasn't gone anywhere, so I figure LinkedIn isn't helping anything, thus it'd be easy to leave.
I do still use email, and I find that most other people do to, so when someone isn't on ssb I fall back to email when communicating with them.
However, I have this simultaneous feeling that Github is the Facebook of Git, that they've somehow managed to trick us into using it and then sold all of our git analytics and issues to Microsoft. Part of the reason I got into p2p is that I was tired of my data being sold out, so I wonder why I'm tolerating it with Github.
Obviously Github doesn't own our repos, which is how I convince myself that it'd also be easy to leave. But the reality is much different than what I want to imagine, as far as leaving goes.
Did a git update in repo minsbot
- add install instructions
- in-house decent-ws and load ssb-search
- initial commit -- at least this works!
@kas I just did a pacman -Syu
and everything seems to be working for me.
But I don't have an atd
file in pam.d
, so it must be for a program I don't have.
How can I test this over here?
@benhylau I don't know if you were on cjdns back then, but years ago I tried to get everyone I knew to move from Github to Gitboria in Hyperboria.
But then eventually Gitboria went down.
The great thing about git-ssb
is I'm mirroring my work across my friends and my friends friends, so I don't think it'll go away like Gitboria did. I wonder if that changes things?
But still it's a challenge that everyone uses Github for everything development related, and that makes it hard to leave.
I found a piece that @joeyhess wrote on his blog 8 months and 8 days ago that relates to this conversation:
I could write a lot of things about the Github acquisition by Microsoft. About Github's embrace and extend of git, and how it passed unnoticed by people who now fear the same thing now that Microsoft is in the picture. About the stultifying effects of Github's centralization, and its retardant effect on general innovation in spaces around git and software development infrastructure.
Instead I'd rather highlight one simple criteria you can consider when you are evaluating any git hosting service, whether it's Gitlab or something self-hosted, or federated, or P2P[1], or whatever:
Consider all the data that's used to provide the value-added features on top of git. Issue tracking, wikis, notes in commits, lists of forks, pull requests, access controls, hooks, other configuration, etc.
Is that data stored in a git repository?
https://joeyh.name/blog/entry/the_single_most_important_criteria_when_replacing_Github/
Anyway, this is one post that I'm thinking about as I'm thinking about deleting my Github account.
What do people think about leaving Microsoft Github?
8 months ago, I wrote "Should I delete my Github account?" when it was rumored that Microsoft was buying Github for 7.5 billion.
8 months later, I still have a Github account, but I barely use it.
We have git-ssb
, do I need a Github account?
Why do you still use Github?
mvd @ 1.16.1
In the latest version of %mvd I've pushed a labels feature authored by @gb.
Labels allows you to label posts:
type: 'label',
label: 'labelname',
link: <postid>
When you click on a label, you're presented with a labelStream
, which streams all of the labeled posts into view:
Labels are a feature in @gb's upcoming stealth project, and it's good to be able to support them in %mvd.
If you want to clone down mvd, use git-ssb
:
git clone ssb://%NPNNvcnTMZUFZSWl/2Z4XX+YSdqsqOhyPacp+lgpQUw=.sha256
npm install
npm run build
npm start
mvd will launch in your browser at http://localhost:8989/
Did a git update in repo mvd
- 1.16.1
Did a git update in repo mvd
- merge labels into master
- render all private messages in private tab, attempt to decrypt all private messages with browser key on render
- enable live stars
@cel works!
A and D can replicate in that case, just like ssb-friends describes. - @cryptix
I'm ok with how the replication schedule is programmed, if this remains true.
What do you think about A and E, though? That is the [sybil] swarm case - @cryptix
I think this handled with hops: 2
in most clients already, because if you're at two hops you're not going to see Edith.
Sometimes I wonder if maybe should not replicate D though, I expect some people might want that. - @dominic
Yes, this is the troubling case that I mentioned above.
@Christian Bundy I made a client for ssb a long time ago called Micropub that was loosely based on Tweetdeck.
One idea I had was to limit the post size using substring(0, 139)
and then allowing people to click through to the full post -- but I don't think I ever got that far.
@cryptix I don't agree that Alice shouldn't see Debora because Bob blocks her. Claire still follows Debora, and thus Alice should still be able to see Debora. If both Bob and Claire block Debora, then Alice shouldn't see her.
What you're describing is transitive blocking, and could be used by powerful people and governments to squash criticism. If ssb-shadowban
was implemented, I'd fork and provide a version that didn't include this type of authoritarian censorship.
{ "text": "+1, @squicc: how's the weather in NC?", "type": "scat_message" }
My gut says this is a little invassive, but my ... teeth (?) say "better they know the meta data which is available to anyone sooner rather than later". - @mixmix
I definitely agree with this statement.
Is this graph expensive to generate?
How do my stats look?
@Christian Bundy --> "Why isn't Patchwork called Cyphernet?"
@mix, are you open to working in the service industry?
The reason I'm saying this is because I've run out of money a whole bunch of times over the past six years working towards making secure distributed social networking a reality.
I've always found that it's way easier to get a service job than it is to find leads in the tech industry -- just go down to your local restaurants at 2-3pm and ask for the General Manager. Tell them you'd like to try your hand at serving, or maybe even dish. Next, pick up some non-slip shoes at your local shoe store.
I've found working service can be very grounding. I'm constantly reminded that most people don't use Linux computers, don't know what Ethereum is, don't use secure social networks, and don't really care about Shamir's Secret Sharing. This fact isn't very inspiring, but it constantly reminds me that we have a lot of work to do before this technology is ready for mainstream audiences.
In fact, the last time I almost ran out of money was in San Francisco at the end of 2017 trying to get a tech job (again), and was grateful when someone finally broke it down for me in a blunt way: "Look, as long as you're working on data liberation, you won't work in The Valley -- all of these companies make money from harvesting user data, and they don't want to fund their competition." (or so I recall them saying).
Anyway, it's something to keep in mind if your runway gets shorter before anything appears.
I always find it comforting to know that there are service industry jobs everywhere, even with the tech industry being in the state that it is right now.
If you haven't already seen this talk by Alan Kay, and you have a free hour over the next few days, I want to encourage you to watch his latest talk The Best Way to Predict the Future is to Create It. But Is It Already Too Late? at the National Library of Medicine in September 2018.
Alan Kay is kind of an unintentional godfather to ssb, because at OOPSLA 1997 he encouraged someone to create an Internet where every object had a unique ID.
Anyway, his new talk is both inspirational and deeply disturbing (in regards to the current geo-political environment).
I hope that you take the time to watch it -- perhaps with a friend, or a friend of a friend.
@mix taught me how to create a chronological index of my feed awhile back. I'm currently using that for most of the views in %mvd.
Relevant code: on M$ Github:
https://github.com/evbogue/mvd/blob/master/query/index.js#L34
https://github.com/evbogue/mvd/blob/master/views.js#L513-L557
This means I can re-sync and also see posts in chronological order.
While it'd be better to use branches to generate this view, I haven't had many issues with just sorting my feed chronologically.
This has only gone once, because someone posted from five months in the future. I ended up hiding any posts from the future, until the future arrives.
Open Question: How to disable private message indexing in secure-scuttlebutt
?
Is it possible to disable private message indexing in secure-scuttlebutt
?
I want to only decrypt private messages at the moment that they are viewed, but secure-scuttlebutt^18
automatically decrypts a scuttlebot's private messages and stores them in my .ssb/flume
directory.
I do not want to store these messages in plain text.
Does anyone know if it is possible to easily disable this functionality?
Updating this post with new info. @dominic just answered this question indirectly in his Design Patterns in Scuttlebot post.
legacy: good idea at the time
sometimes something seemed like it would be needed going forward, but turned out to not be that useful. New code probably doesn't do it this way anymore so this can make old code look weird.
example: https://github.com/ssbc/ssb-server/blob/07d63a3abed4e45118459592b21fbfb878929e0b/plugins/master.js
there was a previous plugin format that didn't need {init, manifest,name...} and master used this. also the master thing allows you to configure a remote key that has full access to the ssb-server. for example, set
master:your_id
in your pub's config and you can now connect to your pub remotely, without using ssh. This seemed like a good idea at the time, but didn't really get used.
[Emphasis mine]
It's good to know this code is legacy, and isn't really used. Perhaps that's why we keep trying to rip it out?
Welcome to ssb @Jesse Mills!
@rabble +1 for being a Maciej CegΕowski fan, though I've never met or talked with him.
His software is awesome and I appreciated his Thoreau 2.0 talk in 2013.
Thank you @Christian Bundy for explaining the master
plugin in a way that I could understand. I understand why it is required now.
thanks for raising this @ev. GRR that's a stink response from @dominic
My point is that I think this should be default on ... and disabled if someone needs to not have it on ... or at least give useful error messages. Like how is it possible to know what the crap is wrong when you're just told you're not allowed to call a method that's in your manifest.... I only magically know this master line is needed because I've worked on previous projects, and it still ate an hour of my time when I fell in this hole yesterday - @mixmix
@mixmix I agree with you that this plugin is an issue. I've removed it myself a few times, and not known why my sbot stopped working.
If master
is required to run your scuttlebot instance, then it shouldn't be a plugin. I've removed it because I thought it was optional.
fyi, @dominic deleted my comment on github. It's a good thing I'm using an append-only log, otherwise no one would know what I said in the comment!
If mix and I feel stupid about an sbot error, then how will new developers to scuttlebot feel when they encounter it?
Thanks @Christian Bundy! This code makes a lot more sense to me.
Could @mix remove the master
plugin by allowing only the .ssb/secret
id to use his sbot?
Or is master
absolutely required? I imagine it could be checking to make sure that no unauthorized keys attempt to use your local sbot.
Here is the contents of the master
plugin:
// master plugin
// allows you to define "master" IDs in the config
// which are given the full rights of the local main ID
module.exports = function (api, opts) {
var masters = [api.id].concat(opts.master).filter(Boolean)
api.auth.hook(function (fn, args) {
var id = args[0]
var cb = args[1]
cb(null, ~masters.indexOf(id) ? {allow: null, deny: null} : null)
})
}
Why is master
plugin needed in scuttlebot
?
@mix asked this question on Github: https://github.com/ssbc/ssb-server/issues/629
plugins/master is always required #629
I don't know what it does, but whenever I'm using other plugins I have to add :
var Server = require('ssb-server') .use(require('ssb-server/plugins/master')) // << non negotiable line .use(require('ssb-gossip'))
When I don't include it I get mystery errors with ssb-client connections where they're like
{ message: 'method:whoami is not in list of allowed methods', name: 'Error', stack: 'Error: method:whoami is not in list of allowed methods\n
The result is I feel stupid.
Many modules suggest this line is not needed. e.g. https://github.com/ssbc/ssb-replicate
I propose we either document this really well, or back this line in so that it is inside ssb-server
and @dominic responded with:
@mixmix that isn't a very good response - if something makes you feel stupid,
you should ask why is it like that, then investigate - then you will feel smart.
and I responded by saying:
hey, I also have this question. and I also feel stupid.
Can we figure out why we need this plugin?
Does anyone on ssb know why the master
plugin is required to run sbot?
The error is from muxrpc
, but why is master
needed to use muxrpc
locally?
It'd be great to get a clear answer to this question so that we can add it to the various scuttlebot documentations.
And now, Twilight Imperium 4
mvd on scuttlebot LTS
In %mvd at 1.16.0 I've made the difficult decision to revert backwards to depending on Scuttlebot 11.4.3 LTS.
The benefit of reverting to scuttlebot 11.4.3 is that I can use the command line scuttlebot flow while mvd
is running. I can also use git-ssb
again, without using a separate scuttlebot instance.
All of this can happen without configuring the incoming/outgoing connections options that haven't worked all that well for me.
mvd is also noticeably faster when depending on this older version of scuttlebot.
I plan on sticking with this version of scuttlebot until there is a new stable version with good documention for the connections layer. Or, a future sbot where the connections layer has been removed.
Did a git update in repo mvd
- revert to scuttlebot@11.4.3 LTS
- add friends to top nav
{ "text": "@punkmonk not much, just raspbian. yah, it was seriously -40 with wind chill. Now it's 40!", "type": "scat_message" }
@cel @kas updating the config in mvd to use this config makes at least git-ssb
work again, so that's good.
{ "text": "or Gracias Madre across the street, if you're more into vegan food", "type": "scat_message" }
{ "text": "@christian how's SF treating you? If you're still there make sure to go to Taquaria Cancun on 19th/Mission", "type": "scat_message" }
{ "text": "we survived, but gb's pmd's micro sd card did not survive. It cracked in half because of the cold. ", "type": "scat_message" }
{ "text": "@punkmunk It was cold, but now it's weirdly warm. ", "type": "scat_message" }
Anyway, let's get mutability done. It'll really improve things. And also open up to a bunch of really interesting applications like CMS's and wiki's. - @rabble
{ "type": "queue", "message": "%qNrgE61G/BxC7Sbfvjwe9jbM9dY/dxivkxK+35SJb7s=.sha256", "queue": true }
todo make it easier to tell which identity is logged into %mvd
, because I keep starring things with @successor's key on accident.
Also make it easy to switch identities in the client quickly, because right now I'm doing a lot of copy-and-paste.
@masukomi Agreed. I'm going to play around with using underline only on hover and try to make the link color noticeable. I'll probably stick with a blue color.
@mixmix Cool. I haven't reviewed ssb-revisions
yet, because last we'd talked @regular said:
ev, I am not planning to use ssb-revisions on the main network anytime soon, it is for my CMS-like clients, so it serves my specific purposes, so I don't feel the urge to standardise... Gitub link to comment
In %mvd I use the existing ssb-query
indexes and I query for messages with type: edit
. So there's no need to generate any additional indexes.
Now is a good time to good to figure out how ssb-revisions
and mutable-messages
are different and then come to a consensus about which schema to use in all of the clients.
In mvd, I'm using the following fields in the edit posts:
{
type: 'edit',
root: <the root of the thread>,
updated: <the previous message that we've applied an edit to (this is the first message if it's never been edited before)>,
branch: <see mix's recommendation: https://github.com/ssbc/ssb-server/issues/506#issuecomment-393851371>,
original: <the first un-edited message>
}
@matt When you're investigating ssb-revisions
would you be able to note the differences so that we can work towards agreeing about which message schema to use in our clients?
I'm fine with adapting my mutable message implementation to use @regular's schema, I just need to know what the schema is so that I can adjust my implementation to use it.
Thanks for working with me on this guys, it'll be great to get mutable messages into Patch{work,bay}
@mixmix @regular @matt Thanks for taking the time to talk about this topic guys, it'd be great to get mutable messages into Patch{work,bay} so that everyone can edit their posts.
It'd be great to standardize the mutable message schema between clients. Let me know if you guys are thinking of using a different schema than what I'm using in %mvd.
@σ ͺσ ―σ ₯σ ΉJoey Hess @Luandro @bobhaugen
Ok, peering @befree in.
Though I think Bob following him was probably enough for him to replicate.
@bobhaugen Do you think I should peer him in, or wait a bit?
It's good to hear that Decent is pretty easy to use, but that's also why I'm trying to be cautious regarding people I don't know very well.
I would like to maintain 11.3 as an LTS release. - @regular
. I'd use this.
@mix These are all very good ideas for onboarding and/or a welcome flow. Syncing one hop is a lot faster, I often find myself syncing one hop on new devices.
Definitely build this and see how it works for new people.
In %decent, I want to work towards a desktop experience with one-hop sync and ssb-ooo
to bring in starred messages.
@Giarc the thread you mentioned was here: %C6ah7br... though I don't think I'm going to do anything with contact list importing myself.
{ "text": "We should all scat more often, but what to scat about?", "type": "scat_message" }
{ "text": "hey Sonata. Thanks for scatting!", "type": "scat_message" }
hey @Luandro, do you know this guy who showed up on my Decent pub? http://decent.evbogue.com/#@j/eCgqDoTsp0SDzPYDNQh486qKYN9qu8Bzaye5foXQU=.ed25519
Decent doesn't replicate people by default -- my pub (or someone else) has to follow him first.
He seems to be involved in the Brazilia mesh-networking scene.
I'd just follow him, but I don't know him and his profile pic makes me a little nervous. We've talked a lot about moderation lately, so that's the only reason why I'm bringing this up.
If anyone else has thoughts, feel free to weigh in on this thread.
This isn't for gossip or replication. It's for user discovery and then bridging them in to the network. User A has an address book of phone numbers, twitter contacts, facebook friends, mastodon friends, tumblr follows, etc... That user wants to know if any of the people they're connected with are also on scuttlebutt. - @rabble
I don't think this would be hard to implement, we'd just need to get in the habit of posting our phone numbers, email addresses, and centralized social media handles.
Maybe use:
type: 'about'
about: '@8Qee0I/DwI5DHSCi3p5fsl6FyLGArrnDz3ox9qZr5Qc=.ed25519'
email: 'ev@evbogue.com`
and
type: 'about'
about: '@8Qee0I/DwI5DHSCi3p5fsl6FyLGArrnDz3ox9qZr5Qc=.ed25519'
github: 'evbogue`
as the post syntax?
Then just use ssb-query
to do a lookup, next compare against your imported contact list.
This could also be done in private too, just send the message as a private message to the pub you trust with the data.
Part will involve verse running some personal pubβs and running some sort of look up service. Ideally adopting a version of what signal does where they do the social graph matching in a secure enclosure. - @rabble
Can you explain more about what you mean by this?
Right now my sbot does a fine job of gossiping with my friends and their friends-friends, I'm not sure why we need a Signal-like "secure-enclosure" to calculate who I'm replicating.
I am still not convinced it is a wise decision to move content off the chain. - @Tim Schumacher
I think it's an interesting experiment, but the security issues should definitely be considered. Maybe this is a different system, such as ephemeral chat bootstrapped off ssb?
I think it's hard to get away from the interpersonal issues that can arise from using a secure append-only log as long as we're using a secure append-only log.
ccing @dangerousbeans and @jolyon -- as I think they're both in Auckland.
I've been puzzling over the idea of building a bridge between patreon and scuttlebutt. So if if you're a patron, then you would be given access to a key to read and interact with the patron only content over ssb. - @rabble
Did you ever follow Sam Lessin's Letter.ly startup back in the day? Here it is on WayBack: http://web.archive.org/web/20111012034831/http://letter.ly/
Basically he used Amazon Payments to charge subscribers monthly, then you sent as many "letters" per month to your subscribers as you wanted via email.
@gb and I used it for awhile to publish letters to our readers. On the inside there was a little dashboard that showed you how much you were making a month.
I spent a year or so building up subscribers, and then published from a beach town in Mexico for a bit at the end of 2011.
One of the challenges I think about here is how to do a paid offering service that isn't tied to a payment processor. How can we facilitate a payment-processor-agnostic way for people to make money from their work on scuttlebutt?
@noffle I've built client-side mute, private block and most recently a "view-as" perspective filter into %mvd.
For deleting feeds, see: prototyping feed deletion by @christianbundy
@Mathias Using multiple identities at the same time would be cool.
I guess the big issue is that ssb is an append-only log, so if you're using ssb on multiple devices you need to make sure that you're not writing a post in the same sequence order as the post you've written on another machine. Otherwise you'll fork your feed, which as you noticed is another problem we haven't solved yet.
Then there's the issue of private messages. Which identity do we send private messages to? Are you uploading all of your private keys to each device so that you can read all of your private messages. Or do you only read private messages on one device?
We could just tag different feeds with a sameAs
alias, and then cosmetically merge these feeds. But then we've introduced the issue of deciding which public key to send private messages to.
There are probably other issues I haven't thought about. It's a challenging issue to solve, considering we've wholely bought into the append-only feed within the ssb world.
I tried the above code and upgrading to the latest sbot, and it wouldn't allow my client to connect. No errors to report, so it's hard to know what is going on.
Has anyone thought about going back to an earlier version of multiserver from before this connections layer was introduced? It seemed to work better to me.
Did a git update in repo decent
- remove slash in url
Did a git update in repo decent
- link "All" in top nav to the everythingStream view
Did a git update in repo decent
- 5.0.2
- tweak styles as I work to make decent beautiful
- make friendstream the default view
- add friends view
Last night I played around with the styles a bit.
First I inverted the colors, so that the background is #f5f5f5
and the posts are white.
^ on the left is the new version, the old version is on the right.
Next I picked a chiller blue than the browser default for the a:links
. On hover the links gray a little.
Since a:visited
isn't all that useful for a social network, I made all link states the same color.
Next I considered removing the underline from links, but I wasn't sure if that was a good move or not.
^ to underline or not to underline?
Thoughts?
@kas yah, I'm still pegged to scuttlebot@13.0.3 because I haven't had time to get the latest scuttlebot(s) to cooperate with me.
I've had some thoughts about forking scuttlebot and slimming it down until it works again.
If it keeps being this cold, I'll probably get bored enough to do it.
Make Decent Beautiful
I noticed recently when recounting ssb history that I said:
IMO the front-end development crew (including me) is still lacking the eye for user interface design that Paul brought to ssb during the early days. Now that there are so many clients being built on ssb, it'd be cool for someone to make a client with a gorgeous user interface. Are there any ux designers in the scuttleverse?
I also mentioned a similar refrain when I spoke at Chicago Node.js last year.
Two things occurred to me this morning:
- Paul's probably not coming back, so why am I waiting around for him to design a beautiful client?
- I'm bored and it's snowing. Why not get back into the design world and make the most beautiful ssb client myself?
Both of these realizations chilled me out, because instead of hoping for something that obviously isn't going to happen, instead I'm putting the burden of designing a beautiful ssb client on myself.
I've been concerned with the code in the lower level ssb stack for so long, I'm nervous about getting back into design. For some reason it seems as if the more lower level programming I do, the less I'm thinking about design.
But now that ssb seems to be mostly done (except websbot and private groups), I think I can step away from the lower level stuff and focus on user experience.
On this thread I intend to keep track of my progress as I attempt to make Decent beautiful.
If you're following around, feel free to clone Decent down and muck around with the style.css
file yourself.
using git-ssb
:
git clone ssb://%Wq/vobdcDedC0FBO2UdowxhPcqokSwtf9Og1mjYvQGE=.sha256
Or Microsoft Github:
git clone https://github.com/evbogue/decent.git
You can also try decent online at http://decent.evbogue.com/
What do you think, what can I do to make Decent beautiful?
Feel free to comment on this thread at any point.
I'm looking for a way to run a multi-user http server for patchwork for my family. What is the best supported way to do this? Patchfoo? MVD? Other? - @Ray
Yes, you could use %mvd or the simpler %decent to do this.
On Microsoft Github: http://github.com/evbogue/mvd http://github.com/evbogue/decent
This is what I'm doing with http://decent.evbogue.com/ , except it's for people who visit my website, as opposed to doing it as a family social network.
I'm happy to support you in getting this working by answering any questions you have during the installation -- just make sure to mention me so I don't miss the message!
@noffle @kas oh yah, I forgot I pushed that. cypherlinks: %AeRH0az... %PlwLK9t...
@SoapDog mutt. I process all of my email on my vps where it's received via Postfix.
It takes a lot of clicking around to see these connections. I wish it was possible to have some sort of realtime, clickable, graphical display of the social graph that would let you explore your connections and also block or follow people. - @kas
Yes, this would be awesome. Or perhaps something similar to the LinkedIn feature where you see "You're connected to this person via this person and ... others"?
I wonder how hard this'd be to pull off with ssb-friends
...
Thanks for unblocking me @noffle!
@kas Thanks for taking the time to keep us informed about the identities sharing this content, as well as their Norwegian-language website advertising ssb.
As far as I can tell, none of the content made it to my end of the scuttleverse -- and I'm syncing at three hops.
This is probably because I wasn't associated with the TickTack pub?
@jer It shouldn't be too hard to make the private message renders go away. In %mvd, you'd comment out this piece of code: https://github.com/evbogue/mvd/blob/master/render.js#L338-L342
I find rendering private messages informative. For example, I can see that Dominic is private messaging a lot more often than he talks in public. But he could be playing a game of private chess, sending himself private notes, or even creating private group threads to test that upcoming feature.
Either way, my client tries and fails to decrypt the messages, and thus I know the messages are not for me.
{ "type": "edit", "branch": "%ZgqLYwnKhLuWBh1seCdNJJOANS6k8EGwMG3zbpS48lE=.sha256", "root": "%YXKKw8TvAopNx9piMTJce9L7VgegQSqOLnz8nP/XXgs=.sha256", "updated": "%ZgqLYwnKhLuWBh1seCdNJJOANS6k8EGwMG3zbpS48lE=.sha256", "original": "%ZgqLYwnKhLuWBh1seCdNJJOANS6k8EGwMG3zbpS48lE=.sha256", "text": "[@Christian Bundy](@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519) [@rabble](@vzoU7/XuBB5B0xueC9NHFr9Q76VvPktD9GUkYgN9lAc=.ed25519)\n\nI went ahead and implemented this in [mvd@1.15.3](%pxFF+cW5Ucri3T+hHQij1hVvZkVWLrXJ/IbeHVmQ+j4=.sha256)\n\nIt's a little clunky, because I was having trouble running the `sbot.friends.get` function inside of `pull.filter`. (Does anyone know how to do this?) Anyway, I'll keep playing with it until I get that clunk worked out.\n\nTo try it out, just navigate to `#friends/<feed-id>` in [%mvd](%NPNNvcnTMZUFZSWl/2Z4XX+YSdqsqOhyPacp+lgpQUw=.sha256).\n\nExample, here's a screenshot of me viewing christian's friends at http://localhost:8989/#friends/@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519\n\n![2019-01-17-150836_1360x701_scrot.png](&jd0z3g+sQVttPPFbVisZFh2rVbzvXuPIhJ/DHRRita0=.sha256)\n\nI think it'd be easy (and cool) to reverse this and get a feed of the people who follow other people. This might help you detect new friends! ", "mentions": [ { "link": "@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519", "name": "Christian Bundy" }, { "link": "@vzoU7/XuBB5B0xueC9NHFr9Q76VvPktD9GUkYgN9lAc=.ed25519", "name": "rabble" }, { "link": "%pxFF+cW5Ucri3T+hHQij1hVvZkVWLrXJ/IbeHVmQ+j4=.sha256", "name": "mvd@1.15.3" }, { "link": "%NPNNvcnTMZUFZSWl/2Z4XX+YSdqsqOhyPacp+lgpQUw=.sha256", "name": "%mvd" }, { "link": "&jd0z3g+sQVttPPFbVisZFh2rVbzvXuPIhJ/DHRRita0=.sha256", "name": "2019-01-17-150836_1360x701_scrot.png" } ] }
I went ahead and implemented this in mvd@1.15.3
It's a little clunky, because I was having trouble running the sbot.friends.get
function inside of pull.filter
. (Does anyone know how to do this?) Anyway, I'll keep playing with it until I get that clunk worked out.
To try it out, just navigate to #friends/<feed-id>
in %mvd.
Example, here a screenshot of me viewing christian's friends at http://localhost:8989/#friends/@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519
I think it'd be easy (and cool) to reverse this and get a feed of the people who follow other people. This might help you detect new friends!
Did a git update in repo mvd
- 1.15.3
- implement basic friendstream
- remove console.logs
@Tim Schumacher I've never seen diez pesos so big! All I know is that it's around 50 cents in USD and will buy you two train rides in D.F.
Right, but what I can't understand is: 8+ hours after having blocked @pub_aran a message, merely 5 minutes old when I saw it, from said β supposedly blocked β pub appeared unexpectedly in my timeline. - @kas
If I recall correctly from the last time I poked around in there, the gossip schedule for pubs doesn't live-reload.
It could be that you needed to reboot your sbot after blocking the pub for the gossip schedule to adjust.
Do you recall if you restarted sbot after blocking the pub and before receiving the message?
If you did, then we might have a different bug.
The feed and blobs up until the time of blocking may still be around, but doesn't blocking somebody also mean that you stop replicating their stuff?
Yes, block does mean you'll stop replicating their future messages. But, I believe in Patchwork it means Patchwork cosmetically hides all of the messages from a user -- even though they're still in your db.
So in the case of our issue today, simply blocking the id won't remove the data from Patchwork ssb dbs. Though it may appear that the data is removed, because the UI hides it.
I'm not sure if this is true or not in Patchfoo.
@kas @alanz @Christian Bundy @bobhaugen
We should also keep in mind that the fact that you can't see blocked feeds in Patchwork (and Patchbay?) is cosmetic. So while a user might feel as if they've deleted the offending feed, it's actually still there, just not displayed.
With the cosmetic moderation approach, I'd be worried about someone thinking they'd removed content, when really it's just an illusion and the content is still in their db.
In %mvd, I'm displaying the feeds that are in my db (even if I've blocked them), so I'm aware of the content that I'm hosting on my system.
For anyone who is very concerned about random content ending up on your machine, consider setting friends: {hops: 1}
in your ssb config. I've done this in %decent, so I only replicate people I follow with my pub at http://decent.evbogue.com/
The downside of this is I haven't quite got ssb-ooo
working, so it's hard to see posts from people I'm not replicating.
@regular Let me know if there's any way we can work together to bring mutable messages and/or ssb-revisions to mainstream clients.
@C-Keen (work) @andrestaltz_phone
I also did not receive this message, and didn't have anything to do with preemptive blocking. I think the spam/abusive feed may have been outside my foaf radius.
I used private block to privately block the two feeds that I saw @kas publically block, so that I won't receive the flagged message(s).
But yes, these moderation tools need to make it into scuttlebot core so that it's not just us power users who are able to moderate our local dbs.
Here's the link to the delete feed instructions and discussion.
Unfortunately this feature hasn't hit scuttlebot core yet. It's still a good thing that @christian bundy coded this up, so at least power users of ssb have the ability to delete feeds.
"Signal is still pretty okay as far as I know, but it's proprietary"
@sam_uk I think what @wraidd might be talking about is the questions around whether or not Signal is a secure chat application. -- as the founder has made the deliberate decision to centralize the app and identify you by your phone number.
There may be code you can look at, but you don't know how the backend code looks on the home Signal server that your app is dialing into.
I'm no expert on Signal, I'm only aware of the speculation around the security model.
Here's a thread from way back where this was discussed: %LlH3gUw...
@SoapDog @kas Thanks for helping the @Successor news room (aka me) understand the Brexit a little better. I realized as I was writing the story that I didn't have anything witty to say about the subject, so I'm glad I asked.
@bobhaugen I'll watch the video in a bit.
@kieran Children of Men is one of my favorite movies of all time. As a side note, I didn't realize until watching Roma a few days ago that Children of Men was directed by a Mexican director (and not say someone from the UK, Europe or the USA). I'd just never looked up Alfonso CuarΓ³n.
@jer This design decision dates back to during the time I was maintaining Patchbay (or before), and the behavior is the same in %mvd, so I think I can answer this question.
The idea with the original Patchbay was to be able to see all of the messages you've posted to the log, whether you can render the messages or not. This might mean that a message falls back to regular json if there's no render for it.
This ends up giving you more of a power-user view of your foaf network.
Another way to look at is that the private messages are written to your log, and thus they are visible to people who view your log. Showing private messages, even if you can't decrypt them, is an accurate depiction of private message security when you're using secure-scuttlebutt
.
We know you sent a private message, we just don't know who you sent to and what you said, unless we're able to decrypt it.
Thanks @mixmix, I published my questions on a new thread.
Here are my questions about scuttle-camp, that I proposed asking here. @mix answered here. He asked me to start a new thread under #scuttle-fest, so here it is.
Questions answered:
who specifically is organizing this event (Verse, Protozoa, Enspiral, etc?)
I'm the main one organising scuttle-camp, and several others are helping a lot and advising. - @mix
is anyone speaking at the event, what talks will they be giving, and will they be recorded for the general public to experience remotely?
We need to put some more energy into the form, but you can see on the website about the programme that it's not going to be talks focused, it's likely going to be a lot of hanging out, and open spaces (participant led workshops, or conversations, maybe some presentations if people want to do that). - @mix
Response: Cool. Since this seems to be a scuttlebutt-focused event, it'd be cool to see some talks come out of it. Maybe that'd be something that could be organized?
where is the event going to happen, is there a link to the event space?
I answered this myself: %BykzaiK...
I have a few questions. To add some context to these questions, I want to say that I'm asking this from the perspective of having been a co-host at events in Brooklyn during the 2000s.
One time we threw an event and it got a little out of hand because someone posted it to My Open Bar and lots of people we didn't know showed up. There were kids skateboarding on cars in front of our building, and someone urinated on my roommate's bedroom door. This was not a fun experience for everyone, so we really considered security and promoting a positive event space after that moment.
I've also worked in a restaurant, and closing down a bar full of party-goers at 2am can also be a challenge.
Events can be a lot of fun, but also when you bring a large group together and someone acts out, it can really spoil the positive experience.
The questions:
- I noticed "BYO alcohol" on the FAQ. Does this mean beer and wine, or are you allowing participants to bring heavier alcohol? Are drugs not allowed by either you or the location?
- I noticed that there will be children attending the event. What steps are being taken to make this event a positive and safe experience for the kids?
- Is there wifi at the event, and is recording and/or posting about the event while it is happening ok?
- Is there a code of conduct for participants at the event? (if you need time to write this up, please take your time)
- Will someone from the event space be present during the event?
- If an issue (non-emergency) happens during the event, who should the participants contact?
- If there is an emergency, who should the participants contact?
Thank you for taking the time to answer these questions. I hope that they'll help participants in the event have a positive, educational, and ultimately fun experience!
ccing @rabble because I understand that Verse is partially sponsoring scuttle-camp/scuttle-fest.
I found an answer to example question 3 by visiting https://one.camp.scuttlebutt.nz/location and discovered that your event is going to be hosted at the http://www.riverslearetreat.co.nz/ Riverslea Retreat center in Otaki, NZ.
I no longer need an answer to that question.
But I have a few more questions, if it's ok if I ask questions about the event.
I've read all of the posts above on this thread, and as a bystander I found myself still having questions in my head about the event you guys are hosting in NZ.
@mix is it alright if I ask a few simple questions about who is hosting this event, what the expectations are for attending, and what events are planned during the event?
Example questions:
- who specifically is organizing this event (Verse, Protozoa, Enspiral, etc?)
- is anyone speaking at the event, what talks will they be giving, and will they be recorded for the general public to experience remotely?
- where is the event going to happen, is there a link to the event space?
If it is ok for me to ask questions about the event, where is the best place for me to ask?
I should clarify that I am not attending this event, I'm only curious as a developer within the ssb ecosystem who is witnessing the event being organized in my stream.
hola, @iulius. Welcome to the scuttleverse!
@bobhaugen Thanks for finding that post. It clears up one error in my recount from above, as Paul pointed out that Dominic was working on secure-scuttlebutt
(now ssb-db
) when he discovered the protocol.
You can see his first commit here: https://github.com/ssbc/ssb-db/commit/d8420a185439587990c8b752780096e3f6373c28
I don't see SSB as having spun off of, or out of, Enspiral. - @cel
I've always seen ssb as developing out of the #madscience #stackvm scene during the 2012/2013s -- when a lot of us were hanging out on IRC (because there wasn't anywhere else to hang out, as there was no distributed social networks.)
Hanging out in #stackvm on IRC was how I first got involved in Node.js programming, after discovering Dominic's original scuttlebutt gossip protocol.
I met Dominic for the first time in Oakland, way back in 2013 when he came to visit us at Johnny and Substack's place. gb and I were subleasing from Johnny (trying to find work in The Valley). Max Ogden was the guy who coordinated us (gb and I) subleasing the room from Johnny --who had decided to travel. We also lived with Luk (RIP) and xhonk at that apartment in Oakland. This was all around the time that Dat got funded, if my memory is correct.
At the time, were talking a lot about dominic's idea to build a cyphernet when he visited Oakland and stayed in Substack's room while he was speaking somewhere. gb and I helped Dominic install Arch Linux on his computer in downtown Oakland, as I was (and still am) an Arch Linux fan and Dominic was game to install it on his Macbook Air.
The way I see it: in 2014 it was a combination of Dominic's db and protocol design skills + Paul's eye for front-end design that initially took ssb from an idea to reality. If you look at the early commits on the project, you'll just see Paul and Dominic hashing it out.
If you type git log
in the scuttlebot repo you can see that Paul starts scuttlebot on October 28th 2014, and Dominic doesn't make his first commit until November 10th 2014. ralphatheninja and Sean Robertson contribute commits during February 2015, Noffle starts coding on the project in April 2015, cel, bret, and myf start contributing code in Jan 2016, then matt started coding on the scuttlebot in November 2016.
A handful of Enspiralers were early users (as was I), but I think we first started working together on early Patchbay during 2016. After Paul ducked out to work on Beaker and Dominic was overwhelmed with work on scuttlebutt core, dominic passed the project off to Mix and I. We all tried to work together for 6 months, and had very productive weekly calls, until my stubborn support for cascading style sheets well... we won't talk anymore about that.
Anyway, my account of how ssb first came into being is probably not quite perfectly correct and subject to others' subjectivity. It's probably best to interview Dominic and Paul about how they started the project.
IMO the front-end development crew (including me) is still lacking the eye for user interface design that Paul brought to ssb during the early days. Now that there are so many clients being built on ssb, it'd be cool for someone to make a client with a gorgeous user interface. Are there any ux designers in the scuttleverse?
cc @bobhaugen
@cel I agree that we should keep newline rendering the same, if possible.
@The Writer of Posts @rabble Yes, you can read Successor on the web here: http://decent.evbogue.com/#@SrgAslJ/+Vgpkp2n01amr0owgJ1t8xckIXBjHSf3r98=.ed25519
As for controlling publicly accessible information, I think that's a lost battle.
This is a gossip network that uses epidemic broadcast trees to distributed secure feeds to hundreds, if not thousands, of different users.
I won't frustrate myself by thinking that we can control who gets access to the scuttleverse.
"You can't stop the signal, Mal" - Mr. Universe
Thanks @mixmix, it's good to have a project to keep me busy.
I've been so bored during the first few days of 2019.
hey @meejah, welcome to the scuttleverse!
Introducing: Successor
I want to take a moment to write a bit about Successor, the secure gossip blog that I launched today.
Successor will cover tech, politics, and gossip in the scuttleverse.
Successor is an idea that's been bouncing around my head for a few years now. I've been so bored into the first few days of 2019, that I finally decided to just go ahead and launch it. I expect the writing to be terrible, the publishing to be sporadic, the spelling to be terrible, and the grammar even worse.
A few years ago, after Gawker Media shut down, I wrote about my brief experience working at Gawker Media during the 2000s.
It took a long time for Gawker to die, as Nick Denton wrote on the last post at Gawker: https://gawker.com/how-things-work-1785604699 But unlike most businesses, Gawker did not die because of neglect or lack of funds. Gawker died because one man wanted to put the old blog out of its' misery. Peter Thiel wanted the blog dead, so he sued it out of existence.
Gawker wasn't the only blogging I've ever done. I started blogging before blogs even existed, migrating from Evan William's Blogspot to Brad Fitzpatrick's Livejournal, to publishing on my own websites using Wordpress and before that MoveableType.
When I was in Journalism school at New York University, I managed to get myself into one of the first blogging classes. There I sat next to Tao Lin with my feet up at the back of the class, and occasionally could be coerced into helping fellow students change their blog template layouts. I probably barely scrapped by in that class with a B, because I was working 28 hours a week at Resnet while trying to finish a degree in Dance and Journalism at the same in three years.
Anyway, this was a long time ago, but I got my job at Gawker because the new managing editor of Gawker came to our class and asked if any of us wanted to intern at Gawker. I raised my hand.
A year or so later I got a job at New York Magazine, mostly because I'd done the Gawker thing. There I was the photo editor who helped launch most of the blogs currently written at http://nymag.com/
Ever since Gawker died, I've missed the unforgiving snark of daily gossip blogs. The tone is sadly missing from today's media, where it seems that every press release is treated with the same reverent tone whether it's about an imaginary wall or a pile of cash at a tech startup that doesn't innovate anymore.
In an effort to keep myself busy, and perhaps a bit entertained, I've finally decided to launch Successor. Because it's a gossip blog distributed over a secure gossip network, I imagine that it'll be harder to squash going into 2020. But I don't know why anyone would want to squash such a poorly written gossip blog anyway.
I aim to write at least once per day, but please forgive me if a miss a day or a story -- I also have a day job.
Your feedback is appreciated: to nudge what we cover in the direction of your dreams, feel free to send me or Successor tips and/or pitches. And yes, please critique my grammar.
I agree with this in theory, and I agree that it is a big deal. But how do you stop people from receiving public messages?
I blocked a whole bunch of people on Google+ once, and it worked like this, but then they'd just log out of Google to see my messages.
I want to help implement this, but I don't understand how you'd stop an old or modified version of ssb from sharing feeds.
From my perspective, this issue would be solved with private groups, because private groups are encrypted and thus not accessible by people who you don't want to share with.
@kas @romuloalves Yah, the worst part of keeping fish is they are such fragile little creatures.
A few years ago--while living in Mexico City--I kept a tank of corydoras, female bettas, and some other miscellaneous fish. The male bettas got to live in parde kino (a wine found in Mexico) bottles within the tank, but didn't get to fight with each other.
Then I got it into my head that I wanted a pack of fancy guppies. They were cheap enough at probably $60 pesos for a bag of 25.
I introduced them via a separate tank, but very few of them made it thirty days. It's hard to get to know guppies personally, but it was still sad every morning to discover how many of them were floating.
{ "type": "queue", "message": "%pBfv3194LyZHqEDYr+ZDoFFVedimVPvIPus3+wczshA=.sha256", "queue": true }
todo get ssb-ooo
working in %decent. This way we can see messages from people outside of the one-hop radius via stars, without replicating their entire feeds.
Did a git update in repo mvd
- 1.15.2
- quick fix because private message edits broke render
Did a git update in repo decent
- rename to decent
- 1.14.2
- style tweaks
- make New Post a button
- quick fix on render
- use latest decent-ws and detect hostname
- remove screenshot
hey @Tyron, welcome to the scuttleverse!
@gb and I received Twilight Imperium for Christmas.
Six years ago gb won Twilight Imperium 3 for the first time, after eleven hours of grueling interplanetary conflict. The next morning we were sent cyberhoboing in Colorado during the middle of winter. Sometimes winning also means losing.
The rest of the next six years is a long story, starting with my discovery of the original scuttlebutt module and ending with the eventual completion of secure-scuttlebutt during the last few months of 2018 by a team of talented international developers.
This marks the beginning of a new era of interplanetary exploration and eventual warfare -- as we figure out how to get six people into the same room for eleven hours.
But this time we're paying our own rent, so no one can kick us out from under the game table when gb captures and holds Mecatol Rex.
Boosting: %19NwJP7...
This explains why the developer i wrote to do not answer any more when i cc him. He probably have ran this script on his system and now anything i write don't arrive him any more. - @undefined
Yes, private block and feed delete has added some plausible deniability as to whether or not your message is being received. It might also be some other reason beyond private block and feed delete though.
But I'm happy to continue to answer questions, feel free to send them my way.
hola @Glenn Dixon. How's the weather in Mexico this winter? I expect warmer than Chicago.
gb and I worked on scuttlebot in Mexico City for 9 months a few years ago.
I have some thoughts about going back, but I'd probably need to figure out how to make money via remote work.
What are you up to in Mexico?
Is this now official part of the Patchwork desktop client? - @undefined
I'll be able to implement this in %mvd when feed delete reaches scuttlebot core. In the meantime it is a script you have to run from your terminal.
You'll have to reach out to the Patchwork team about whether or not they want to support this within Patchwork.
What is exactly been deleted? You wrote "their feed". Does this mean everything what the person write or just the thread they are writing into? What is about threads that have been started by someone else but someone have add something to this thread that other may not like? - @undefined
Feed delete copies your entire flumelog and removes the entire feed associated with a public/private keypair. Next you delete your indexes, and it takes a moment to regenerate them.
If you use this on a public key, you'll remove all of the posts associated with the public key.
You can delete just one message? - @undefined
Feed delete can't remove just one message. I'm actually not sure how you'd do this consider how secure-scuttlebutt works, because you need all of the messages from a feed in order to know if a feed is valid.
Probably the way forward here is to only sync one hop out, and then use ssb-ooo to bring in messages beyond your immediate friend graph.
@rabble is correct that we're working on this issue. To answer your question about illegal material on your own computer, it is now possible to private block an id and then delete their feed -- thanks to @christianbundy.
This means if something does end up your computer that you don't want, you do have the power to delete it. It's just not very easy, yet.
@rabble ssb-pub
vs easy-ssb-pub
isn't the error though. You're running out of memory.
How much memory and/or swap do you have on your vps?
Having a restart loop helps though, I use while true; do npm start; done
for scuttlebot to pop it back up again if it crashes.
{ "type": "edit", "branch": "%2w404XPCch7/B3RnF47DiCbZy/gUcdKP5tvw+qwNo5E=.sha256", "root": "%EfpC2RXYLenSfzkqMVKBfT05J/W90XDqDxMr0Qn5mt0=.sha256", "updated": "%2w404XPCch7/B3RnF47DiCbZy/gUcdKP5tvw+qwNo5E=.sha256", "original": "%2w404XPCch7/B3RnF47DiCbZy/gUcdKP5tvw+qwNo5E=.sha256", "text": "[@Christian Bundy](@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519) hey, sorry for the late reply, I was working nonstop the past two days! \n\nDo you still want to try this?\n\nEdited!", "mentions": [ { "link": "@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519", "name": "Christian Bundy" } ] }
As a matter of fact, I had to edit that message because I forgot to copy the '%' part of the message hash.
The correct link for the mutable messages dev diary is here: %PtxLfew...
{ "type": "edit", "branch": "%DVSBTpCJWO18yeiRJ0uSf3al7R59aW3IfVZqEifiEeM=.sha256", "root": "%UybSnwCKPyu4Tn0FX6NzK1Ly75w7nHvwcfszPIXEkJM=.sha256", "updated": "%DVSBTpCJWO18yeiRJ0uSf3al7R59aW3IfVZqEifiEeM=.sha256", "original": "%DVSBTpCJWO18yeiRJ0uSf3al7R59aW3IfVZqEifiEeM=.sha256", "text": "[@kas](@RuNxm8SRujPcJx6GjtTQHp6hprAFv5voEkcvoAkB8Pk=.ed25519) [@Musickiller's work PC](@YtKbCLteE2BbMG0G6nyAsSYECOpE/Iz6XsNyohOCbic=.ed25519) Yes, we have [mutable messages](%PtxLfewN03z3NJ0b+oBDeigt0z5IWTQIYoKyUB5/8VQ=.sha256) in [%mvd](%NPNNvcnTMZUFZSWl/2Z4XX+YSdqsqOhyPacp+lgpQUw=.sha256)\n\nI decided to copy the entire message into each edit message, and then [do a diff in the front-end](%jUKpv+KlF8qLApmn2eauNcNGZtVLBRCkEDKZpAR+lCU=.sha256) to show you what has changed. \n\nThere's been some talk about creating a mutable message flumeview, but my knowledge of how flume works isn't quite up to spec to implement that yet. \n\nIt'd be cool to get mutable messages into more clients, so we can fix spelling errors and write wikis together. ", "mentions": [ { "link": "@RuNxm8SRujPcJx6GjtTQHp6hprAFv5voEkcvoAkB8Pk=.ed25519", "name": "kas" }, { "link": "@YtKbCLteE2BbMG0G6nyAsSYECOpE/Iz6XsNyohOCbic=.ed25519", "name": "Musickiller's work PC" }, { "link": "%PtxLfewN03z3NJ0b+oBDeigt0z5IWTQIYoKyUB5/8VQ=.sha256", "name": "mutable messages" }, { "link": "%NPNNvcnTMZUFZSWl/2Z4XX+YSdqsqOhyPacp+lgpQUw=.sha256", "name": "%mvd" }, { "link": "%jUKpv+KlF8qLApmn2eauNcNGZtVLBRCkEDKZpAR+lCU=.sha256", "name": "do a diff in the front-end" } ] }
Also be sure to check out @regular's ssb-revisions: %+nviJDP...
@kas @Musickiller's work PC Yes, we have mutable messages in %mvd
I decided to copy the entire message into each edit message, and then do a diff in the front-end to show you what has changed.
There's been some talk about creating a mutable message flumeview, but my knowledge of how flume works isn't quite up to spec to implement that yet.
It'd be cool to get mutable messages into more clients, so we can fix spelling errors and write wikis together.
why is andre's blocking concerning to you @ev ? I mean, the identities in question are all connected to a pub, so they're going to be replicated just fine. Andre's not seeing them doesn't cause anyone else to not see them.... Sure, private block would be nicer under the circumstance, but why is it concerning? - @masukomi
I think I addressed your question in this message:
I think as a representative for this community you should aim to create a welcoming community both for newcomers and for the people who develop using this software.
I think it would have been more polite of him to use private block when blocking a large number of people who are joining after leaving Tumblr, if he was uncomfortable with them for apparently no reason.
But the social dynamics of the network are shifting quickly right now, so I can understand that in time we'll see new communities form as this breaks apart.
I expect there are lots of people blocked who are totally decent non-obnoxious folks who just discuss things that others don't feel like seeing.
Maybe? I think we should be reaching out to new people who join this network, and give them a chance to present themselves before shunning them. But that's me, not everyone has to agree with me.
Ok @PDV, I want to bring this conversation back to what you originally posted: that about messages can be an attack against an ssb user.
4) What possible reason is there for Carol, when looking at Bob's profile, to see an image that Alice chose prominently featured?
@rabble wrote about this briefly in this message
My one question about this, is that we will see tagging as a form of abuse. Just like @Tom Coates got named Mr Capitalism by somebody using a label, you could tag somebodyβs content βshit ideaβ or worse. - @rabble
This is a difficult problem to tackle, because we also use the naming system to prevent people spoofing other people. Example: if someone tries to pretend to be someone, we could collectively name them something different, so that people are less confused by the id that is spoofing.
I think the case of @Tom Coates being named Mr Capitalism,illustrates how this can be used in ssb as an abuse vector. It's not hard to imagine much meaner rhetoric being prominently displayed on a profile.
One solution here is to simply not display alternative names on a profile. This is the way I've gone in %mvd, and I haven't had any problems so far. You can still rename someone, but it's not the first thing you see when you land a profile.
As you've probably also noticed at this point, who blocks you is also prominently featured on profile pages in Patchwork/Bay. This is a separate issue, but I guess you've noticed by now that it is being used by a specific community within this community to collectively shun certain users of the platform.
The solution I took in mvd was to show both blockers and blockees, so that you can see that there are users who block a whole lot of people.
Does anyone have better ideas about how to reduce the attack vector described on this thread?
@andrestaltz You should be able to do a query against a person's feed to find out if the block they leveled against a user is private or public. It should have private: true
in the message metadata if it was decrypted before it was indexed.
hey @andrestaltz_phone,
Since you're still receiving my messages, I want to ask if you'll reconsider blocking me, as well as the other newcomers to the scuttleverse.
You blocked me after agreeing with me that feed delete should be a priority. From my point of view, you have not given me a good reason for why you blocked me.
I do not block you, and as far as I know we do not have outstanding conflicts.
In addition, I want to encourage you to use the private block feature (as it is less political) if there are conversations happening in the scuttleverse that you do not agree with -- or there are large groups of new people that you may consider to be not the kind of people you want to hang around with.
Again, you have the right to block people. But, I think as a representative for this community you should aim to create a welcoming community both for newcomers and for the people who develop using this software.
@Rick w00t!
It was good hanging with you, @gb, @gambolingpangolin, @pcowgill in person -- as well as @cel, @mix, and @dominic via video chat -- last night at Decentralized Software Chicago!
Re: @LVL4qjv...
I just blocked @8Qee0I/... because they critcised someone for blocking someone else. You shouldn't have to justify your own #freelistening Free listening is just as important as free speech. - @KawaiiPunk
Even though we don't formally know each other, I'm sorry to hear that you blocked me @KawaiiPunk. I also believe that people have a right to block each other.
In writing the message about me, you've done exactly the same thing that you blocked me for: you're criticizing me for criticizing someone else.
I wish that you'd taken the time to reach out to me to discuss the issue (either privately or publically) before publicly blocking me and reprimanding me in front of the network.
I think you are referring to my two messages around @andre's recent blocking of a whole bunch of newcomers to ssb. I specifically reached out to two people, who were singled out by more than one ssbc member to be blocked: %pdtIYuJ... and also I asked him to reconsider singling out a large number of people to be blocked only based on their point-of-origin pub: %Sy1361p...
While I agree with you that everyone has the freedom to listen, I also believe that I have the right to be concerned about Andre's behavior.
But I do understand where he's coming from, years ago I blocked a whole bunch of people who were criticizing my work on Google+. It turned out that just because I used the block button these people and their opinions of me did not go away.
In closing, I want to take a moment to reiterate that I am concerned about Andre's behavior. I hope that he takes some time consider what he's doing before he blocks another large group of newcomers without giving them time to get to know the amazing software that we've worked together to create.
I believe we should welcome new people and new opinions to this community, even if sometimes they may be different than our own.
hey @apnerve. Welcome to ssb!
I noticed yesterday that you've both been blocked by @andre, I assume mostly because you asked critical questions about the protocol. He says different, I disagree. This conversation obviously happened right before he blocked you.
I can't apologize for his behavior, but I can say that I am concerned about it.
I am happy to continue this conversation, if you guys want to continue to talk about the subject. From my perspective, you all are just as welcome in this space as anyone else.
These are issues we should all be concerned about, and I hope that we can continue to talk about them.
@andrestaltz re: %Fy6/W0U... and %YuSe6T9... and the swarms of ssb ids your blocking publicly today.
I want to encourage you to use private block and maybe setting your hops to a lower setting, instead of singling out an entire group of people to be blocked.
Many of these people are real human beings, who we do not know, who are experiencing our software for the first time. Let's meet them halfway instead of condemning them in giant swaths.
But you're blocking me, so you won't get this message.
If someone wants, boost this message so Andre can see it.
public blocking solves the case where you want to shun someone to make a point. - @Greg K Nicholson
Having had blocking used to 'shun' me, I disagree with the method. Bullying people off this network because of their views can work in the short term, but I think it ultimately reflects poorly on the reputations of the people doing the bullying.
I do not think that shunning/bullying by people who "wield a high amount of social power" is the best way to police this network. Minority groups receive the most shunning and bullying, and we should design our systems to be an encouraging and safe environment for these people.
I have a high tolerance for different perspectives, so ok with my gossip network set to three hops. However, a simple way to have a safer environment is to set your hops to 1, and then use feed delete to remove unwanted content from your machine. If there is someone still within your hops (I don't know why that'd be, because you're only syncing the people you follow).
Next we'd need to prototype a client that uses ssb-ooo
to bring in messages beyond your hops setting.
We need a way to block a person, such that your friends and future friends can see that you've blocked them, but the blocked person cannot. - @Greg K Nicholson
You can handle this by including your friends as a recp
in your private block message, this will notify them that they could also block that person if they want to. Then they have the choice to either block them, or not. Transitive blocking will basically force your friends to block people, and I think that people have the right to decide who to block themselves.
Instead of weaponizing block, let's choose a peaceful and less political approach.
@dominic illustrated how to privately block people higher up on this thread: %Y6nvUbi...
Thanks for clarifying how this works in Patchwork @Matt McKegg.
@gb and I will be there!
If anyone is in/near Chicago and wants to attend Decentralized Chicago on Monday, the event is here: https://www.meetup.com/Decentralized-Software-Chicago/events/256270103/
@dangerousbeans It's just good to know, because sometimes I'll write on a post that Dominic has posted and no one responds to me even if I have something relevant to say.
I'll probably fork messages from now on, because I do have people who read what I write, and I want them to be able to see what I write.
In regards to what @mathew wrote earlier: I'm of the mind that spam and abuse should be handled by friend-of-a-friend replication, private blocks, and deleting feeds.
You shouldn't have hidden data from someone you don't want to hear from on your computer.
@dangerousbeans Well, I'm in mvd
. I'd have to download Patchwork to test, I haven't used Patchwork in a long time.
@erde74 I'm also seeing this, a lot. There's an open issue on Microsoft Github: https://github.com/ssbc/scuttlebot/issues/581
@dangerousbeans This is good to know, as it influences how I talk about issues relevant to secure-scuttlebutt.
Does it also hide the thread on a person's feed, or just on the thread?
@Matt McKegg Yes! I'm a yes for lessbot
.
Unfortunately, no current clients implement private block yet. - @dominic
I've just pushed a private block button to %mvd, so it is now easy to privately block and unblock people in the client that I maintain.
A screenshot of a profile that I am blocking (and I've deleted the feed):
And a screenshot of a profile that I'm not blocking:
Now that you mention it, transitive blocking could actually be very easy to implement - currently a follow is worth 1, and a block is worth -1, but positive beats the equal negative. but if blocking was worth -0.9 blocking would win. You'd need to rebuild indexes, but there is a single line that needs to change (get the block weight from config instead of hardcoding -1) - @dominic
I think we should be cautious about implementing transitive blocking, aka ssb-shadowban
. I believe ssb-shadowban
could be used by powerful people to silence people less powerful than themselves.
If this was implemented in ssb, I'd fork.
Transitive blocking could just as easily be used against minority groups as it would be against spammers. If it's easy to implement, let's be careful here and make the right (and good) choice.
I'm okay with deliberate subscribed blocking, but I probably wouldn't participate in it.
"A lot of people are used to being consumers, so they expect βsomeone elseβ to do this work for them." - @Greg K Nicholson
I just don't believe this 'unsavvy' group of people exists. I do believe that everyone has the right to decide for themselves what to read.
I'd be interested in hearing more opinions from people who are active in the ssb community, what do y'all think about this issue?
Now that Private block is implemented in mvd
, I hope that it can be ported quickly into Patchbay/Work so that people who use these clients can use the button.
The code is here: https://github.com/evbogue/mvd/blob/master/tools.js#L206-L253
I'll be working towards getting delete feed into my client asap as well, as I believe we all have the right to delete other people's content from our computers.
Did a git update in repo mvd
- add private block button
- 1.15.1
- use ssb-query to get private stream
Maybe our brain works differently? unfortunately I can't try your brain on and feel what it's like to read your code with your brain.
I'm trying to find a way out that we can all find tolerable. This is still a project we are more or less working on for our own reasons. Having to not just get the code working correctly, but also please a computer program that has opinions about whitespace, that I don't even agree with, that make it harder for me to read, kinda kills my motivation. why do we need to adopt this corporate consistency policy?" - Dominic Tarr
I think blob pruning may be important as well, that way we delete the feed and all of the blobs they brought with them. - @Christian Bundy
One easy solution is to delete your entire blobs folder, and regenerate from scratch. But then you have to request all of your blobs again, which could lead to more bandwidth usage.
With a little work we could search the offending feed while we're deleting it, return all of the blobs that are mentioned, and then write a program to delete those specific blobs.
curiosity made me click on the link to the spammy 'infamous worm which blows up pubs' and suddenly I've got a whole lot more messages... - @cameralibre
Uh oh, time to break out feed delete!
Allegedly, G+ will shut down in April 2019: https://www.theverge.com/2018/12/10/18134541/google-plus-privacy-api-data-leak-developers - @kas
Indeed, that's sooner than I last read.
@andrestaltz I was also in a band, a long time ago. We called ourselves Propaganda. After Zoe and I left the band, they changed the band name to Still Not Sexy. And it turns out their Tripod website is still up: http://stillnotsexymusic.tripod.com/
But yah, we broke up because we were always fighting about how loud Evan's AMP was during shows.
"Just turn it down, no one can hear me!"_- Everett
Sometimes I think it'd be fun to get the old band back together and do a Propaganda reunion tour, now that I'm back in Chicago.
Looks like the Google+ data got breached again. - @Rick
My understanding is this breach was an open API that 'might' have let someone view private messages on Google+.
It's similar to leaving the backdoor open, getting home, and then locking it again. While you were gone, maybe someone came in, maybe someone didn't? Anyway, sloppy coding whether purposeful or not.
Regardless, only 10 months until Google+ shuts down to the public. This is the end of a long, expensive, and ultimately doomed social network.
I was a huge fan of Google+ in the beginning (2011). At the time I thought there was no way Google could do wrong! Only a year later I was deleting my Google account because I'd been shadowbanned on the service for saying "Bitcoin" (I couldn't see my messages in other clients when I used the word.)
But, I wouldn't have discovered @dominic's original scuttlebutt gossip protocol in 2012, if Google+ hadn't failed so hard. I wouldn't have worked on various ssb projects for the past (almost) three years, if Google+ hadn't failed so hard.
I think it's worth appreciating the effort Google put into +, and mourn how poorly the whole thing was developed. Google could have done good, but instead they just have an expensive and failed project.
In other news, that was largely overlooked while Sundar Pachai was in front of congress yesterday...
Verizon just marked down the value of Oath to only 200 million, and is laying off around 10,000 tech workers.
So... AOL, Engaget, HuffingtonPost, MapQuest, TechCrunch, Tumblr and Yahoo! are now collectively worth 200 million. If that's not the end of an era, I don't know what is.
re: %9sjGtq+... | @Christian Bundy
I finally have a day off work, so I watched Mix's flume-intro
this morning. I must have missed the video when it came out in January, but I must have been busy getting set up in the Chicago area.
First response: I get it! I'm using flume all of the time without even knowing it when I pull ssb-query indexes into the browser.
I also grokked many of the other subjects Mix talked about in the video -- such as pull streams, muxrpc manifests, and how to set up a dedicated sbot.
Where I wish he'd gone deeper was how to create your own flume views. It's a more advanced topic, but found myself wishing he'd gone more into that. Are there any more resources available about creating your own flume views?
Maybe opening ssb-query
and flumeview-reduce
and paging through some code is the best approach here?
Are flumeviews just mini flumes in a folder based off a master flume?
I also see the point of why Dominic invented flume in the first place: to make it easy to get flumes into the browser. I wonder what next steps in the browser direction might be?
I want to publically thank @Christian Bundy for making it possible to delete feeds from your flumedb.
This is a huge step in the right direction for scuttlebot, and it's awesome that he figured out how to make this feature work.
This closes in outstanding issue with scuttlebot that's been open for two+ years!
This code opens the door for more people to use ssb, as there's now a simple way to clean up data that we don't want on our computers.
@Christian Bundy I tested delete-views
and it works!
so I'd be happy to hear/receive any suggestions/PRs on how to improve it.
I made a quick PR before work this morning: https://github.com/fraction/flumedb-delete/pull/2 -- it accepts a valid ssb feed id as an argument.
Let me know what you think!
Everyone knows cellphones are used to track people in real time, but sometimes it's comforting to have this subject covered by the mainstream news.
Your Apps Know Where You Were Last Night, and Theyβre Not Keeping It Secret [Nytimes]
Could you run ls ~/.ssb/flume/ and see what's in there? - @Christian Bundy
I ran
ls ~/.ssb/flume/ | grep -v offset | xargs rm -rf
and for some reason these files are still in the dir:
backlinks-8Qee0I_Dw clock contacts2.json feed keys.ht last.json links links2 log.offset query search time
So I guess the bash script didn't work?
@Christian Bundy Works!
I manually cleaned out my flume indexes, removing everything but offset.log
.
I also private blocked the test id, to make sure I don't sync it again.
@Christian Bundy ok, let me try this again and make sure that only log.offset is present in the folder.
{ "type": "edit", "branch": "%R2GJkQHfcbBwHAalDNZPtRf3jZ9exLHFqJxg7moIst8=.sha256", "root": "%6wBVeuucxVQiaHaeEJHfXGd7WeDs0efbTfaGEAMNmPk=.sha256", "updated": "%R2GJkQHfcbBwHAalDNZPtRf3jZ9exLHFqJxg7moIst8=.sha256", "original": "%R2GJkQHfcbBwHAalDNZPtRf3jZ9exLHFqJxg7moIst8=.sha256", "text": "[@Christian Bundy](@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519) This is awesome.\n\nI tried this by first copying my db to a backup location using `cp -r .ssb .ssbbackup`\n\nThen I cloned down the latest version of `flumedb-delete`.\n\nI ran flumedb-delete by typing `node ssb.js`, since that seemed to delete the example feed. It iterated over the database, displaying message json as it was deleting the messages from the flume. \n\nThe program finished, and then I ran the shell script to delete my indexes. \n\nHowever, when I started ssb again, I got this repeated error in my console: \n\n```\nError: view stream error\n at /home/ev/mvd/node_modules/flumedb/index.js:139:35\n at /home/ev/mvd/node_modules/pull-write/index.js:72:17\n at next (/home/ev/mvd/node_modules/pull-stream/throughs/async-map.js:12:26)\n at /home/ev/mvd/node_modules/pull-looper/index.js:6:5\n at /home/ev/mvd/node_modules/pull-looper/node_modules/looper/index.js:11:9\n at /home/ev/mvd/node_modules/pull-looper/index.js:11:5\n at /home/ev/mvd/node_modules/pull-looper/index.js:6:5\n at /home/ev/mvd/node_modules/pull-looper/node_modules/looper/index.js:11:9\n at /home/ev/mvd/node_modules/pull-looper/index.js:11:5\n Error: database closed while index was building\n at /home/ev/mvd/node_modules/flumeview-level/index.js:71:32\n at flush (/home/ev/mvd/node_modules/pull-write/index.js:49:7)\n at /home/ev/mvd/node_modules/pull-write/index.js:37:33\n at /home/ev/mvd/node_modules/pull-write/index.js:41:13\n at /home/ev/mvd/node_modules/pull-stream/throughs/async-map.js:39:20\n at mapper (/home/ev/mvd/node_modules/flumedb/index.js:61:13)\n at Array.unboxerMap (/home/ev/mvd/node_modules/secure-scuttlebutt/minimal.js:89:35)\n at chainMaps (/home/ev/mvd/node_modules/secure-scuttlebutt/minimal.js:94:14)\n at asyncMap (/home/ev/mvd/node_modules/flumedb/index.js:57:9)\n at /home/ev/mvd/node_modules/pull-stream/throughs/async-map.js:32:13\n```\n\nAnd the indexes appear to never regenerate. \n\nHave you seen this error happen while you were writing this code?", "mentions": [ { "link": "@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519", "name": "Christian Bundy" } ] }
@Christian Bundy This is awesome.
I tried this by first copying my db to a backup location using cp -r .ssb .ssbbackup
Then I cloned down version of flumedb-delete
.
I ran flumedb-delete by typing node ssb.js
, since that seemed to delete the example feed. It iterated over the database, displaying message json as it was deleting the messages from the flume.
The program finished, and then I ran the shell script to delete my indexes.
However, when I started ssb again, I got this repeated error in my console:
Error: view stream error
at /home/ev/mvd/node_modules/flumedb/index.js:139:35
at /home/ev/mvd/node_modules/pull-write/index.js:72:17
at next (/home/ev/mvd/node_modules/pull-stream/throughs/async-map.js:12:26)
at /home/ev/mvd/node_modules/pull-looper/index.js:6:5
at /home/ev/mvd/node_modules/pull-looper/node_modules/looper/index.js:11:9
at /home/ev/mvd/node_modules/pull-looper/index.js:11:5
at /home/ev/mvd/node_modules/pull-looper/index.js:6:5
at /home/ev/mvd/node_modules/pull-looper/node_modules/looper/index.js:11:9
at /home/ev/mvd/node_modules/pull-looper/index.js:11:5
Error: database closed while index was building
at /home/ev/mvd/node_modules/flumeview-level/index.js:71:32
at flush (/home/ev/mvd/node_modules/pull-write/index.js:49:7)
at /home/ev/mvd/node_modules/pull-write/index.js:37:33
at /home/ev/mvd/node_modules/pull-write/index.js:41:13
at /home/ev/mvd/node_modules/pull-stream/throughs/async-map.js:39:20
at mapper (/home/ev/mvd/node_modules/flumedb/index.js:61:13)
at Array.unboxerMap (/home/ev/mvd/node_modules/secure-scuttlebutt/minimal.js:89:35)
at chainMaps (/home/ev/mvd/node_modules/secure-scuttlebutt/minimal.js:94:14)
at asyncMap (/home/ev/mvd/node_modules/flumedb/index.js:57:9)
at /home/ev/mvd/node_modules/pull-stream/throughs/async-map.js:32:13
And the indexes appear to never regenerate.
Have you seen this error happen while you were writing this code?
I'm reading the libsodium documentation for the first time.
I also downloaded the pdf, to read while I'm offline: https://libsodium.gitbook.io/doc/#offline-documentation
Boosting: %hfmuvWe...
Yeah, it would be really useful to be able to mute just one person in just one thread, or an entire thread, in addition to muting a person outright.
Ideally I think these options should be private by default, with an option to broadcast the action (which means the message is published unencrypted), and an optional text field for notes (whether or not you broadcast the action).
A blocking UI that allows for more nuance and more thoughtfulness can only make the social interactions more nuanced and more thoughtful! - @Greg K Nicholson
Agreed. This is why we have the mute button in mvd
: %b04s061...
@dan hassan ok, give me a shout when you've got available time! The holidays are a busy time for everyone.
@dan hassan I'm working 2pm - 6pm CST on Saturday. That'd be Sunday morning in Australia right? Maybe the best thing to do would be the hour before work or the hour after work. 1pm CST or 6pm CST.
I don't have wifi at home, so I gotta head into the mall or a local coffee shop (McD, Starbucks) for the Podcast. I think sound quality would be best at the mall.
Are you using mumble?
Yes, but to be clear, %mvd does not run scuttlebot in your browser. It only runs a front-end client that communicates with a scuttlebot over websockets in your browser.
For a full scuttlebot in your browser, I'll refer you to the discussion about the holygrail of distributed awesomeness: websbot.
@dan hassan When do you want to record the podcast? I'm available Sunday here in the US, and probably can negotiate my schedule on Saturday (I'm only working 4 hours).
I think it'd be cool to record before the Decentralize Chicago event on the 17th.
@rabble The issue with Tumblr is not that it's banning content, it's that it's been sold to Oath and no longer has the money it needs to fight spam and abuse as a centralized organization.
All centralized blogging/social networking platforms eventually die to spam once they don't have the money to pay content moderators. Livejournal died this way, Medium will die this way.
My hope with ssb is that by using an foaf replication strategy, we can all fight spam and abuse via our own friend graphs.
This is relevant: @dominic answers 'why do we use leveldb with flume?' six months ago: %EysSEPK...
For anyone who's wondering why we have two dbs within ssb-db
, this is useful information.
I figured I'd bump this post as @regular @christian and I have been discussing message schema for mutable messages on Microsoft Github: https://github.com/ssbc/scuttlebot/issues/506
...as this thread is mentioned on the Github issue.
Yesterday warmed up in Chicago temporarily, so @gb and I decided to venture into the city and wander down an abandoned rail track on the way to get some boot polish.
After obtaining boot polish, we headed back to Rosemont for an overnight floor set. As one of our co-workers made note: "the grind don't stop."
@dan hassan I'm totally up to attend an episode of #the-local-gossip. When is a good time to record?
We gotta get the mute button ported to every client.
Just to be super explicit, I'd really like to collaborate on the technical stuff everyone agrees on rather than spending any time trying to resolve interpersonal conflict(s). I'm really excited to work on feed deletion and a full node working in the browser, but I really want to avoid any role as a mediator or go-between or anything like that, you know? It's totally possible that we're already on the same page on this, I just wanted to outline where my boundaries are so you have a feel for where I'm coming from. - @Christian Bundy
Heard.
Sweet, it was super helpful for me so I hope you have a similar experience. I've also started a repo with my current progress on deleting feeds from flumedb -- it's not very clean, but maybe we can iterate on it!
Got it. I've cloned it down, and I'll take a look at the code after work today.
I'm over in Portland (PST) and weekdays between 07:00 and 15:00 work best for me, but I'm happy to do something later or on the weekends depending on when you're available. Do you have Signal, or some other chat app you like?
I'm on scat
via mvd
as my favorite chat app. I don't use Signal. I haven't had a phone since 2012, so probably the best way to chat is on here. I do check my email (ev@evbogue.com) and drop into IRC on occasion.
Can WebRTC work? I trend towards using talky.io for video/audio calls.
Maybe early next week? Let me check my schedule when I get done with my launch and see when I'm working next week.
I'll also be at Decentralized Chicago on December 17th, and I think they're going to be doing a video call. Maybe you can attend?
@dinosaur I'm sorry to hear that you've blocked me again Michael, but I do not agree with your reasons for blocking me.
If there is something you disagree with me about, I'd prefer that you raise the issue with me instead of condemning me outright as a person.
You also have your own differing opinions, which are as equally valid as mine.
Thanks for this -- I can't think of any specific insults so I should've reconsidered the words I used. Sorry about that. - @Christian Bundy
I don't think we're in a place where there are sides, and I'd really like to continue that. I think friction is going to be inevitable but I'm personally convinced that we can avoid slipping into either conflict or isolation. - @Christian Bundy
Yes to not taking sides. I'd prefer that everyone disagree with me when I'm wrong and agree with me when I'm right.
A little friction is inevitable during open source development, we're not always going to make the same choices all of the time. I want to work towards a simple, stable scuttlebot (or ssb-server) core that we can all depend on. I think once this is done, it'll be less important for all of the ssb contributors to be speak all of the time.
But you're right to bring up isolation. I've felt personally hurt and even condemned by being blocked by all of these ssb developers and kicked out of the ssbc. I've worked on ssb for three years in February! I've been reading @dominic's code since the original scuttlebutt, so it's kind of weird to not be able to communicate with him.
I blocked a whole bunch of people on Google+ for critiquing my work, so I can imagine what it's like to be on the blocker side of things. It turns out when you block people, they are still out there in the world, and they still have opinions about things.
Maybe this isn't the right place to bring it up, but this is a random thread so whatever: it'd be cool if I could get back into the ssbc, at least until feed delete is done, if not until websbot is done. After all, it is an organization with no formal structure and no leader, no one had the authority to kick me out.
We could fall back on the authority Microsoft Github here. But in the long term, isn't that undermining what we're trying to accomplish with ssb?
Regardless, I think that all of the arguing has made it clear to me that ssb works. It is censorship-resistant, and that's cool. If it wasn't working, I'd be squashed!
Would you be interested in doing a call sometime? I still have a lot to learn but I think it might be useful for us to compare notes and see if we can gain any insights. Admittedly most of my intuition about flume is from Mix's
flume-intro
repo and video (highly recommend) but I'm a little bit familiar with some of the Flume source too. We could also just do async text discussion if you'd prefer, just let me know. Maybe others would be interested in this as well? - @Christian Bundy
Thanks for bringing up @mix's flume-intro
, I didn't realize that he'd written this, as no one's ever pointed me to it before. I've cloned it down, and I'll give the code examples a walk through after work today.
I don't personally consider myself to be very strong at database programming, so it's helpful to have documentation.
I'm def down to have a call. When is a good time for you?
Thanks for unblocking me @dan hassan, that's cool. Maybe by talking it would we can get closer to understanding where we're both coming from on issues, both technical and personal.
This is an example case where organizational structures can be overcome in the real world. We should think about how to solve this problem. - @lzlr
Would you be willing to elaborate on this? I'm not sure I quite get what you're saying yet. Fork the thread if necessary, since this thread seems to be focused on the hn article.
There are lots of corner cases to handle (things that need to be hidden after the block).- @andrestaltz
My plan in mvd is to implement one button that private blocks a feed id and then deletes their feed, all at the push of one button.
I think this would be the least confusing user interface for people who are syncing feeds to their machine, as it would mean they can also trust that the feed is not still on their computer.
Thank you @dan hassan, I didn't expect you to unblock me, and it's cool that you did.
I want to add one thing to this post, since it originated when I brought up feed deletion in relation to the backdoor in event-stream post.
I accept Dominic Tarr's statement on what happened with the module.
I appreciate that he eventually worked towards fixing this problem, and that he's taking steps to make sure that it doesn't happen again.
I was working as a dishwasher in a resturant, and I made the mistake of being too competent, and I got promoted to cook. This was only a 50 cents an hour pay rise, but massively more responsibility. It didn't really feel worth it. Writing a popular module like this is like that times a million, and the pay rise is zero. - @dominic
Having personally worked in a restaurant recently (as a runner and server), and now back-of-house retail, I understand how challenging it can be to get promoted (intentionally or not) out of your comfort zone.
ssb has gone farther than any of us probably imagined, and it might even go farther. With that popularity comes an added pressure that we're all adjusting to.
I realize that Dominic was unintentionally thrown into the spotlight over the last few days because of a module that he no longer wanted to maintain. No one wants to be thrown into that situation, and I hope that he's doing well under the pressure.
I hope that we can work together to make sure that the ssb community is never thrown into this situation because of unintentional, or intentional, exploitation.
Let's get feed delete implemented, and then we'll all be in a better place to defend our personal computers and pubs from abuse and malicious activity.
@ev I hope you don't mind the unsolicited advice, - @Christian Bundy
I never mind unsolicited advice.
but if your real interest is finding a way to delete feeds from your database then I'd recommend making a thread(/dev diary?) about that topic without the beef. You aren't alone in wanting this feature, but feature requests full of baggage and insults aren't likely to receive much positive attention.
I believe you are referencing these two posts: %FzBqBGm... and %MEE6w3S...
If you re-read these posts, I think you will see that I did not insult anyone. If you go up farther on this thread, you will see that @cryptx referred to my issue as "is the same kind of entitled bullshit that was piled on in the github thread, right? even worse nowadays you just bark up a thread when ever you see fit."
Henri insulted my reference to an issue that I believe needs to be fixed. A simple "hey ev, cool it" would have worked, instead he used my bringing up the issue as a reason to attack my character -- again.
The beef reference above was brought on this thread by @dan hassan who is a stranger to me, but has blocked me twice. I do know that he works on a project called Dark Crystal, that I do not use. I did not reference beef, Dan Hassan referenced beef.
I also did not start the beef thread was started by @mix in an effort to "beef with me" because I agreed with johnny that the grants weren't being handled well.
The grants process was handed off to Mix, and he was the sole distributor of most of the funds. Then the grants were then passed off to Andre, who recently agreed with me and then blocked me during the same day.
It's tempting to agree with these guys because they are in power on this network, but please consider the long term effects of siding with them.
If I have written anything to insult anyone, please reference the language that I used. I don't think I've ever used insulting language at any point. Even during the mcss/css debate, it was the other devs who swore at me, not the other way around.
I'm confused as to why the blame is continually being shifted towards me, as I have never written anything insulting.
I'd be interested in hearing what you've tried so far, specifically:
- techniques
- the "zero out" method with flumelog-offset
- the "filtered pipe" method that I illustrated here
- blockers
- which parts are confusing?
- what needs better documentation?
- who (other than those who have blocked you) are you asking for help from?
- code: push your attempt(s)!
- absolutely zero references to any of this beef
This is a good idea. I wish that I had any idea how Flume worked, and I had time to work on it. I'm very familiar with the front-end ssb stack, having built an ssb client myself, however the database stack within secure-scuttlebutt has challenged me. I think it'd be good to look at the database stack and make it more clear for everyone. The more clear ssb code is, the easier it will be for everyone to work with it.
Thank you for taking the time to learn more about Flume. I hope that your solution to remove delete feeds works and can be merged, so this issue can be solved.
Dominic doesn't want to be the only person who intimately understands FlumeDB, but I think we should solve that by learning rather than trying to pressure him into writing the features/docs/etc that you want. I understand that it would be easier to have him do it, but since you've lost that opportunity I'd recommend that you focus on solving the technical problem rather than rehashing your beef.
I'm hesitant to let Dominic off the hook here. ssb is his project, and he has a lot of power over it's direct. Even though Dominic blocks me, I still respect his authority and the work he's put into this project a lot.
@dan hassan You block me, how are you reminded of a thread when you cannot read my response?
You should keep in mind that Power Beef thread was not started by me, it was started by @Mix because I said that @johnny was correct that the grants process was poorly handled. I continue to believe that the Dfinity grants process was poorly handled, and discriminated against Johnny and gb's grants on the basis that they are both minorities, and that gb is a woman.
There would have been no harm to give them both the grants to these people and then supported their work on the project. Instead you and your gang have continued to malign and attack these people, and me for months.
What I did say, and meant to communicate in a clear and precise way is that the word "Beef" in New Yorker English is much more harsh than you guys may have perceived.
But as your blockade may have increasingly shown, you guys appear as serious as Biggie Smalls when you say the beef word.
This is a software project, it's not life and death. If criticism is actively discouraged and attacked within this community, it will become a small community of close friends who all agree with each other about everything.
@rabble I didn't read the error before I responded. What christian said is the correct way to solve the error.
npm rebuild
or npm install
should fix it,
but sometimes I find I need to do:
rm -rf node_modules
npm install
It's because leveldown was compiled against a different version of Node.js than the one you're using right now.
@MK's Manyverse Yah, a filter to show only the people you follow in a feed would be cool.
I seem to remember Patchwork already does that, does anyone know where to find that code?
@rabble I also had this problem, there was some sort of timeout regarding a file that leveldown needed to download? It can also show up if you're missing python2.
I ended up switching to the LTS version of Node.js.
It'd be good to take some time to look at the database situation and try to make it as simple as possible.
Node-gyp is one of Ryan Dahl's regret's: https://youtu.be/M3BM9TB-8yA?t=6m59s so hopefully this'll get worked out in #deno
{ "type": "queue", "message": "%4Nic1xv6nP6gfTJzCkRaBrUYfUIcw+4ulyyC0j9AtlI=.sha256", "queue": true }
todo add message root and branch hashes to vote messages in %mvd
It would be nice to be able to privately mute (or at least turn down the volume of) somebody's feed. Blocking is public and extreme... - @Rob's Laptop
Exactly. This is why I implemented client-side mute in %mvd. I use this on occasion, usually when I'm overwhelmed with someone's intensive posting schedule.
It's just a localStorage boolean that turns all of their messages into mute messages if they're muted:
Render mute messages: https://github.com/evbogue/mvd/blob/master/render.js#L28-L32
Mute button: https://github.com/evbogue/mvd/blob/master/tools.js#L275-L302
Mute is way less political than block, because no one is aware that I did it. We still need a private block and feed delete button for actual spam and abuse, but mute is just fine for real human people.
I am not muting anyone at the present moment.
Ryan Dahl gave a new talk on #deno : https://www.youtube.com/watch?v=FlTG0UXRAkE
I haven't had a chance to watch this yet, but I'll watch it later today and post notes here.
I've never run a pub. What's involved in the work in terms of keeping a handle on abuse / spam? - @rabble
I've run a pub for almost three years, and so far haven't had any abuse that I know of. I think of the people of the scuttleverse as being fairly lucky in that we've only had to deal with political differences so far during the three years of development on this project.
However, there is no real way to handle abuse other than blocking a feed and then deleting your db and resyncing from scratch.
I did this recently with http://decent.evbogue.com/ with only 1 hop enabled, and I was a little troubled to discover the pub still seems to replicate feeds that my pub does not follow.
Decent pubs, while technically 'open', do not replicate feeds until the pub itself follows them. This might keep anonymous random actors contained on my pub if someone tried this, hopefully no one does because I'd have no way of deleting their feeds.
If there are additional ways to handle spam and abuse, it'd be great to be made aware of them.
Since there's no way to delete feeds we all have to trust each other, and up to three hops out at that. What happens when that trust breaks down?
First of all: How is ignoring a known vulnerability not ill intentions?
Good point, if you're willing to call it ill intentions than I can agree with you. I think we have no real way to defend the scuttleverse unless we have feed delete, and blocking me because I say that won't help us get closer to that goal.
You keep spewing that toxicity that like it's obvious but very calm people tried chew it out with you for month: %FKm5Kz1... - I'm sad to see that we are still cought in
goto 1
on this.Andre also made it very clear that he didn't block you for the points you raise but because your style of communication is intollarable.
Again, in the thread I linked to: %liNAPna... - HSTS supercookies are a total orthogonal issue to what I wanted to explain to you.
I'm not using https because I do not support https as a protocol, because I don't believe it to be secure. To support https is to support insecurity. We should be developing secure web protocols that don't depend on centralized authorities such as Letsencrypt and other certificate authorities.
This issue has nothing to do with being able to delete feeds, but you brought it up so I responded to you. Why are you going in circles here with me?
but that's what you chose do... just evade and keep talking and fighting even though everybody signaled that they rather resign and leave the table then keep going in circles.-@cryptix
Andre agreed with me, and then blocked me. Something about that doesn't seem right to me. This is weirdly similar to Dominic asking everyone to depend on his modules, and then taking very little responsibility when one of his modules becomes an attack vector on a codebase.
@andrestaltz It might be interesting to do a view where the colour is based on the last message received, to identify dead or abandoned accounts.-@alanz
I'm also interested in seeing this graphic based on active accounts, since most of these dots aren't active public keys anymore.
{ "type": "edit", "branch": "%uCiBgr5IM0gF38sa7hka9t95J4Iyw53KCKz7NSFzGxM=.sha256", "root": "%9dFsv59km06sZyd0BFSMI50TjHImkY41eEdl+zJgYtM=.sha256", "updated": "%uCiBgr5IM0gF38sa7hka9t95J4Iyw53KCKz7NSFzGxM=.sha256", "original": "%uCiBgr5IM0gF38sa7hka9t95J4Iyw53KCKz7NSFzGxM=.sha256", "text": "[@andrestaltz](@QlCTpvY7p9ty2yOFrv1WU1AE88aoQc4Y7wYal7PFc+w=.ed25519) I appreciate that you've [taken my side on urging dominic to implement a way to delete feeds](%L8FaSygmLtMEqDA0X/w3V4ilvYlGKGmwglm/jcN6r8M=.sha256).\n\nI don't appreciate that you've blocked me for continuing to bring up a vulnerability with the system that we're using and have been coding on for years.\n\nI realize that your popularity may be on the line here, but I'm right and you are right that feed delete needs to happen now. \n\nYour dehumanization of me, quote \"this person\", for continuing to bring up vulnerabilities in this system is scary and troubling to me. ", "mentions": [ { "link": "@QlCTpvY7p9ty2yOFrv1WU1AE88aoQc4Y7wYal7PFc+w=.ed25519", "name": "andrestaltz" }, { "link": "%L8FaSygmLtMEqDA0X/w3V4ilvYlGKGmwglm/jcN6r8M=.sha256", "name": "taken my side on urging dominic to implement a way to delete feeds" } ] }
@andrestaltz I appreciate that you've taken my side on urging dominic to implement a way to delete feeds.
I don't appreciate that you've blocked me for continuing to bring up a vulnerability with the system that we're using and have been coding on for years.
I realize that your popularity may be on the line here, but I'm right and you are right that feed delete needs to happen now.
You're dehumanization of me, quote "this person", for continuing to bring up vulnerabilities in this system is scary and troubling to me.
@ev: you know that %FzBqBGm... is the same kind of entitled bullshit that was piled on in the github thread, right? even worse nowadays you just bark up a thread when ever you see fit. Feed deletion has nothing to do with the event-stream mess.
Look, I was polite when I brought this up, there's no reason to be impolite to me. There is nothing entitled or bullshit about the fact that we are still unable to delete feeds from our local dbs after 2+ years of ssb.
Even worse you claim dominic has ill intentions. He clearly outlined what needs to be done and how it can be done ITT. Butt as always you choose not only not to listen but to spin stuff into a turd that fits your story of being the lone wolf. There is no secret here. It's all spelled out in the open.
I didn't say that dominic has ill intentions, I said that he has ignored a known vulnerability in ssb for 5 months, as you just pointed out. Dominic should fix the vulnerability instead of passing the buck off to the community, as he invented FlumeDB and he claims to know how to fix the vulnerability.
You're trying to cast me a lone wolf here, but keep in mind that I was forced out of the ssbc and I'm blockaded by the NZ based dev team and Andre Staltz for bringing up issues with the grants process, mcss, and now our ability to delete feeds from our local dbs. This isn't be 'being a lone wolf', I have been purposefully excluded for bringing up issues with the development of this project and how the developers have excluded minorities and women from the grants process.
People reading along: please also be aware that this guy clearly has a very thin understanding of security in general: %6BWdR+h...@cryptix
You and I agreed to disagree about whether or not https is a secure system. I believe that hsts supercookies are used to track people around the Internet. If you don't believe that, we still agree to disagree. If you want https, don't use ssb on my website.
Dominic is wrong. If there's no authority, then there's nobody taking responsibility. This is a perfect example of how lack of organizational structure simply does not work in the real world. Dominic's other projects like scuttlebutt are likely doomed to fail as well because of his wrongheaded views about organization. - https://news.ycombinator.com/item?id=18535100
I don't want this guy to be right.
What's your read on TypeScript? I've used it before and don't have any problems with the syntax, but I'm kind of hesitant to jump ship from JavaScript to a project I believe is maintained by Microsoft. Are my worries misplaced? - @Christian Bundy
V8 is maintained by Google, so the same is true with Node.
But yes, Deno aims to solve the above problem, and a number of other problems such as getting rid of npm.
I find it hard not to disagree with the comments saying that Dominic could have done more to mitigate this situation. He also has indicated that he knows how to fix a known exploit in secure-scuttlebutt
, but has so far been unwilling to fix the issue.
Can people who are not blocked by Dominic reach out to him and explain that it is his moral responsibility to fix this exploit before it is used to do harm to this network?
Let me apologize in advance for the flame war that is about to be directed at me for bringing this up again.
My fear is the next time we're on HN, it's because someone has posted abusive content here, and there's no way for us to delete it from our local machines and pubs.
I also wrote about this here: %MEE6w3S...
I wish I could fix this myself, but no matter how long I stare at the Flume DB code, I still don't get it. The only person I know on this network who understands Flume is the man who created it, Dominic Tarr.
If anyone else can fix this, and let Dominic off the hook, by all means fix it.
@Rob's Laptop The issue you're running into is NAT. Your devices don't have public ip addresses, so they can't find each other without a pub.
One way to solve this is to use cjdns to mesh network your devices by giving them self-assigned IP addresses.
But you might have issues getting cjdns working on your phone.
Make sure you change your network key, so your new network won't accidentally sync with the main ssb network.
caps: {
//this is the key for accessing the ssb protocol.
//this will be updated whenever breaking changes are made.
//(see secret-handshake paper for a full explaination)
//(generated by crypto.randomBytes(32).toString('base64'))
shs: '1KHLiKZvAvjbY1ziZEHMXawbCEIM6qwjCDm3VYRan/s=',
//used to sign messages
sign: null
},
Did a git update in repo mvd
- upgrade deps, use decent-ws -- 1.15.0
I keep talking about these two stories at Nymag.com, so I figured I'd share them on the scuttleverse.
A young couple is about to move into a 1.3 million house in Westfield, NJ, until they receive a letter:
657 Boulevard has been the subject of my family for decades now and as it approaches its 110th birthday, I have been put in charge of watching and waiting for its second coming. My grandfather watched the house in the 1920s and my father watched in the 1960s. It is now my time. Do you know the history of the house? Do you know what lies within the walls of 657 Boulevard? Why are you here? I will find out. - The Haunting of 657 Boulevard
And some insight into the philosophy that influences the nuevo-Roman occupation of the digital world:
Mark Zuckerberg isnβt the first person in human history to draw inspiration from Augustus Caesar, the founder of the Roman Empire, but heβs one of a very few for whom the lessons of Augustusβs reign have a concrete urgency. Both men, after all, built international empires before the age of 33. βBasically, through a really harsh approach, he established 200 years of world peace,β Zuckerberg explained to a New Yorker reporter earlier this year. βWhat are the trade-offs in that?β Augustus, Zuckerberg explained, βhad to do certain thingsβ to ensure the stability of his empire. So too, apparently, does Facebook. - The Decline and Fall of the Zuckerberg Empire
@KawaiiPunk It might be ssb-query
regenerating indexes. I think Patchbay and Patchwork are using different versions of ssb-query
right now, and that forces an index regeneration.
@Miles You got it. Catching up with at the local McD's.
Yes, there must be some sort of financial stimulus agenda to to the Black Friday namespacing. I've heard that it's been said that Black Friday happened before Black Monday: https://en.wikipedia.org/wiki/Black_Monday_(1987)
In a world where FAANG stocks are bleeding out and Amazon is advertising that Alexa wants to listen to your children sleep, I find myself wondering how much more value a couple of monopolistic tech stocks can lose...
@punkmonk Deno is way easier to install now: https://github.com/denoland/deno_install
Just curl -L https://deno.land/x/install/install.py | python
On Arch Linux I run curl -L https://deno.land/x/install/install.py | python2
@punkmonk #deno is cool! I have it on my system right now, and I use it to write little programs sometimes. What I appreciate most about it is that they are trying to do away with centralized npm repositories by making it possible to import modules from urls.
It's a paradigm shift, so I think it'll be a bit of a leap (and a lot of new code) for Node programmers to switch. Even if it never gets traction, I think it's awesome that Ryan is dedicating the time to figuring out how to fix some of the mistakes he made when he designed Node.js.
I haven't programming in TypeScript, but it falls back to regular js, so it hasn't been any different for me to use Deno instead of Node. Well, except the no-npm part, that takes some getting used to.
Anyway, it's early days, but I'm following the project as it gets closer to being a working programming environment.
- gb and I left San Francisco: %a4sgR14...
- I attempted to clarify how the ssbc grants would be distributed: %xGyoPP3...
- I got pick-pocketed after two days in Mexico City and crashlanded in my mom's basement: %2Ssvp5E...
- I tried Patchless for the first time: %RmVI0G0...
- I re-wrote Minbay to depend on Patchless so that Dominic and I could collaborate by building a client together: %OQs1ipf...
- I applied for an ssbc grant to be an intern on Patchless, and was rejected by Dominic and Mix: %K1W3gQ6...
- I gave a talk about ssb at Chicago Node.js: %NhysOT2...
- I stood up when Johnny's grant for Dexbot was rejected by Mix and Dominic: %qw5ctDW...
- Mix started "beefing" with me because I stood up for Johnny's grant: %q7jCWMp...
- I wrote my own lite client for ssb: %NPNNvcn...
- I demoed mutable messages at Chicago Node.js: %O2QDhgP...
- I applied for an ssbc grant: %2HYP9MQ...
- I received an ssbc grant: %6jIFKhP...
- I began work on mutable messages: %PtxLfew...
- I implemented scat messages in mvd: %VnLmqxL...
- I got all of the Bogue boys in the same room for the first time in a decade: %0fLZAKr...
- I showed off our local area mesh network: %KXYmaRu...
- I stood up for gb when her grant was denied without a reason by Dominic, Mix and Andre: %EcGxhki...
- I took you on a brief tour of Rosemont, Illinois: %wmGQNXP...
- I implemented the first ssb wiki: %BYtLfko...
- I visited Microcenter in Chicago for the first time in probably 15 years: %wUkG12z...
- I was kicked out of the ssbc and blocked by Dominic Tarr because I stood up for Johnny and GB's grant proposals: %yWyuBxp...
- I disobeyed Mixspiral: %FKm5Kz1...
- I predicted the end of the iEra, Apple has since lost more than 200 billion dollars in market cap: %uq2rBmD...
- I made it possible to see the difference between edited posts in mvd: %jUKpv+K...
- I was diagnosed with missing plug syndrome by the co-founder of Loomio: %qFBcund...
- I wrote my first Deno app: @8Qee0I/...
- @gb and I hosted @jolyon on #couchsailing: %9ZTGv7j...
- I made it all of the way through the podcast where Elon Musk smoked a joint: %a+B1HHu...
- I was the first developer to decrypt a private group message on ssb: %/BwUGBD...
- I wrote about the benefits of foaf social networking: %uIVl3tW...
- I released a somewhat stable version of Decent: %ZSQMltt...
So no, this year wasn't a waste.
Yesterday was my (and @gb's) one-year anniversary working for Levi's in Rosemont, Illinois.
Every year that an employee works in Levi's retail, the company gives us one free pair of jeans. This isn't the only way to get a free pair of jeans at Levi's, everyone gets one if we hit our monthly 'plan' and you get a free pair when you start.
I'd been debating which jeans to pick up all month, and finally settled on this pair of 32-30 511s that came in a box I opened. They felt different than the rest, and when I checked the tag I was excited to discover they were hecho en MΓ©xico. For the past year most of our black jeans have been made in Egypt and Columbia. I haven't been thrilled with the fabric quality of these black jeans, so I'm glad I held out for this pair. It feels sturdier than most.
Unlike Los Angeles Apparel, Levi's doesn't make any of it's own jeans anymore. Instead Levi's orders a run of jeans from a demin factory somewhere in the world. These jeans are imported into the USA, shipped to a couple of giant warehouses in Kentucky and Louisiana, and from there they get shipped to the back door at Fashion Outlets where I (and others) haul the boxes into the store to be opened on Tuesday and Friday mornings.
It's much more economical to outsource your jeans this way, but sometimes I wonder if we lose something by not making our own jeans. When White Oak closed last year, there was a lot of Made in America Cone Mills Selvedge denim floating around the Levi's world. I was able to pick up two pairs of Made in America 511s.
Right now I'm wearing a pair of Japanese Selvedge (made in Bulgaria) into the ground. The pair of Black 511s and the White Oak Selvedge are in the closet waiting for the right moment.
Levi's may be planning to go public (again) next quarter. While I'm backstocking jeans, I somehow wonder how going public will change the culture of the company that I work for...
Sometimes I feel as if all I did this year was fold jeans. I didn't travel at all, I didn't write any bestselling ebooks, I didn't shoot photos for magazines or have conv
ersations with famous people at fancy parties.
Then I scroll back on my append-only feed and I realize that I did accomplish a few things this year:
@Christian Bundy @alanz I can't tell if this is an old or new bug, but I've also experienced lag with ssb syncing. Sometimes I'll turn ssb-ebt
off and that maybe helps. Other times I'll turn ssb off and on again, and that helps.
I'd call it a 'gossip hangs' issue.
It might also have to do with the connection I'm on? On connections with very little bandwidth, sometimes it seems to me that it takes awhile to get an entire sync through the pipe.
{ "type": "queue", "message": "%40w/AclBzc7IrN/2mTSHVdbWavoskd3fKmOTEYBgRrw=.sha256", "queue": false }
{ "type": "queue", "message": "%P00MVOrVWvs4uE+rYyn58FG0cIZHME/M9W9c2n6jbIw=.sha256", "queue": false }
Decent 5: The Garden and The Wall
The theme of Decent 5 is "The Garden and The Wall".
When I first began learning to use the original scuttlebutt way back in 2012, I wanted a social networking application on my website
The Garden is a curated space where the pub decides which feeds to replicate. In Decent we see a garden not as a community that must be weeded, instead a pub that is deliberately planted with vetted feeds. This is why Decent 5 has one-hop replication.
The Wall is a space where people can leave comments on my website when they pass by. Most of the world doesn't have scuttlebot installed on their computers. My hope is by exposing the wider Internet to our technology we will be able get more people to install ssb clients on their own computers.
One deliberate decision I made with this version of Decent is to turn off private messaging for remote Decent users. This isn't so much because private messages are insecure via the pub (they are encrypted in the client and published to the server via shs), but more because I want to encourage more people to install a full ssb client on their own machine -- instead of just using Decent on my website to communicate with me in private.
If you want a full client, I want to encourage you to clone and build %mvd on your own computer.
In the latest push to %decent I've fixed these two issues:
I've removed marked these issues as 'done' in my queue
Feedback on this version of Decent is appreciated, please leave it on this thread or write on my wall
In the future I'd like to include an easy way to delete feeds and make it easier to explore the scuttleverse with ssb-ooo
.
@dominic Yes, I agree with you on this.
Less is more -- one-hop replication with ssb-ooo
is the simplest way forward here.
{ "type": "queue", "message": "%MEE6w3SmuG8ymq8xk87wbTNdAiM2HPyFcYmA5jkPkLc=.sha256", "queue": false }
Did a git update in repo decent
- decent 5: the garden and the wall
Did a git update in repo mvd
- 1.14.1
- add the Wall button (to get the mentions of others)
- fix error where button state isn\'t properly tracked in queue
Welcome to the scuttleverse @pcowgill. Here are the threads about your and @Rick's meetup in Chicago: %iRRtLoV... and %RpQTyRW...
{ "text": "Scuttlebot itself is where I get the most frustrated. There are parts of it that are still really clunky, such as the gossip schedule. ", "type": "scat_message" }
{ "text": "I get pull-streams, as long as I stick to basic methods such as `drain` and `collect`. ", "type": "scat_message" }
{ "text": "FlumeDB is so useful, I can't think of a good reason to rip it out. But I also simultaneously don't understand it at all.", "type": "scat_message" }
{ "text": "secure-scuttlebutt itself is fairly well documented and seems to be stable.", "type": "scat_message" }
{ "text": "@beans I get you on the topic of scuttlebot being a challenge to work with.", "type": "scat_message" }
@habitatm45 We (@gb and I) used to be in Fayetteville, and probably could have made it if we were still there.
I know @squicc is in Charlotte, but that's a bit of a trip.
I think @Joey Hess is in NC somewhere near/or in Asheville.
@btrask is in Durham, but isn't on ssb anymore as far as I know. You'd probably need to reach out to him at https://bentrask.com/
@rabble Yup, Rosemont!
@Rick Sure! I rsvped, and also responded here.
@sentamalin π₯οΈ is also in Chicago. Anyone else in the area? It'd be cool to get more people in Chicago on ssb!
hey @Rick, @gb got your email. I rsvped for the event on Meetup.
Keep me posted on the date, so we can request work off that night.
@sentamalin π₯οΈ Not a furry, but if you want to grab a beverage while you're in Rosemont, give me a shout. We live right by the convention center.
Did a git update in repo mvd
- update deps
- update to scuttlebot@13.0.3
Did a git update in repo scatter
- add install instructions
- only show follow button for feeds other than yourself
{ "text": "@squicc @ikku http://github.com/evbogue/scatter !", "type": "scat_message" }
{ "text": "@gb Works! Got it. How am I? caffeinated.", "type": "scat_message" }
Did a git update in repo scatter
- first commit on scatter
{ "text": "Good morning from Rosemont, IL! :coffee:", "type": "scat_message" }
{ "type": "queue", "message": "%MEE6w3SmuG8ymq8xk87wbTNdAiM2HPyFcYmA5jkPkLc=.sha256", "queue": true }
{ "text": "The altnet config dropdown is a cool idea, I wonder if I can get a similar thing going in mvd?", "type": "scat_message" }
{ "text": "misc looks awesome. I'm installing Rust on Arch right now to try it out later.", "type": "scat_message" }
Not long after I first began publishing to secure-scuttlebutt there was a conversation started by @paul in May of 2016 about moderation. I responded and said:
The way I think about it, if something 'bad' ends up on the network, I don't want it to end up on my computer. Or if it does end up on my computer, I want to be able to easily remove it.
To this day it troubles me that there is no easy way for me to remove illegal content from my local database.
We're powerless to stop anything if we don't have a button that will private block an id and delete their feed.
@dominic and I talked about implementing a delete feed and he said:
The simple way would be to pipe the flumelog into another instance of the log, but filtering out the feeds to be deleted. put that into another flume instance, and when it completes, move all the new flume files over the original (easy since it's all in one directory) then reload the scuttlebot instance (which will regenerate the indexes). It would help a lot if more people understood flume in detail, so I'd be very happy to advise someone working on this.
I responded by saying:
@dominic, yes I think I fall into the camp of not understanding flume very well yet. How long do you think it'd take you to knock out the 'delete feed and reindex' feature? Is this a five minute project for you, or would it take a few weeks?
And he never responded to me.
We need this feature, it is important to the survival of this project. Can someone please ask @dominic to implement a way to delete a feed? He's the only person who knows flume well enough to pull this off. I'd ask him, but he currently blocks me because of my critique of how the Dfinity grant process was handled.
Once there is a simple sbot delete feedID
tool, it'll be easy for client developers such as myself to give everyone easy access to a private block and delete feed button.
@cinnamon re: %lCM4sU/... I'll work on get private block implemented in %mvd as soon as possible.
I created it on a lark when @gb @ev were in town several months ago and some crabs met up there. - @noffle
We left San Francisco a year minus four days ago! Time flies.
Have fun in SF/Oakland @teq! Def stop by the Sudoroom and get the ssb meetup going again.
@Brian My long term plan for dealing with spam and scaling issues, in my client at least, is one-hop replication and using ssb-ooo
to pull in messages from outside your immediate social graph. This way you only follow and replicate people who you choose to follow. This will raise the bar for discovery, but make initial sync way faster.
There also needs to be a way to delete an entire feed from your database.
Hey @Brian. Welcome to ssb from Rosemont, IL!
{ "type": "about", "about": "@8Qee0I/DwI5DHSCi3p5fsl6FyLGArrnDz3ox9qZr5Qc=.ed25519", "image": { "link": "&bxxVzzh5wftWhKFAoNmww8zYWqfx8PkT8BsX7BbMNJg=.sha256", "size": 190966, "type": "image/jpeg" } }
Did a git update in repo mvd
- use default ssb config to try and fix ws issue
@regular I should have time to try this out tomorrow and see if I can get it working with mvd
. Are all of your pull-requests merged/published at this point?
@rabble Thanks for the mention. Here's the link to the dev diary: %PtxLfew...
I want to get mutable messages implemented in Patchwork, but I'm waiting for @matt's debloated version to stabilize a bit before taking a look at the code and considering how best to present a pull request.
@cryptogoth cc: @myf @micro. Who else is in #nyc ?
Keeping this issue up to date: I got an email saying http://gitmx.com/ and http://ssb.evbogue.com/ was down.
I posted a note on the Decent altnet: http://decent.evbogue.com/#%wUmGGhtoJDvSkGtBB3jb1IFjFku+HNVz8I1AYHy2nU4=.sha256
I haven't done a pull on Decent, so that repo still works. Maybe I can scp
it to my other server and temporarily fix the main network? Trying that now.
However, currently there is no websocket support in sbot for some unknown reason, so that's next on the list.-@regular
Yes, confirmed. I'm getting
ssb-friends: stream legacy api used
/home/ev/mvdnew/node_modules/scuttlebot/plugins/invite.js:112
if(!/^ws/.test(ws_addr)) throw new Error('not a ws address:'+ws_addr)
^
Error: not a ws address:
at /home/ev/mvdnew/node_modules/scuttlebot/plugins/invite.js:112:44
at /home/ev/mvdnew/node_modules/level-sublevel/shell.js:53:51
at /home/ev/mvdnew/node_modules/level-sublevel/nut.js:109:13
in sbot@13.0.0
@regular Yes, API stability is important for me as well.
I think the issue with the connections upgrade was that somehow the upgrade broke semver in a dependency, and thus bumping scuttlebot to 12 wasn't enough to keep old versions from breaking too.
I think the connections upgrade was needed, and important, but it's been a bit of a rocky major version release. I think we can mostly blame the Node.js dependency system -- but we also didn't do enough testing, probably because it didn't seem to be a big breaking change. It just ended up breaking things for you and I because we both use the lite client. I see these issues as growing pains as ssb matures.
Maybe we need boring scuttlebutt and experimental scuttlebutt?
{ "type": "queue", "message": "%40w/AclBzc7IrN/2mTSHVdbWavoskd3fKmOTEYBgRrw=.sha256", "queue": true }
{ "type": "queue", "message": "%P00MVOrVWvs4uE+rYyn58FG0cIZHME/M9W9c2n6jbIw=.sha256", "queue": true }
http://gitmx.com/ is down because of incompatibilities with scuttlebot@12
. %xtq/l+G...
I need to somehow figure out how the new connections thing works, or manually hardcode websockets (if that is even possible?)
Reverting to an earlier commit seems to not work at the present moment, so something must have changed in the stack that breaks backwards compatibility.
The queue in %mvd
In the my latest push to mvd, I've implemented a queue.
Background: I'm interested in making git-ssb
a viable alternative to Microsoft Github and Alphabet-invested Gitlab. Git and git-ssb
are distributed, so why are we still using Microsoft Github?
One big benefit of using Github is it's fairly easy to keep track of issues that need action. To compete with Github, we need to know what we need to work on!
In an attempt to make it easier to get things done on ssb, I've added the queue to mvd.
Write a new post:
Add it to the queue:
Click on the 'Queue' tab to see items in your queue:
Click 'Done' to remove items from the queue:
You will see items that have been added and removed from queues:
Try it out!
git clone ssb://%NPNNvcnTMZUFZSWl/2Z4XX+YSdqsqOhyPacp+lgpQUw=.sha256 mvd
cd mvd
npm install
npm run build
npm start
Report any issues here! I'll queue them.
{ "type": "queue", "message": "%ny4b6hZki72YY0MPGii4h+aRD+VMwEbGLcjSj1eaKKg=.sha256", "queue": false }
{ "type": "queue", "message": "%ny4b6hZki72YY0MPGii4h+aRD+VMwEbGLcjSj1eaKKg=.sha256", "queue": true }
To do: implement a queue to keep track of ssb messages that need future attention.
Did a git update in repo mvd
- 1.14.0
Did a git update in repo mvd
- add queue functionality
{ "type": "queue", "message": "%Ba6c+U03Mmke/ZAS21qGsuX/NzEiuJMZF39iXWu9MLw=.sha256", "queue": false }
{ "type": "queue", "message": "%Ba6c+U03Mmke/ZAS21qGsuX/NzEiuJMZF39iXWu9MLw=.sha256", "queue": false }
{ "type": "queue", "message": { "key": "%Ba6c+U03Mmke/ZAS21qGsuX/NzEiuJMZF39iXWu9MLw=.sha256", "value": { "previous": "%1ZvTRn3wU0PScEnWrP7WXsxoAp9RS1ugv5Q8S8vqgQk=.sha256", "author": "@8Qee0I/DwI5DHSCi3p5fsl6FyLGArrnDz3ox9qZr5Qc=.ed25519", "sequence": 6346, "timestamp": 1539378398876, "hash": "sha256", "content": { "type": "post", "text": "Testing the queue. ", "mentions": [] }, "signature": "22nQMoRUB7XE7SuzR7zQ9CH0Ht3w/MqUbjjf+Gr0MgsrP2lWbCr5sa2+ScFNctbOovxAoeIhzx1pUeRuUgLTCg==.sig.ed25519" }, "timestamp": 1539378398890 }, "queue": true }
{ "type": "queue", "message": { "key": "%Ba6c+U03Mmke/ZAS21qGsuX/NzEiuJMZF39iXWu9MLw=.sha256", "value": { "previous": "%1ZvTRn3wU0PScEnWrP7WXsxoAp9RS1ugv5Q8S8vqgQk=.sha256", "author": "@8Qee0I/DwI5DHSCi3p5fsl6FyLGArrnDz3ox9qZr5Qc=.ed25519", "sequence": 6346, "timestamp": 1539378398876, "hash": "sha256", "content": { "type": "post", "text": "Testing the queue. ", "mentions": [] }, "signature": "22nQMoRUB7XE7SuzR7zQ9CH0Ht3w/MqUbjjf+Gr0MgsrP2lWbCr5sa2+ScFNctbOovxAoeIhzx1pUeRuUgLTCg==.sig.ed25519" }, "timestamp": 1539378398890 }, "queue": false }
{ "type": "queue", "message": { "key": "%Ba6c+U03Mmke/ZAS21qGsuX/NzEiuJMZF39iXWu9MLw=.sha256", "value": { "previous": "%1ZvTRn3wU0PScEnWrP7WXsxoAp9RS1ugv5Q8S8vqgQk=.sha256", "author": "@8Qee0I/DwI5DHSCi3p5fsl6FyLGArrnDz3ox9qZr5Qc=.ed25519", "sequence": 6346, "timestamp": 1539378398876, "hash": "sha256", "content": { "type": "post", "text": "Testing the queue. ", "mentions": [] }, "signature": "22nQMoRUB7XE7SuzR7zQ9CH0Ht3w/MqUbjjf+Gr0MgsrP2lWbCr5sa2+ScFNctbOovxAoeIhzx1pUeRuUgLTCg==.sig.ed25519" }, "timestamp": 1539378398890 }, "queue": true }
Testing the queue.
@masukomi The last time I had burnout was in the last quarter of 2008.
I'd been working at New York Magazine for a few years, living at The Schoolhouse in Bushwick, and I'd even gotten the raise I'd asked for. But then I got burnout, and I was miserable.
Every morning I'd sit in The Schoolhouse kitchen editing photos for Daily Intel and The Cut, smoking three rollie cigarettes over three cups of coffee and put off dragging myself into the office until the 11:30am lull. Then as soon as 5pm came I'd be the first person out of the office to do nothing after work.
It's only in hindsight that I realized that I was working in Lower Manhattan during the collapse Lehmen Brothers. No wonder I didn't want to go to work anymore, the economy was (almost) imploding.
So yah, looking back it makes perfect since why I felt so bad about everything during that time. But at the time I was as perplexed as everyone else was about my permanent burned out mood.
I wonder how we'll look back at this era?
Did a git update in repo mvd
- add brackets to if statement
Boosting: %FkJgO6r...
A #wiki interface would be very very cool, I would be happy to help with #funding for this if anybody wants to take a serious hit at it! -@Aran
Yup, as mentioned by @xj9 above, ssb-wiki
already exists in mvd: %jUKpv+K...
It would be cool to see these features ported to Patchbay/Work. @Christian Bundy and I were talking about this two days ago: %QBL80Gd...
Try it out at http://gitmx.com/ -- click the "New Wiki" button.
@Christian Bundy Reading this thread I'm a little confused about the language being used here.
Mute is a local action that doesn't change whether or not you've replicated someone. In mvd, a mute is purely a function of the UI to minimize a person's feed temporarily.
Ex: front-end mute in mvd: %b04s061...
Block instructs scuttlebot to actively not replicate someone's message. Blocks can be either public or private, but they accomplish the same thing: your local scuttlebot doesn't replicate the feed anymore.
Ex: We were talking about how Patchbay/Work only shows one side of the block story here: %K71cvcn...
It seems to me that we might be using different terms, mute and block, for the same thing: block.
From my perspective, block is a message you write to your feed that tells scuttlebot not to replicate a person. Mute exists in the UI and is used to mute someone's feed, even though you continue to replicate their data.
There are two addition things I keep in mind here, that aren't implemented yet.
- delete feeds --> %BO53Gk4...
- secure-shadowban --> %F46h+hD...
I am not a supporter of secure-shadowban, for obvious reasons.
But, being able to block and delete a feed would be awesome, because then I could remove spam from my database easily. Block and delete could be a private or a public action that you write to your feed.
Did a git update in repo mvd
- tweak boost format to a more sensible default
- disable live queries to speed things up
Did a git update in repo mvd
- remove ssb-query fork, as we use ssb-query now
- render repo names with ssb-avatar
- 1.13.2
- use ssb-avatar for git-ssb repo names
@Christian Bundy Maybe that's how the original block plugin worked, or was intended to work, but that's not how ssb-ebt
works. ssb-ebt
connects to pubs and doesn't replicate feeds that you block.
Did a git update in repo mvd
- 1.13.1
- use latest ssb-query, and generate an index by timestamp using the flumeview-query index plugin system
...or an off-chain "mute", similar to how you mentioned. - @Christian Bundy
%mvd has off-chain mute: %b04s061...
@Christian Bundy That's not how block works. I can see all of the messages from people who block me, they just cannot see me anymore. cc: @enkiv2
@Christian Bundy Maybe? I'm up for anything that would make mutable messages faster.
Doing a query against a message is slower, so if there's a better way to find message edits I'm down for merging it. I'd love to speed up every ssb-query
actually, because when you start querying things get slower.
What does the addMap() function do? This is the first I've heard of it.
I totally feel you! :/ Some things I am struggling with: - @regular
I'm still in the same place of not really understanding how the new changes work. In the past replication just worked out of the box, and ws just worked if you used the ssb-ws
module in your application.
@ev, did you manage to get the last bullet point to work with sbot@12?
That's what I'm trying to fix right now. What I'm using right now ssb-ws plugins system that dominic put together for me where I feed the client file into ssb-ws
in order to serve the client under the same address as it uses ws to connect.
var mvdClient = fs.readFileSync(path.join('./build/index.html'))
...
.use({
name: 'serve',
version: '1.0.0',
init: function (sbot) {
sbot.ws.use(function (req, res, next) {
var send = config
delete send.keys // very important to keep this, as it removes the server keys from the config before broadcast
send.address = sbot.ws.getAddress()
sbot.invite.create({modern: true}, function (err, cb) {
send.invite = cb
})
if(req.url == '/')
res.end(mvdClient)
if(req.url == '/get-config')
res.end(JSON.stringify(send))
else next()
})
}
})
This works, but the issue is that somehow local replication is breaking while this is working, which seems completely unrelated. Local replication works if I run straight up scuttlebot, but it doesn't work with the configuration I'm using in mvd
.
Anyway, it's all broken right now. I do think that understanding more about how this new connections system works in scuttlebot@12 will help me figure out how to fix it.
I might just try something completely different with no-auth
and hardcoding ws addresses for public remote lite clients such as http://gitmx.com/
{ "type": "edit", "branch": "%QBL80GdWTQ2zrfTb4euseT9ElslZDruZfIaAFbaV0b4=.sha256", "root": "%PtxLfewN03z3NJ0b+oBDeigt0z5IWTQIYoKyUB5/8VQ=.sha256", "updated": "%QBL80GdWTQ2zrfTb4euseT9ElslZDruZfIaAFbaV0b4=.sha256", "original": "%QBL80GdWTQ2zrfTb4euseT9ElslZDruZfIaAFbaV0b4=.sha256", "text": "[@Christian Bundy](@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519) It's both practical and possible. \n\nI'm waiting for the dust to settle in [@matt](@FbGoHeEcePDG3Evemrc+hm+S77cXKf8BRQgkYinJggg=.ed25519)'s Patchwork debloat before diving into the code. Patchbay is unclear from a political standpoint, for obvious reasons -- maybe you can help here?\n\nMutable messages are an additional query against each message to see if there are any edits to the message. Edits are a new message type `type: edit`. There's no reason why we can't get mutable messages working everywhere, now that they're prototyped in `mvd`. ", "mentions": [ { "link": "@+oaWWDs8g73EZFUMfW37R/ULtFEjwKN/DczvdYihjbU=.ed25519", "name": "Christian Bundy" }, { "link": "@FbGoHeEcePDG3Evemrc+hm+S77cXKf8BRQgkYinJggg=.ed25519", "name": "matt" } ] }
@Christian Bundy It's both practical and possible.
I'm waiting for the dust to settle in @matt's Patchwork debloat before diving into the code. Patchbay is unclear from a political standpoint, for obvious reasons -- maybe you can help here?
Mutable messages are an additional query against each message to see if there are any edits to the message. Edits are a new message type type: edit
. There's no reason why we can't get mutable messages working everywhere, now that they're prototyped mvd
.
@regular @arj I have mutable messages and wikis implemented in %mvd, check out the dev diary here: %PtxLfew...
I decided to handle mutable messages as simple as possible: I post a new message with the new message text, with type: edit
. It links back to the branch, the root, and what message it is updating.
When a message is rendered in the client mvd
quickly runs a query to see if there are any edits to the messages, and re-renders the post based on how many edits it finds.
The type: edit
messages themselves are used to render diffs between the edits. Here's how that looks on an ssb-wiki
: %jUKpv+K...
Feel free to look at this code, borrow this code, or fork mvd
and use it for your project!
@regular yah, %mvd uses websockets to connect. I haven't tried noauth
yet, but I need to because local replication is still broken for me in mvd.
@arj has been super helpful, but I've mostly not had time to try noauth
to resolve the connection issue with local-wifi.
Two relevant issues: https://github.com/ssbc/scuttlebot/issues/545 https://github.com/ssbc/scuttlebot/issues/542
I am able to connect to my client using
connections: {
incoming: {
net: [{ port: 8008, host: "localhost", scope: "local", "transform": "shs" }],
ws: [{ "scope": "public", "transform": "shs" }]
},
outgoing: {
net: [{ transform: "shs" }],
ws: [{ "scope": "public", "transform": "shs" }]
}
},
and by generating a ws address to connect to.
node bin ws.getAddress
Using the ssb config
"ws://localhost:8989~shs:8Qee0I/DwI5DHSCi3p5fsl6FyLGArrnDz3ox9qZr5Qc="
mvd generates the local ws address and then broadcasts it to the client.
I hope that helps, but as I mentioned above, I haven't quite made the scuttlebot@12 leap perfectly yet.
@enkiv2 This is a topic close to my heart, because I feel as if I have to keep explaining to people why I'm being blocked because Patchbay/Work shows who blocks you as the first thing on your profile.
In %mvd I went ahead and implemented a button to render both who you block and who blocks you. I think this is paints a fairer picture, because you can travel to a person's profile and discover that they are also a prolific blocker.
Here's how your profile looks in mvd:
We have a lot of choice around how we implement these social signals in the client, and I wonder what the best choice is here.
Google+ will cease all its consumer services while winding down over the next 10-months with an opportunity for users to export their data while Google refocuses on making G+ an enterprise product.
Google+ to shut down after coverup [TechCrunch]
During a two-week period in late March, Google ran tests to determine the impact of the bug, one of the people said. It found 496,951 users who had shared private profile data with a friend could have had that data accessed by an outside developer, the person said.
Google Exposed User Data [WSJ] or Outline
welcome to ssb @polylith!
@gb and I are living at the other end of Lake Michigan from you, in Rosemont, IL.
Got it, thanks @andre!
@andrestaltz_phone Thanks, asked here: %ZTQ6UBH...
there was no switch. :)
What I meant by switch was that most scuttlebots use a foaf (friend-of-a-friend) gossip strategy for replication. #manyverse uses dht invites, which is a different gossip strategy.
@andrestaltz Thank you for taking the time to answer my questions about gossip in #manyverse. re: %whVYAe+...
Background: I read the dht invites thread and was left a little confused as to why #manyverse is using dht gossip instead of the usual pub-based gossip.
One influence on the original scuttlebot design was this early article called Design Challenge: Avoid Centralization and Singletons, which seemed to discourage the use of DHTs in scuttlebot architecture.
- Why did you decide to use dht invites instead of pub gossip in #manyverse? Ex: did pub gossip not work on Android?
- Are there any advantages, disadvantages to using this gossip strategy? Ex: When I use cjdns to route network connections, I know while the connections between computers can be mapped, the advantage of using cjdns is that I am gaining encrypted packets.
- Are there any privacy implications to using dht gossip? Ex: can Dat's bootstrapping servers map all of the phones IP locations in the #manyverse?
These are my initial questions, thank you for taking the time to answer them.
@andrestaltz I want to ask a question about the decision to switch from dht replication from foaf gossip replication in #manyverse. Where's the best place to ask about this? Or has this already been discussed somewhere, and I haven't been able to find the thread?
Reading this thread, is anyone actually advocating reposts? several people seem to be arguing with someone they thought suggested we need reposts... but reading closely I don't think anyone has actually suggested this.- @dominic
In %mvd I've implemented the boost button which can either be used to repost or as an easy way to reply in-line.
I don't think that reposts are bad or good, they are just a feature that can either be implemented in a client or not. We'll see if the boost button sticks in mvd or not. Either way it's easy to implement and easy to delete from any client code base.
one thing you COULD do for more privacy is create your own altnet. I think @ev has more to say on this subject than i would. - @punkmonk
Yes, you could create your own altnet. I've been running an Altnet on-and-off-again for awhile: http://decent.evbogue.com/ but a side-effect of having an altnet is it's very quiet.
These days I'm most excited about decryption feeds as a way of private messaging on ssb. Decryption keys is different than how ssb private messaging currently works; instead of encrypting to recipients, you instead share a decryption key for a post or a series of posts, and this will allow people to read and (I assume) write to group. I've implemented the read part in the lite client I maintain, %mvd
Decryption keys will allow us to have conversations that aren't easily crawled by strangers, but the trade-off is you need to find a way to notify the group of the decryption key that you're using and direct their attention to reading the encrypted group. But speaking public is, well, public -- so I think decryption keys will make people feel safe(r) than they did sharing messages.
But keep in mind that anyone who is given the decryption key will be able to read the messages!
@Barathrum Being able to encrypt messages, and then distribute a decryption key, will allow us to implement private group chat as you've mentioned above.
I'm not an ssb developer or designer -- and, in fact, I'm a noob (having only been here for a couple months) -- so my understanding of the security model & the reasoning behind it might well be wrong. Please correct me in that case. - @enkiv2
You landed it.
Lastly, you can also see how disagreements have been handeled in #beef . Rabble recently referred to an ongoing rupture with Ev which he puts down to different communicational styles. Whether that is the case or not is not up to me to say - and in part i think rabble has been able to draw his own conclusion as all the data is here, in immutable form. People can go through the histories and mostly see for themselves and make up their own minds... not just about those conflicts - but about everything. all the juice, magic and intentions which have been put in here. - @dan hassan
The thread is here: %oiP7j8U...
@dan hassan I'm happy to hear you're continuing to follow the conversation from beyond the Mixspiral blockade! As I said along ago the word "beef" in New Yorker means you need two gats to go to sleep, I hesitate to use such a strong word over here in Chicago.
I agree more with @rabble that we're having a clash of communication styles. We might be foaf, but the citizens of the scuttleverse come from diverse backgrounds and live all around the world.
Here's some strong opinions : I don't want a democracy. Democracy as it's practiced by people in my neighbourhood feels synonymous with tokenistic voting, lack of ownership, lack of initiative.- @mixmix
Of course you don't, everything is so much simpler when you're in charge without any way of anyone changing that. In a democracy you have to get along with people, and define who is able to vote and who is not able to vote, and then win by a popular opinion among those people.
But let me remind you that democracy has worked for a long time, because it gives people the opportunity to choose new leaders when the existing leaders are wrong about something. It also gives you an easy out if there is a minority group arguing against your rule -- "well, we won the vote".
At this point I want to announce that I'm going to bow out of this latest grants process. I don't want to be one of the dozens of people fighting over 85k in euros. I might lose friends and support if I continue to engage when it's clear that Mix doesn't want a democracy. It's a Mixocracy, and the only way to win is not to play.
My official opinion on ssb funding for my work is now this: if you have something you want implemented on ssb, consider hiring me to work on your feature or application. Send me a message in public, private, or using a private group.
@N-O-D-E hey, welcome to ssb! Are you the guy who runs https://n-o-d-e.net/ ?
...continuing foaf
I'm writing you this letter from near 'home', weirdly enough. I grew up in Chicago, and I never wanted to move back here. But here I am, just .2 miles from Chicago, with the aeroplanes landing every eight minutes at O'Hare passing from my left window to my right, straight over the pond with the swans and the massive migration of Canadian Geese.
My sister recently told me that my mom told her that the reason I dropped out of kindergarten was because I was being bullied. When I was 6 I was rockin' purple sweatpants and pink polos. I thought I was Kanye. I thought I dropped out because they wanted to put me in the gifted class, around the same time that the words gifted and special switched places in the school system. But no, it turns out that kids on the school yard were harassing me because of my choice in clothing.
But Chicago is a place where the culture almost teaches us to be intolerant of intolerance. Years after I decided to quit kindergarten because of the bullies (or so the story now goes), my sister and I danced for years at the Joel Hall Dance Center in Chicago, where everyone was taught to be tolerant. No matter how diverse our backgrounds, we are all people, and we can all dance.
One time on Google+ I was intolerant. I blocked a whole bunch of people, mostly because they were trying to strengthen the message I was trying to send via their critical opinion. For a long time Alan and I avoided each other on the Internet, but then he followed me onto cjdns and we talked it out. Now we're cool, how cool is that?
But I wanted to say something about how we're all friends (or at least foaf) here. You mentioned @substack, and randos. But we are no randos. The three people who were excluded from the grants process were all james halliday's roommates in 2013 when gb and I helped @dominic install Arch Linux on his computer at Awaken Cafe in Oakland.
Look, I was really mad at @johnny for a long time about how that living situation fell apart. But @gb and I wouldn't have moved to Mexico for multiple years if it hadn't.
To this day I'd get a drink with johnny, I'd smoke another rolled cigarette with johnny. But #couchsailing? we'd probably need to talk a few things out first.
Weβve seen situations where @ev didnβt like the enspiral way of working. What resulted was individual blocks. What I wish is we were able to have conversations which where enspiral defined or aligned where @ev could be excluded, and those which were aligned with other norms where he could be openly included. - @rabble
One thing I want to mention is that I don't think any of us, johnny, gb, or me was aware that Enspiral had taken control of the ssbc grants process. Mikey invited me to the ssbc in July 2016, and from that point on I considered myself an equal member of the ssbc. I've never considered myself a member of Enspiral, nor wanted to be one. If I'd been made aware that the ssbc now belonged to Enspiral, and that the Dfinity money was to be redirected to Enspiral, I could have left the ssbc before any blocks were needed.
Multiple times I asked for access to the Enspiral handbook (as early as February 2017), but was never offered a chance to read it. Thanks for being the first person to share it with me, I had no idea the handbook existed.
This piece swings wide, but what I want to say is this: the most hurtful thing about the blockade against me after the Dfinity grants process has been that we're all foaf. Even if we haven't all met up in person, we've all met up each other via our friends. Many of us have shared beers, and talked about this amazing distributed future that we can all share together. So why the blockade? I think you summed it up in your piece: "In this case itβs a clash of communication styles rather than any person or group maliciously attacking others."
We're foaf... and for some reason I think that should breed more tolerance than exclusion. But sometimes friends fight? I'd love to move beyond this, but I'm also willing to continue to work on ssb farther away from the people I've worked closest with over the past four years. And perhaps while working in my own direction, we'll make some new friends. - @ev
foaf
@rabble I appreciate how thoughtful, and thought out, your piece above is about the current state of the scuttleverse and the architecture of the tech world in general.
I've probably never posted this story on an append-only log, but somewhat indebted to you for your early contributions to Twitter. Without Twitter, I never would have met @gb in Yerba Buena Park in San Francisco on December 13th 2010.
This was a different era than the one we live in today. It's hard to even imagine the mist and the glow of San Francisco back then. But we can all remember.
I'll tell you the whole story, as I often tell people, when we meet up in person someday. I know at least dominic has heard this one, and perhaps a few others of you out there replicating this message right now. 'It was just supposed to be tea'.
But Twitter to tea set my life on the trajectory that it's on today. We wouldn't be foaf (friend of a friend) without tea, and Twitter, and sailboats, and 2010.
Twitter was a be