From madduck at madduck.net Mon Mar 5 15:48:06 2018 From: madduck at madduck.net (martin f. krafft) Date: Mon, 5 Mar 2018 17:48:06 +1300 Subject: [lca2018-chat] Notes from the "Decentralise all the things" BoF Message-ID: <20180305044806.GA13550@fishbowl.rw.madduck.net> OMG it's March and LCA feels like an eternity ago. Sorry for being such a slacker. During our excellent conference in Sydney, a few of us sat down over the BBQ lunch on Friday to discuss the topic of decentralisation, as was announced here: https://wiki.linux.conf.au/wiki/Decentralise_All_The_Things Rather than a focused discussion on e.g. Matrix and identity servers, which we had at the predecessor meeting in Geelong,? this time it was more of a show-and-tell of interesting projects. Though, of course, we also talked Matrix, as one does? ?) http://lists.lca2017.linux.org.au/pipermail/chat/2017-January/000407.html For posterity, and in case it could inspire anyone of you, here are the notes I took. Sorry if these are quite scattered, but as I said, we shared a lot of ideas without really having the time to go into depth on any of them. 1. Trust in mesh networks ? The OLPC project, as inactive as it may be, always had the goal to enable collaboration in meshes, i.e. kids in a class room linking up with each other. When you're sitting next to each other, then trust is kinda easy, but what is trust anyway? It's basically just a function of all the previous encounters, and ideally should be evaluated at every new encounter. So imagine a pane next to your chat window (or e-mail client, or web site, or collaborative environment, or or or?) that simply lists your previous encounters, possibly augmented with statements about the WoT to depth 1, i.e. "this is a friend of your mother". Some tools already do this, I'm sure, but not in an overarching way; well, at least we couldn't name any. I've always wanted a CRM that was easy to use and integrated with everything that I do, such that I could take notes on e.g. some news about my correspondent's kids, or some health issue, or some award, or anniversary, such that I could use those data during the next encounter, rather than expecting myself to memorise and remember it all (I don't?). Trust really isn't anything different, now is it? 2. Bridging between walled gardens ? such as between Matrix and Wire, requires per-user bridges that handle credentials, because e2e encryption algorithms are mostly incompatible between all the big players. However, there's nothing that fundamentally speaks against installing e.g. a Wire bridge as a plugin into my Matrix client (rather than one bridge for all users of a server), except it better be seamless for the user. Take this one step further: why isn't the Matrix server built straight into clients, with some sort of decentralised storage and message queues so that mobile clients don't need to be on the equivalent of caffeine all the time. 3. On the note of decentralised storage, I mentioned that MAIDSAFE may be a project of interest, similar to IPFS. Nobody present had real experience with it at the point though. 4. Blockchain establishes global consensus, but when you can pre-define static conflict resolutions, then HistoryGraph is an interesting means to keep track of a shared state in distributed environments. 5. Several technologies, especially those around conferencing, currently rely on TURN-servers to synchronise data endpoints. This is a centralisation aspect that could be mitigated using e.g. anycast UTURN-servers, or establishing large pools of them, such as pool.ntp.org? 6. OpenTimestamp.org is a project anyone can use to publish assertations to the blockchain. Essentially, that means timestamping a hash sum, i.e. if I have a great idea written up, I might submit it to OTS and get a receipt that I can later use to prove to the world that I had this idea before the given timestamp. The project is very interesting because assertations seem to be at the core of a lot of the times when people want to use blockchain to solve whatever problem. OTS uses uses centralised calendar servers to aggregate such assertations, and later, an unlimited number of such assertations can (and will automatically) be submitted to the public Bitcoin blockchain. Seems like an interesting compromise, and similar to the Lightning network. Still, who pays for this? 7. Towards the end, we struck up the identity server of matrix.org again, but ran out of time. Not before a mention of OpenWhisper's zero-knowledge directory was dropped though. There was no time, so here's simply a link: https://signal.org/blog/private-contact-discovery/ Looking forward to any feedback or thoughts, of course. -- @martinkrafft | http://madduck.net/ "every day is long. 86400 doesn't fit in a short." spamtraps: madduck.bogus at madduck.net -------------- next part -------------- A non-text attachment was scrubbed... Name: digital_signature_gpg.asc Type: application/pgp-signature Size: 1118 bytes Desc: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current) URL: From quozl at laptop.org Mon Mar 5 19:40:42 2018 From: quozl at laptop.org (James Cameron) Date: Mon, 5 Mar 2018 19:40:42 +1100 Subject: [lca2018-chat] Notes from the "Decentralise all the things" BoF In-Reply-To: <20180305044806.GA13550@fishbowl.rw.madduck.net> References: <20180305044806.GA13550@fishbowl.rw.madduck.net> Message-ID: <20180305084042.GD5595@us.netrek.org> On Mon, Mar 05, 2018 at 05:48:06PM +1300, martin f. krafft wrote: > [...] > 1. Trust in mesh networks ? The OLPC project, as inactive as it may > be, always had the goal to enable collaboration in meshes, i.e. > kids in a class room linking up with each other. When you're > sitting next to each other, then trust is kinda easy, but what is > trust anyway? It's basically just a function of all the previous > encounters, and ideally should be evaluated at every new > encounter. Hey, thanks for the write-up! My attendance at the BoF was accidental; misidentified as someone else, hence the unusual discussion about OLPC. The lunch was great though. I couldn't stay beyond this point, but happy to give a bit more detail. Mesh wireless collaboration was for either; (a) infrastructureless scenario of two or more kids under a tree. No default route. No ping to rest of world. (b) one or more kids near an access point, with other kids meshed to the internet through them. In the original model XO-1, with the usb8388 chipset and the libertas driver, using mesh became unreliable in small groups at around six nodes. It was thought to be air time depletion. So it was dropped. Eight years later, I found that some of the unreliability was due to missing scan results, in turn a bug in the libertas driver; 95320774fae71d7b22b970ef4267fcc4d1ad23d8 ("libertas: fix scan result loss if SSID IE len 0") Alternative wireless configurations include ad-hoc or the usual access point modes. Moving to the application level ... Collaboration between Sugar desktop activities can use Telepathy Salut, with link-local XMPP. No authentication or authorisation. Our port to Python 3 is coming up and Telepathy doesn't yet live in the Python 3 world. I'm inclined to either (a) find something modern that will more securely establish user-level trust between laptops, (b) drop the Telepathy layer and use UDP broadcast packets with AES and some application-specific trust establishment, or (c) port Telepathy. Disclosure: OLPC continues to pay me for consulting work. -- James Cameron http://quozl.netrek.org/ From madduck at madduck.net Mon Mar 5 20:36:40 2018 From: madduck at madduck.net (martin f krafft) Date: Mon, 5 Mar 2018 22:36:40 +1300 Subject: [lca2018-chat] Notes from the "Decentralise all the things" BoF In-Reply-To: <20180305084042.GD5595@us.netrek.org> References: <20180305044806.GA13550@fishbowl.rw.madduck.net> <20180305084042.GD5595@us.netrek.org> Message-ID: <20180305093640.GA5502@fishbowl.rw.madduck.net> also sprach James Cameron [2018-03-05 21:40 +1300]: > I'm inclined to either (a) find something modern that will more > securely establish user-level trust between laptops, (b) drop the > Telepathy layer and use UDP broadcast packets with AES and some > application-specific trust establishment, or (c) port Telepathy. Have you considered matrix.org? ;) -- @martinkrafft | http://madduck.net/ the only difference between a car salesman and a computer salesman is that the car salesman knows he's lying. spamtraps: madduck.bogus at madduck.net -------------- next part -------------- A non-text attachment was scrubbed... Name: digital_signature_gpg.asc Type: application/pgp-signature Size: 1118 bytes Desc: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current) URL: