Post 3184134 by aral@mastodon.ar.al
(DIR) More posts by aral@mastodon.ar.al
(DIR) Post #3184134 by aral@mastodon.ar.al
2019-01-20T11:19:17Z
0 likes, 2 repeats
Centralised web wisdom: if your web app doesn’t work without JavaScript, it is broken.Peer web wisdom: If your web app works without JavaScript, it is not decentralised.JavaScript isn’t the enemy; servers are.(Read this as many times as necessary for it to really sink in as it’s literally the opposite of what folks, myself included, popularised on the centralised web for nearly two decades. If your app works without JavaScript, it means you have logic on a centralised server somewhere.)
(DIR) Post #3184233 by wowaname@anime.website
2019-01-20T11:25:02.667153Z
2 likes, 0 repeats
@aral youre close but still wrong: we shouldnt be using http+html+js for developing decentralised applications
(DIR) Post #3184287 by lanodan@queer.hacktivis.me
2019-01-20T11:27:33.234303Z
0 likes, 0 repeats
@aral uuh, JS or not doesn’t really matter, decentralisation is about everything not just the client, specially as the client doesn’t hold the data.
(DIR) Post #3184351 by aral@mastodon.ar.al
2019-01-20T11:20:47Z
0 likes, 0 repeats
(Of course, just because your app doesn’t work without JavaScript in no way means that it is decentralised. 99.99999% of them aren’t. The observation is that if it does work without JavaScript, you can be sure that it isn’t decentralised as there’s a privileged centralised node – server – somewhere.)
(DIR) Post #3184352 by espectalll@mstdn.io
2019-01-20T11:31:12Z
0 likes, 0 repeats
@aral consider the followingDAT and IPFS
(DIR) Post #3184370 by h@anime.website
2019-01-20T11:31:57.305410Z
2 likes, 0 repeats
@aral solution: don't make "web apps"
(DIR) Post #3184693 by aral@mastodon.ar.al
2019-01-20T11:48:19Z
0 likes, 0 repeats
@espectalll https://ar.al/2019/01/14/hypha-spike-dat-1/;)PS. IPFS is venture-capital funded BS.
(DIR) Post #3184780 by aral@mastodon.ar.al
2019-01-20T11:49:15Z
0 likes, 0 repeats
@espectalll https://ar.al/2019/01/14/hypha-spike-dat-1/;)PS. IPFS is venture-capital-funded BS.
(DIR) Post #3186987 by Shamar@mastodon.social
2019-01-20T11:41:05Z
1 likes, 2 repeats
@aral No.#JavaScript on the browser doesn't grant any decentralization. #Google use tons of client side #JS.If you want decentralized applications #HTTP #browsers are simply the wrong tool. All you can do is to disable JS, use the Web for what it was designed (#HyperText distribution) and build a new infrastructure for distributed computing.
(DIR) Post #3186988 by aral@mastodon.ar.al
2019-01-20T11:45:19Z
0 likes, 1 repeats
@Shamar See my follow-up tweet.We cannot simply ignore the world’s preeminent delivery platform if we’re trying to build a bridge from it to a peer to peer topology. We must use it but use it properly (without creating a privileged node).I stand by my comment.
(DIR) Post #3186989 by Shamar@mastodon.social
2019-01-20T12:03:06Z
0 likes, 0 repeats
@aral I saw it.And I'm in no way ignoring "the world's preminent delivery platform": it's so broken that the Russian Government is using it to deliver worldwide (but mainly in country) the undetectable attacks I talked about extensively with #Mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1487081#c16And it's naive to think they are alone.No, really: I work with JS on a daily basis and even just technically in itself, it's broken beyond repair. Not even through #WASM.
(DIR) Post #3186990 by Shamar@mastodon.social
2019-01-20T12:12:08Z
0 likes, 1 repeats
@aral It's time we stop a moment and think how to build distributed operating systems that put people in control. We should stop assuming people are dumb and only care about "users", because not all people use our software and most people are used through software even beyond data collection.Even just if you consider permission systems, UI innovation, self hosting and software composability, you can easily see how the #web browsers and JavaScript are not going to free anybody.
(DIR) Post #3186991 by Shamar@mastodon.social
2019-01-20T12:56:31Z
1 likes, 3 repeats
@aral And beware that #Google is pretty aware of this. #Fuchsia is not just an attempt to remove an annoying kernel under #copyleft from its business dependencies. It's not even just an attempt to get rid of annoying #hackers like Linus, that dare to review their code.It's an attempt to disrupt before being disrupted.They know this crap is not going to last.Google want to be in charge of the next Web.If they succeed we will face a new version of this distopia, a stable one.
(DIR) Post #3188057 by bob@soc.freedombone.net
2019-01-20T13:10:08.094399Z
1 likes, 3 repeats
@Shamar @aral If they eventually ship Fuchsia (perhaps this year) then it will be "source available" but its development direction will be decided by Google. They will control what patches are accepted, rather than some pesky GPL hacker. They won't need to be involved in the Linux Foundation or its corporate politics. They can optimize the kernel to work with their cloud storage, ad delivery and telemetry - things which would never get past the scrutiny of Linus.Initially it might improve the mobile situation where phones get stuck on a particular kernel version and the manufacturer has zero motivation to maintain or upgrade it. The current situation on mobile with Linux is definitely less than ideal.
(DIR) Post #3199759 by Tlacaelel@hispagatos.space
2019-01-20T12:03:29Z
0 likes, 0 repeats
@aralthat doesn't pass rule one of logic, sir. hence the reason for RMS's militancy and the LibreJS or gnuzilla. the same reason node and centralized goog corp Js garbage pollutes %99999.99 of all apps especially "decentralized ones". I would argue your statement is illogical , capitán.
(DIR) Post #3199760 by aral@mastodon.ar.al
2019-01-20T13:29:11Z
0 likes, 0 repeats
@Tlacaelel OK, so again, slowly this time:1. Web app = delivery + execution2. Delivery = serving html (& maybe CSS/JS)3. Execution of app logic can happen on the client, the server, or on both4. If logic is executed only on the client, you can design your app so that no data is ever sent to the server. The only way to achieve this is to implement all logic in client-side JS.Thus, if your web app works without JS, it means you’re executing logic on the server and it isn’t decentralised.
(DIR) Post #3199761 by bob@soc.freedombone.net
2019-01-20T14:05:53.597214Z
0 likes, 0 repeats
@aral @Tlacaelel Unless the server itself is decentralized and something you can control.
(DIR) Post #3199762 by Shamar@mastodon.social
2019-01-20T22:06:01Z
0 likes, 0 repeats
@Tlacaelel @aral According to this reasoning, if you need data from the server the application is centralized anyway.Which is wrong, as @bob pointed out.Not only the server architecture might be decentralized and under user control, but if you don't need a server... you don't need a client.Please repent! :-)Not by accident those who control browsers and #JavaScript are kings of #centralization!It's dev lock-in through incompetence.
(DIR) Post #3199763 by alcinnz@floss.social
2019-01-20T22:14:47Z
0 likes, 0 repeats
@Shamar @Tlacaelel @aral @bob I can understand the argument having people run JavaScript apps on the web can be preferable in a software-freedom sense to them running propriatary native apps on Mac and Windows.But there I'm concerned about repeatable builds, which I view as vital and the web doesn't provide at all. The server can give you whatever JS it wants, defeating the E2E encryption. With whatever attacks it wants.
(DIR) Post #3199829 by alcinnz@floss.social
2019-01-20T22:18:00Z
0 likes, 0 repeats
@Shamar @Tlacaelel @aral @bob Certainly the ideal would be to get everyone using libre apps on libre operating systems!
(DIR) Post #3204718 by alvarezp@mastodon.xyz
2019-01-21T01:42:10Z
0 likes, 1 repeats
@aral Your post makes no sense because you are mixing "centralized Web" with "centralized app". Talk about either, but don't mix them. Is it the Web or the apps that are centralized/decentralized? What does it mean for each?
(DIR) Post #3212054 by hankg@mastodon.technology
2019-01-20T13:05:28Z
1 likes, 1 repeats
@aral I have no strong aversion to using JavaScript or not using JavaScript. However this brought me to an interesting question. If we are essentially writing full fledged apps that run in the browser should we be thinking of going back to traditional apps that run locally instead?
(DIR) Post #3212057 by clacke@libranet.de
2019-01-21T08:51:54Z
0 likes, 0 repeats
@hankg @aral Bingo.
(DIR) Post #3212654 by dirtycommo@anticapitalist.party
2019-01-21T09:17:19Z
0 likes, 0 repeats
@aral hmm i'm not sure i agree that client-side code necessarily equates to decentralisation
(DIR) Post #3212655 by clacke@libranet.de
2019-01-21T09:20:04Z
0 likes, 0 repeats
@dirtycommo @aral That's not what it says. It says server-side code equates to centralization.
(DIR) Post #3212712 by dirtycommo@anticapitalist.party
2019-01-21T09:22:28Z
0 likes, 0 repeats
@clacke @aral i don't agree with that either, i don't think that all server side code is necessarily centralism
(DIR) Post #3212713 by alcinnz@floss.social
2019-01-21T09:25:45Z
0 likes, 0 repeats
@dirtycommo Would a good example of this thinking be Mastodon's serverside?@clacke @aral
(DIR) Post #3212763 by dirtycommo@anticapitalist.party
2019-01-21T09:29:24Z
0 likes, 0 repeats
@alcinnz @clacke @aral yeah, precisely, or pleroma's...i don't think the level of personal-computer to personal-computer federation is necessarily the best form of decentralisation.maybe i'm higher up the centralism ladder than y'all though
(DIR) Post #3212826 by clacke@libranet.de
2019-01-21T09:34:45Z
0 likes, 1 repeats
@dirtycommo @aral It depends where one draws the line for centralization vs decentralization. Client<->Server definitely isn't distributed/p2p, as the server is privileged.But then I agree with other commenters that p2p deployed on web servers isn't ideal anyway.p2p where web servers may participate and share public content with anonymous web users and search engines for discoverability however, that's pretty great, as with e.g. viewer.heropunch.io/@iii/pg320….
(DIR) Post #3212876 by clacke@libranet.de
2019-01-21T09:36:03Z
0 likes, 1 repeats
@dirtycommo @alcinnz @aral We got as far as federation, and now we are looking for ways to go further.
(DIR) Post #3213086 by c0debabe@harpy.life
2019-01-20T12:05:13Z
0 likes, 0 repeats
@aral I'm curious to hear your opinion on brutaldon then.
(DIR) Post #3213087 by clacke@libranet.de
2019-01-21T09:49:21Z
0 likes, 0 repeats
@c0debabe @aral If I understand correctly, brutaldon presents a JavaScript-free interface to any Mastodon-compatible instances?If the brutaldon frontend is hosted by someone other than the user or the organization running the instance, using it increases centralization, diffuses information and reduces security.
(DIR) Post #3213091 by Osoitz@mastodon.eus
2019-01-20T12:15:00Z
1 likes, 0 repeats
Wait, aren't you redefining the commonly accepted meaning of "decentralized" to "peer to peer"?🤔
(DIR) Post #3213103 by dirtycommo@anticapitalist.party
2019-01-21T09:37:34Z
0 likes, 0 repeats
@clacke @alcinnz @aral that's cool, i just wouldn't use the internet/web at all for going further
(DIR) Post #3213104 by clacke@libranet.de
2019-01-21T09:51:03Z
0 likes, 1 repeats
@dirtycommo @alcinnz @aral Without the internet I can't talk to anyone outside my apartment, but leaving the web is definitely a good idea for security, and essential for real p2p.
(DIR) Post #3213155 by dirtycommo@anticapitalist.party
2019-01-21T09:37:05Z
0 likes, 1 repeats
@clacke @aral that's cool - where would you draw the line?i am very sceptical about client side code, because browsers nowadays are pretty much geared up towards stealing your data using client side code.there's also the issue that the spectre x86 backdoor can be triggered using client-side javascript
(DIR) Post #3213156 by clacke@libranet.de
2019-01-21T09:56:35Z
0 likes, 0 repeats
@dirtycommo I draw the line at the usual place, between full silo and federation, but I get what @aral is hinting at.I think @unhosted and @remotestorage are interesting ideas in the same direction -- use the web purely for delivery of code and data, and even separate the code and data. It's not p2p, but it does untie you further from the services and allow you to more easily move when there are shenanigans going on.
(DIR) Post #3213237 by clacke@libranet.de
2019-01-21T10:01:30Z
0 likes, 1 repeats
@dirtycommo @aral The way Mastodon and Pleroma separate an API backend from a JS frontend is a kind of informal application of the Unhosted idea, and Brutaldon and other alternative, elsewhere-hosted frontends build on that.The problem I see with it is that you have more parties you need to trust. I would feel more confident getting the frontend from some content-addressable delivery network, and have some assurance about what code I'm actually running.
(DIR) Post #3213241 by alice@bidule.menf.in
2019-01-21T10:03:18.250359Z
0 likes, 0 repeats
@aral Of course a static web page isn't decentralised. Of course JavaScript itself isn't the enemy. Now how is a client running the JavaScript code the server provided it without modifying it doing anything else that running a centralised app ?Are you thinking of WebRTC ? These seem like a pain to use in practice and I really don't know how to connect two peers easily without at least a server to link them, since so many people are behind routers, firewalls etc.What do you mean by «decentralised» ?
(DIR) Post #3213553 by dirtycommo@anticapitalist.party
2019-01-21T10:20:22Z
1 likes, 1 repeats
@clacke @aral that's probably the best answer to my worry - but i really like the idea of computing as political and not personal, where communications are dealt with publicly in the municipality instead of people's private lives. there's no reason to delete people's right to private comms, but i like the idea of publicly elected sysops who are accountable to protect serverside security
(DIR) Post #3213559 by clacke@libranet.de
2019-01-21T10:22:01Z
0 likes, 0 repeats
@dirtycommo @aral Or platform coops.@strypey
(DIR) Post #3214273 by z428@social.tchncs.de
2019-01-21T09:23:05Z
0 likes, 0 repeats
@hankg Possibly yes. Actually I see two reasons why people change that: (a) Supporting multiple platforms (Windows, Linux, Mac) is a pain in a non-web world; a lot of people these days use #electron for that which doesn't seem much better. And (b) If you have an application that requires communication or collaboration features (shared editors, calendars, messaging, ...), having apps that run locally add complexity by potentially having different versions of the same code, some very ... @aral
(DIR) Post #3214274 by Wolf480pl@niu.moe
2019-01-21T10:53:52Z
0 likes, 0 repeats
@z428 @hankg @aral I think a large part of the problems with web and electron apps are because want cross-platform apps.But why do we want that?Why do we insist that every member of a group of communicating people uses the same version of the same app?Why do we want one app's UX to be consistent across platforms instead of all apps' UX being consistent across one user's computer?Why is "app" even a thing?
(DIR) Post #3214481 by z428@social.tchncs.de
2019-01-21T11:00:06Z
1 likes, 0 repeats
@Wolf480pl Because we have limited resources (which makes building various native applications for different systems difficult) and because XMPP: A lot of features need to be supported by both servers and clients. Still I can't reliably send files to both of my XMPP contacts, in example. That just makes things complex and worse from a usability view.@hankg @aral
(DIR) Post #3218999 by aral@mastodon.ar.al
2019-01-21T11:16:11Z
1 likes, 1 repeats
@bob @Tlacaelel Indeed. Like Freedombone ;) But even then, only because you have physical control of it. If your always-on node is to be hosted by a third party, I would limit its functionality solely to the replication of public and/or end-to-end encrypted data and without ever having the secret key. So the always-on node, in contrast to privileged servers on the Web, must be less privileged than nodes you control. At least that’s how I’m designing #Hypha.
(DIR) Post #3219012 by bob@soc.freedombone.net
2019-01-21T11:21:21.152683Z
1 likes, 1 repeats
@aral @Tlacaelel Right. And maybe I should also make this clearer in the documentation. Freedombone is designed for a threat model where the server is located at your place of residence. If it's run within a data center then this could be quite risky, and isn't recommended.
(DIR) Post #3219028 by Shamar@mastodon.social
2019-01-21T11:25:36Z
0 likes, 0 repeats
@aral @bob @Tlacaelel Please, don't do #cryptography in the browser... 😢
(DIR) Post #3219029 by aral@mastodon.ar.al
2019-01-21T12:15:52Z
1 likes, 0 repeats
@Shamar @bob @Tlacaelel If I don’t, we don’t end up building a bridge. Even if we end up building the world’s most amazing wonderland, we do so on an island that only Olympic swimmers can get to.
(DIR) Post #3219099 by aral@mastodon.ar.al
2019-01-21T11:07:25Z
0 likes, 0 repeats
@alvarezp The centralised Web = the web as we know it = client/server with business logic primarily kept on privileged servers.A centralised app is any app, whether it uses web technologies or web delivery or not that relies on centralised nodes to function.The nature of “the Web” is the sum total of the sites/apps on it. Today those apps are centralised. Thus the Web of today is centralised.
(DIR) Post #3219100 by alvarezp@mastodon.xyz
2019-01-21T12:46:45Z
0 likes, 1 repeats
@aral Thanks for the reply. What is a "decentralized Web" then? Is there more information on this concept? The reason I ask is that I don't think client/server == centralized. The fact that anybody can put any content anywhere (even at home) makes it distrivuted. This is the natuee. the fact that it is difficult to do today it is because of IPv4 limitations and ISP abusive policies. However, I am moving more to the nature of "the Internet" instead. I want to read more about this.
(DIR) Post #3223469 by ekaitz_zarraga@mastodon.social
2019-01-21T15:01:10Z
1 likes, 0 repeats
@aral You are supposing only way to make apps is the browser... That's a hardcore assumption imo.I've been thinking similarly for a while but nowadays I try to avoid making web based stuff.In my opinion the problem is the modern web's architecture and our stupid tendency to make stuff on top of it.Why not come back to the standalone desktop/mobile app era?
(DIR) Post #3223477 by aral@mastodon.ar.al
2019-01-21T12:18:23Z
0 likes, 0 repeats
@Shamar @bob @Tlacaelel * and also, possibly, those with yachts.
(DIR) Post #3223478 by bhaugen@social.coop
2019-01-21T13:32:30Z
1 likes, 1 repeats
@aral @Shamar @bob @Tlacaelel In the future, every phone will have its own server. https://www.manyver.se/ is a proof of concept, at least.
(DIR) Post #3223479 by aral@mastodon.ar.al
2019-01-21T16:59:15Z
1 likes, 0 repeats
@bhaugen @Shamar @bob @Tlacaelel SSB and DAT are very close. But the latter is closer to my vision so I’ve chosen to go with that.
(DIR) Post #3223490 by Shamar@mastodon.social
2019-01-21T13:55:02Z
0 likes, 0 repeats
@bob @Tlacaelel @bhaugen I have to decide to give SSB a try. Its coupling with NodeJS is what keep me off. But I guess it deserve a chance anyway.@aral the bridge methaphor doesn't work well here.Even if you manage to build the least exploitative and most inclusive walled garden with #Hypha (which I totally hope you will, really), most people there will still be second class citizens.Like it or not, programmers like me and you will hold most power. We will still be a cast of elected.1/
(DIR) Post #3223491 by Shamar@mastodon.social
2019-01-21T14:02:30Z
0 likes, 0 repeats
@aral The ONLY way to #free people is #education: on one hand we have to build systems that are easy to #hack (aka simple), on the other we must educate people to hack, to be curious, to challenge our assumptions, to break things, to try anyway, to play.Basically, the opposite of "don't make me think" #UI philosophy.The antidote to #SurveillanceCapitalism is to make people #think.To train critical thinking.Give people tools that are simpler to hack than to use.@bob @Tlacaelel @bhaugen
(DIR) Post #3223492 by aral@mastodon.ar.al
2019-01-21T17:07:16Z
1 likes, 1 repeats
@Shamar @bob @Tlacaelel @bhaugen Make people think, sure, but don’t disrespect the limited time and energy they have in their lives. The two aren’t mutually exclusive.https://vimeo.com/70030549http://www.breakingthin.gs/this-is-all-there-is.html