[HN Gopher] RFC 9518 - What can internet standards do about cent...
___________________________________________________________________
RFC 9518 - What can internet standards do about centralisation?
Author : Tomte
Score : 90 points
Date : 2023-12-19 10:36 UTC (12 hours ago)
(HTM) web link (www.mnot.net)
(TXT) w3m dump (www.mnot.net)
| shadowgovt wrote:
| People centralize because centralization solves real problems
| they have.
|
| If we want decentralization, we have to build alternatives as
| convenient and simple as the centralized ones, and that's a hard
| project.
| imiric wrote:
| Right. This is a convenience problem because the web has no
| analogue to the browser for publishing content. If publishing
| content would be as convenient and simple as consuming it,
| there would be no need for users to flock to publishing
| services. Most of the centralized services today simplify
| publishing. Any "community" that forms around them is entirely
| incidental, and in the case of global social media, mostly
| harmful.
|
| I think this is a problem the early web should've solved[1].
| Now that the centralized model is dominant, most people
| wouldn't see a reason to change their habits, even if a new
| solution would be easier and simpler, and not just better on a
| technical or privacy level (which most people don't care about
| anyway).
|
| [1]: https://news.ycombinator.com/item?id=38659814
| quickthrower2 wrote:
| I don't know. Stick everyones data in a single DB and have
| private business logic can do anything decentralised
| protocols can do but not vice versa. At least in respect to
| building the addictive attention seeking experiences that are
| needed for "success".
|
| Decentralized has one advantage though. You choose your user
| agent. For example your browser, your bitcoin client, your
| email client and so on.
| mike_hearn wrote:
| Netscape 4 came with Composer, Windows/Office used to come
| with FrontPage. People had content creation tools integrated
| with their browsers, but didn't use them and so they went
| away.
|
| I think it's because the tools were too un-opinionated and
| unconstrained, so if you wanted to do e.g. a blog then
| generic HTML editors were too much work even though they were
| visual. Also, static content publishing is almost never
| enough. You at least want(ed) search and to understand if
| anyone is visiting, but then you're into the realm of needing
| databases and such.
| imiric wrote:
| > Netscape 4 came with Composer, Windows/Office used to
| come with FrontPage.
|
| Those are WYSIWYG tools only, which besides being a
| nightmare to work with, don't solve the actual serving
| problem. The earliest product that came close to that use
| case AFAIK was Opera's Unite in 2009, but it didn't last
| long. By that point it was already too late, since users
| mostly had asymmetric connections, so serving any type of
| content from their home network was infeasible. (Had the
| web launched with easy publishing tools, ISPs would've been
| forced to offer symmetric connections from the start, and
| this wouldn't have been a major issue.)
|
| > Also, static content publishing is almost never enough.
|
| True, but there's no reason these tools couldn't have
| evolved to allow dynamic content as well. Nowadays we have
| many different approaches that could make this possible,
| cobbled together from bits and pieces of native and
| alternative web technologies. Centralized services do make
| this easier, and who knows, we might've settled on them
| anyway, but I believe the general perception about user
| data would've been much different for the better had these
| tools existed from the start.
| idle_zealot wrote:
| >as convenient and simple as the centralized ones
|
| I don't think that's sufficient. Take Mastodon for instance.
| The user count surged recently, demonstrating that it's not
| actually difficult to adopt or use as a Twitter alternative.
| But people tend to prefer algorithmically-driven social media
| that's optimized not to give them agency, but to be maximally
| attention-grabbing and sticky. The centralized and profit-
| motivated product is _worse_ in the sense that it wastes more
| of the user 's time and makes seeing the things they've
| explicitly followed more difficult, but that particular kind of
| "worse" by design is more popular. I don't really have a
| solution to propose here, just want to point out that sometimes
| the worse option wins by virtue of being worse, so being "as
| convenient and simple", or even being better is not always
| enough to attract people.
| quickthrower2 wrote:
| It took some really bad stewardship of Twitter to cause those
| surges!
| myaccountonhn wrote:
| People also adopted email without fail.
| j4yav wrote:
| Things used to be decentralized well when I think back to the
| early days of the internet. When I think about why, its because
| links were expensive or unreliable - what centralization brought
| was a kind of predictability and ease of use. The challenge for
| new decentralized systems to address I think is to offer a
| similar level of convenience as the centralized systems. Just
| being decentralized doesn't seem enough.
| dijit wrote:
| Granted I've not lived long enough to have witnessed the birth
| of the internet with adult eyes; what I have personally
| observed is a constant battle of centralisation and standards
| forming.
|
| For a common example that many people may remember, AOL was at
| one point pushing towards a centralised model and was
| succeeding- until they completely collapsed and the open web
| resumed being a thing.
|
| Similar for the times where there were no standards on video
| playback on the web, a bunch of companies competed with
| completely incompatible systems that had various pains
| associated until eventually standards emerged that sunk the
| majority of it. (ironically one of them with a healthy helping
| from Apple).
|
| The web was never really decentralised - it's a fond memory and
| a legend we tell ourselves, this battle seems to been waged
| from almost immediately after it was conceived.
|
| I found a much more articulate article on the matter while I
| was writing: https://archive.is/UUgl7
| j4yav wrote:
| I was there, AOL was certainly not the internet. It's an
| interesting article but it seems to cherry pick a bit. AOL
| was like a huge BBS that gave its users a limited portal into
| the internet, and only on a very limited basis starting in
| 1993. They never really had proper access as far as I know,
| and for those of us not accessing through AOL things worked
| perfectly fine and I never accessed anything through or
| hosted by AOL.
|
| I'm not really sure how to convince you in the end, but it's
| funny now hearing my own experience was only a legend. I feel
| like I've achieved something and need a plaque indicating
| I've successfully moved into some new life phase.
| eropple wrote:
| _> They never really had proper access as far as I know_
|
| Yeah we did. So long as you had AOL connected, normal
| socket-y stuff worked fine. It's how I learned.
| j4yav wrote:
| Nice, good to know they eventually added it.
| marginalia_nu wrote:
| I'd put a lot of fault with the internet search and discovery
| mechanisms, that almost all favor popularity based mechanisms.
|
| This works well in a vacuum, but as they start to direct traffic,
| they feed into themselves to increase the popularity of whats
| popular, and obscurity of what's obscure; and inevitably create
| an extreme Pareto distribution where the Internet seems to
| consist of only a handful of different services.
| spiritplumber wrote:
| The easy fix would be to do something familiar to genetic
| algorithms - fish out things that are unpopular at random and
| give them 10% of results. On facebook or the like, do that for
| things that people DON'T want to see (conservative content for
| a progressive, for example).
|
| This doesn't require a substantive change to the existing
| algorithms, so it shouldn't break (many) things.
| spacebanana7 wrote:
| Couldn't that upset users?
|
| Leading them to other platforms or installing ad blocker like
| solutions to avoid unwanted content.
| spiritplumber wrote:
| Yes, but it'd also make results more meaningful AND maybe
| reduce the opaqueness of bubbles. I'm guessing it would be
| a balancing act.
| quickthrower2 wrote:
| All this is shadowed by the SEO industry. What small sites
| have in their favour is the long tail of new keywords. In
| tech there are a lot of them. I had a blog that came up in a
| colleagues search results, I checked and I was place 20 for a
| decent keyword. I don't so SEO so there is hope for the
| little guy!
| thfuran wrote:
| >fish out things that are unpopular at random and give them
| 10% of results. On facebook or the like, do that for things
| that people DON'T want to see (conservative content for a
| progressive, for example).
|
| I don't think that's nearly as easy a fix as you suggest.
| Sure, some political views may have reasonable opposing
| views, but the other side of the story when trying to look up
| the history of the measurement of the diameter of the earth
| is probably flat earth garbage.
| spiritplumber wrote:
| That's already happening. OTOH, people who are only ever
| exposed to flat earth garbage (or, let's say, young earth
| creationism, or homophobia) might get a glimpse of what the
| real world looks like, and look into it.
| hobofan wrote:
| Standards bodies like IETF and the W3C also play a crucial roles
| and are in some aspects the worst offenders when it comes to
| promoting centralization via standards. So seeing an RFC that's
| the product of multiple layers of centralization talk about that
| topic seems very ironic.
|
| They do address this in the RFC, but only briefly and I don't
| think to a sufficient enough extent.
|
| If you want to get rid of centralisation one of the most
| effective things to do is ignoring standards bodies. Of course
| that may be detrimental to end-users in other ways (e.g. non-
| iteroperability).
| robertlagrant wrote:
| Isn't interoperability how we get decentralisation?
| fidotron wrote:
| The big problem is people have been trained to think that
| centralized authority is a necessary precondition for security.
| Just look at the state of browsers gating access to APIs for
| sites on local sub networks. We have created a two tier WWW.
|
| But the security concerns are not without basis, yet doing things
| like coming up with a secure replacement for mdns is not exactly
| aligned with the interest of organizations that want all
| information to go via the cloud, and they will fight it tooth and
| nail.
|
| As tech people we really should put our money where our mouths
| are on this and stop using github, and in doing so fix the pain
| points.
| robertlagrant wrote:
| > The big problem is people have been trained to think that
| centralized authority is a necessary precondition for security.
| Just look at the state of browsers gating access to APIs for
| sites on local sub networks. We have created a two tier WWW.
|
| Most people wouldn't in any way think like or even about this.
| Which people do you mean?
| Geisterde wrote:
| Every single person that thoughtlessly backs up their data to
| cloud storage, so basically everyone outside of a few weirdos
| like us.
| maccard wrote:
| > Just look at the state of browsers gating access to APIs for
| sites on local sub networks.
|
| Given we're on HN I think it's fair to nitpick a bit - what do
| you mean here? What API are you accessing through a browser? If
| it's a control panel or something through an API, you can
| install a cert into the browser, or get a wildcard cert signed
| for a local domain.
| quickthrower2 wrote:
| Github for work is so productive though! At home yeah just use
| git and have a backup and you are done.
| znpy wrote:
| Gitlab is as productive if not more, without the need to be a
| central authority
| eropple wrote:
| GitLab is fine-I-guess, we use it at work--but at home I
| use GitHub and self-hosted runners because GitHub Actions
| is great and GitLab CI isn't nearly as comfortable to use.
| And I don't want to host GitLab _and_ another CI, which
| also involves learning a third CI platform other than the
| one I use for work and the one I like.
|
| GitHub Actions turns out to be maybe the best CI out there
| these days for low-friction, get-it-out-there stuff, and
| there's probably a lesson or three to be learned in there
| too.
| indigochill wrote:
| > As tech people we really should put our money where our
| mouths are on this and stop using github, and in doing so fix
| the pain points.
|
| Github is (in my mind at least) just one manifestation of this,
| but yeah, I host my own Forgejo (a fork of Gitea) instance for
| personal projects. Also trying to get the company to switch to
| Gitlab (especially since I strongly prefer its CI/CD to
| TeamCity), but I'm against a lot of organizational inertia
| there so that's not really a fight I expect to win.
| m3047 wrote:
| > The big problem is people have been trained to think that
| centralized authority is a necessary precondition for security.
|
| I think that's inverted, but not in the way that you think it
| is inverted. I think the map that fits looks more like
| centralized authority builds the systems that serves its needs
| (and they're identifiable as such because they were built by a
| centralized authority with no inclination to hide its efforts,
| and maybe even incentives to advertise them).
|
| I'd like to know more about this though:
|
| > Just look at the state of browsers gating access to APIs for
| sites on local sub networks. We have created a two tier WWW.
|
| Because I don't see it (the first part). I don't agree wholly
| with the second part either, because I do defense in depth and
| I don't entirely trust my own network. But barring those
| measures / tastes yes there would be two classes of services,
| internal and external. This is pretty old school, along with
| the DMZ third wheel.
|
| So what do you mean by that?
| danbruc wrote:
| Nobody cares about [de]centralization, for more than 99 % of all
| internet users it does not matter whether the internet is the
| internet or a single server sitting in someone's basement. They
| want to use services - chat, write mails, watch videos, have a
| website, buy stuff, sell stuff - not run infrastructure of any
| kind. So nobody is going to have their own servers, they will all
| use existing services. And because it is easy to switch, everyone
| will be using the best - for some definition of best, could be
| easy to use, cheap, functional, ... - service and everyone else
| will go out of business. That also makes the internet simpler,
| there is one place for one kind of service and everyone else will
| also be there. And this does not only apply to end-users, the
| move of IT into the cloud is fundamentally the same thing, nobody
| wants to run the infrastructure.
|
| You can maybe argue that everyone has their preferences wrong and
| they are hurting themselves in the long run, but good luck
| fighting that battle.
| linuxandrew wrote:
| I do agree that 99% of users don't want to run infrastructure.
|
| I think there's a difference between Fediverse-style
| federation/decentralisation and true P2P/BitTorrent-esque
| dectralisation. BitTorrent, in its current iteration, does have
| many semi-technical users, but perhaps your grandparents would
| struggle to use it. I think a much more friendly UX could be
| built; maintaining its decentralised properties would be more
| difficult but not inconceivably so.
|
| I actually think transparent decentralisation is possible but
| the current policy settings (copyright, surveillance and
| advertising) somewhat disincentivise people from working on it,
| to the extent that most of the current projects are hobbies,
| crowdsourced or funded by research grants.
| the8472 wrote:
| They don't care when it works. Then they get locked out of
| their google account and lose a lot of things at once and only
| have few alternatives to choose from and may return google yet
| again due to lack of choice.
|
| > You can maybe argue that everyone has their preferences wrong
| and they are hurting themselves in the long run, but good luck
| fighting that battle.
|
| That battle has been won many times. We don't let people run
| blind into open knives in many contexts.
| danbruc wrote:
| I mean there is of course a way to fight and win that battle
| and it is regulation, write things like interoperability and
| data portability into law and enforce it. I was more thinking
| of things that can be done without enforcement in the initial
| comment.
| idle_zealot wrote:
| >write things like interoperability and data portability
| into law
|
| This would be nice for sure, but I think the solution could
| be even simpler than that. The only successful way these
| centalized service platforms have managed to monetize is by
| gross privacy violations in support of pervasive
| advertising. Strong privacy laws would essentially outlaw
| their business models and leave a hole that a network of
| decentralized hobbyist services would fill.
| ajsnigrutin wrote:
| > And because it is easy to switch, everyone will be using the
| best
|
| But it's not easy to switch.
|
| E-mail was easy to switch "back then", when you didn't have a
| bunch of accounts tied to them. IRC was easy to switch, because
| most of the servers were interconnected into a few large
| networks, and all the clients used the same protocol.
|
| And now? Your grandma only knows how to use whatsapp? Well,
| you're not switching away from that, and facebook is getting
| all your data.
| danbruc wrote:
| You are not switching away from WhatsApp because that is what
| everyone is using, not because it would be harder to use
| Signal.
| ajsnigrutin wrote:
| But it's not 'everyone', it's just grandma. Auntie is using
| Viber. Grandpa from the other side is using google hangouts
| (chat? something). And your cousin is using telegram.
|
| https://www.similarweb.com/blog/research/market-
| research/wor... Just look at the map of most popular
| messengers worldwide, it's not just one.
| danbruc wrote:
| For most people it does not matter what people are using
| at the other end of the world, they will use the locally
| dominant platform.
| Tomte wrote:
| Most people don't have friends on other continents. At
| least for Germany I can confidently say that there is
| nothing (except rounding error) besides WhatsApp. No
| matter the demographic.
|
| I have never experienced a debate which messenger to use,
| and I have joined about twelve study-related group chats
| over the last two years. Same for personal messages. Some
| people have Signal or Telegram installed. After two or
| three messages for the novelty factor, everybody is back
| on WhatsApp. Because that app is open all the time.
| RamblingCTO wrote:
| When I was at uni for CompSci we had those discussions.
| Including the odd ball with sms-only phones. We also had
| threema and signal, none of which prevailed.
| ajsnigrutin wrote:
| I live in slovenia, and have instagram, whatsapp, viber
| and telegram for "normal people" who only have one of
| those (and can't be reached elsewhere), I can't reach
| some people (besides sms/call),because I don't have
| facebook (messenger). Also i have a few relatives using
| skype only, those are a pain, because the client sucks.
| yesco wrote:
| My friends used to use a mix of iMessage and Facebook
| Messenger, while my extended family relied mostly on
| Facebook Messenger + SMS.
|
| I didn't like this, I didn't have/or want an iPhone,
| meaning I was excluded from certain iMessage groups and I
| hated using Facebook so I was implicitly excluded from
| discussions via Facebook Messenger. Most of my
| communications were over SMS as a result, so not ideal
| for my social life.
|
| Seeing this as a problem I researched alternative message
| apps that had feature parity with iMessage, I figured any
| attempt to get people to switch would fail if I couldn't
| get this much. I also decided to bank on the latent
| frustration people had with Facebook, the company,
| meaning I had to scratch WhatsApp off the list.
|
| I ended up with Signal vs Telegram. Telegram had the
| sleekest interface and good feature parity with iMessage.
| While Signal fell short feature wise, it supported SMS
| (at the time) and some of my friends were interested in
| it from a privacy angle.
|
| Ultimately I decided to be realistic, so I scratched off
| Signal and chose Telegram. The goal was to get _everyone_
| to switch not just a few who were "interested", so
| feature parity had to stay the priority, privacy be
| damned. My pick was very important because I figured the
| likelihood of a successful migration would decrease with
| each attempt I made.
|
| Finally having made my choice, I consulted 1 on 1 with my
| individual friends and family members who usually
| organize events, and convinced them to install telegram +
| join my premade group chats. I then nagged them to notify
| everyone that all event planning would now be via
| Telegram and that everyone needed to install it now. I
| think the Telegram invite link really helped grease the
| wheels here.
|
| Finally after setting the stage with that, I individually
| convinced each friend and family member 1 on 1, via a
| call or in-person, to install Telegram and join the new
| group chats. I made arguments such as: It would unify our
| communication under the same platform and make everyone's
| lives easier, we can use Telegram surveys to more easily
| schedule stuff, it has all the same features as iMessage
| + more, _I already got X and Y to join so I really don 't
| want you to be left out_, I can help you install it, etc.
| I found it was important to take full initiative during
| all this.
|
| Finally, in only a few days I got two distinct groups
| migrated onto Telegram. We have continued to use it for
| 2-3 years now so it's safe to say the migration stuck.
| The only one who I couldn't get to join was my cranky
| uncle who wanted signal instead (first I had heard of
| this from him), but his wife joined so it didn't really
| matter anyway, he is simply excluded from discussions
| now.
|
| So ultimately, you can get people to switch if you put
| the work in :)
| Tomte wrote:
| > Finally having made my choice, I consulted 1 on 1 with
| my individual friends and family members who usually
| organize events, and convinced them to install telegram +
| join my premade group chats. I then nagged them to notify
| everyone that all event planning would now be via
| Telegram and that everyone needed to install it now.
|
| So nobody but you ever got a say, it was all "me me me".
| You sound insufferable.
|
| I can assure you, your acquaintances still use whatever
| they used before, and Telegram is the "weird person
| messenger" now.
| yesco wrote:
| What a really nasty thing to say, I was genuinely
| offering advice to you on how to negotiate with people
| you should _already be getting along with anyway_.
|
| I can assure *you* that my _friends_ , not a
| "acquaintances", are much happier using Telegram than
| they were planning everything over a soup of Facebook
| Messenger and SMS. If I had it my way we would all be
| using IRC or Signal, but my compromises to ensure feature
| parity with iMessage was out of an understanding of what
| _everyone_ desired, which was the core of what I was
| trying to get at here but I guess you missed that, not
| that I 'm surprised considering your shitty attitude. In
| truth an insufferable person simply would not be capable
| of convincing 18 different people to switch to a new
| messaging app, no matter how badly they nagged them.
|
| Many of my friends have actually thanked me for fixing
| the situation since it has greatly improved our ability
| to make plans and hang out together, which is a tricky
| thing to do in adult life where everyone is on different
| schedules. But sure I guess my desire to improve how me
| and my friends communicate makes me selfish huh?
| mratsim wrote:
| Email is worse than that, running your own mail server means
| pleasing Google and Outlook to accept your email. And you may
| also have to pay to get out of blocklists turned
| extorsionists.
|
| Actually it examplifies what goes wrong when an
| infrastructure monopoly is created.
|
| Also IE6.
| denton-scratch wrote:
| > pay to get out of blocklists
|
| Only a sucker would do that. Google, Yahoo and Hotmail, the
| providers of nearly all email addresses, don't rely on
| public blocklists. Those are very much a noughties thing.
| nradov wrote:
| Right so to get users to switch you need to invent a new mode
| of communication. We have had postal mail, telegraph,
| telephone, fax, email, and instant messaging. What's next?
| Find an opportunity for disruptive innovation in
| communications that isn't already dominated by established
| competitors.
| lynx23 wrote:
| While we are so damn real, it is the same with climate change.
| 99% of people dont care if the product they buy have bad CO2
| emission stats or not. All they care about is the product, the
| price, and the use they want to put it to. Nobody really cares
| about the rest. If you can buy it in a store, people will do
| so.
| flir wrote:
| I'll go a step further: any theoretical benefit that
| decentralization has (except ownership) can be emulated by a
| centralized architecture.
|
| That said, I'm looking forward to reading this RFC when I get a
| chance. I hope there's some good ideas in it.
|
| I think we're heading for a two-tier internet, though, in many
| ways. Look at the post yesterday about a facebook drenched in
| AI-generated dog sculptures.
| austin-cheney wrote:
| This has never proven true in practice. There is so much
| people are not willing to communicate when third parties are
| present. This is why the behaviors and availability of
| features are wildly different on closed networks versus the
| web.
| michaelt wrote:
| _> any theoretical benefit that decentralization has (except
| ownership) can be emulated by a centralized architecture._
|
| One thing decentralised designs are much better at is:
| turning a blind eye to stigmatised and illegal activities.
|
| Such as pornography, piracy, reproductive rights, gun rights,
| criticism of the Chinese government, and so on.
| flir wrote:
| I think that's a second order effect of ownership.
|
| You'll bring the same heat down on yourself (eventually) if
| you use a distributed protocol but rent your server from
| Amazon. Therefore I think it's ownership of the hardware
| that is the defence against censorship, not the protocol
| you use.
| Waterluvian wrote:
| I feel the 99% part is important to repeat regularly among tech
| savvy groups: we are the fleetingly small exception. Most users
| don't know and don't care when it comes to the technical merits
| of implementation.
| mattwilsonn888 wrote:
| Decentralization is about enabling builders - users get the
| indirect benefits which follow.
|
| What you have done is justified 'everything under the sun' so
| long as it technically operates in a free market. But the
| ability for users to switch does not guarantee that the
| incentives to _compete_ are at all healthy or robust.
|
| You are correct when you say centralization affects users
| indirectly and they will simply use services which are most
| immediately convenient. But competition is not giving users
| much benefit because every centralized service has a monopoly
| on their instantiation - it's not like you can make a few
| tweaks and give everyone a moderately better experience - you
| have to start from scratch and make yet another siloed and
| extractive platform for any and every improvement. And then if
| you do they can easily copy you back before you build a
| fraction of their momentum.
|
| X isn't going to let you improve the experience and just take
| users; they're going to say: "Have fun building up user trust
| and security infrastructure - also you're never getting our
| users." That's the difference between a protocol and a
| platform. The reason companies build platforms is because they
| need to fund infrastructure and opsec at scale so they
| effectively need to build monopoly protocols i.e. 'platforms.'
|
| So "switching is easy" is meaningless. Building successful
| competing platforms is, by design, very difficult; it takes
| large investments and huge risks and a lot of rebuilding what's
| already been done just for the sake of catching up to platforms
| who have obvious incentives and built-in methods to discourage
| competition via their tight, centralized structure. Even if the
| platform is better, it will probably fail relative to its
| predecessor.
|
| Decentralization most directly helps _builders._ If the basic
| requirements of a service are sufficiently decentralized
| security, networking, front-ends, then a builder who wants to
| compete via small (or any sized) improvements *does not need to
| rebuild the entire service.* Small builders who would otherwise
| not have access to startup capital, risk tolerance, or
| excessive build-hours would be equally able to compete because
| their decentralized access to the basic requirements cannot be
| locked behind an extractive economic scheme.
|
| Imagine every talented programmer making open source software
| could leverage it atop secure, robust and interoperable
| networks. And they could earn money from it.
|
| There is a massive difference between being a passive proponent
| of the free market and a maximalist for market competition.
| Your justification for the state of the field is a passive
| retreat to free-market capitalism. Users certainly have the
| ability to choose, but there are all sorts of schemes and
| situations in a free market where competition is choked. Honest
| proponents of decentralization are maximizers of opportunities
| for competition - they recognize that the free market is a
| gradient and not some binary quality which automatically imbues
| every operation inside it with good accountability.
| mike_hearn wrote:
| I worked on Bitcoin in the early days, and developed
| decentralized software and protocols as part of that. I also did
| most of the design on an "enterprise blockchain" system later
| which is basically (in my view) a peer to peer database run by
| competing 'frenemy' businesses, i.e. with mostly untrusted nodes.
| So I feel like I have a lot of practical experience in this
| domain.
|
| The RFC is decent enough. It's moderate and reasonable, and cites
| Marlinspike's "ecosystem is moving" essay which is a very
| important piece of thinking in this space. I'm not a fan of the
| RFC's friendliness towards regulation. Governments often achieve
| the opposite of what they want when they try to regulate the
| internet, and they don't care about centralization at all or in
| fact prefer it because it makes it easier to engage in control
| when there are only a few big players vs thousands of smaller
| players (see how modern EU regulation is explicitly targeted only
| at "very large platforms" and ignores the rest).
|
| But the RFC lacks specific suggestions. For engineers who want
| _concrete_ and achievable ideas that can be worked on with
| minimal cost, here are a few I 'd pick:
|
| 1. Support IPv6. Getting flat end-to-end routing working again is
| one of the lowest lift ways to improve decentralization on the
| modern internet, in both obvious ways (reducing CGNAT) and less
| obvious ways, for example it's conceivable that Android could be
| extended to support socket activation. That would allow apps to
| bypass push notification and centralized reflectors in some
| cases. I'm not sure how commercially strategic push services are
| to Apple and Google these days - it costs a lot of money and it
| was revealed recently that governments are wiretapping supposedly
| e2e encrypted messengers by grabbing the push messages. So whilst
| I doubt Apple would allow it, in theory someone could write a
| patch for Android to enable it and contribute it upstream.
|
| 2. Support confidential computing. A lot of centralization
| happens because we need a program to be run on a server somewhere
| to do something sensitive, which means we need to trust the
| server operators (cloud+admins). So we gravitate towards big
| brands that everyone can agree on, like AWS. Confidential
| computing lets client apps (phones, desktop apps, less easily
| also web apps) to verify the server they're connecting to is
| untampered with and running the expected software. It takes cloud
| and root out of the trust equation, meaning you can in theory do
| things like have a P2P network of anonymous operators who offer
| their services without needing horrifically complicated and ad-
| hoc app specific cryptography. The tech works today, but very few
| people are aware of it or use it, and it's not integrated well
| into our tech stacks. But it should be!
|
| 3. Write smartphone, tablet and desktop apps. Web apps are
| inherently very centralized. The name of the app is conflated
| with its hosting location, browsers practically force you to
| delegate most of the app's work to the server, and user data ends
| up tightly bound with the operator and implementation. You can't
| even do tricks like confidential compute with them really,
| because browsers don't understand the remote attestation
| protocols. If you write client-side apps you can dodge all those
| problems and loosen the bindings between user data location,
| software distribution location and compute location.
|
| Still, you have to be realistic. After some years I realized that
| centralization happens because decentralization is in some sense
| like communism. If you take away ownership over private property
| then people lose the incentive to improve it. It becomes a
| commons and the usual tragedy follows. Centralized services are
| private property, and so the owners make sure they are well kept
| and improved. Also private property and profit is mentally
| grounding - projects that lack these things have a habit of going
| crazy and losing interest in what users actually want. These days
| I'm not quite so interested in pure open source p2p systems
| anymore because of that problem, but there's a lot of scope to
| find interesting corners where private property can be combined
| with more decentralized implementations. After all, Office 2000
| was owned by Microsoft yet still much more decentralized in
| practice than Office 365.
| _heimdall wrote:
| > After some years I realized that centralization happens
| because decentralization is in some sense like communism. If
| you take away ownership over private property then people lose
| the incentive to improve it. It becomes a commons and the usual
| tragedy follows.
|
| Its really interesting to me that this was one of your
| takeaways, I actually would have seen it the other way around
| but haven't worked in the space nearly as much as you have.
|
| The way I see it, centralization of the internet is the analog
| to communism and the argument for it would be that the internet
| and the services we use every day are so vital to daily life
| that one authority needs to own it to make sure everyone has
| access. In that view, decentralization would lead to things
| being poorly maintained and abused for selfish gain.
| Centralization (communism) would benevolently protect the
| common resources on everyone's behalf and make sure those
| resources are fairly made available to all.
|
| From that angle, centralization of the internet is likely to
| follow the same road as historic examples of communism. We
| would see corruption, censorship, and power/money being
| syphoned off to the few in charge. That sure does feel like the
| centralized internet we have today.
| mike_hearn wrote:
| I was referring to theoretical communism, the one where
| there's no private property for real, where everything is
| communally managed. Perhaps anarchocommunism is a better
| term. Tragedy of the commons gets the issue across just as
| well. In practice communist countries were highly
| centralized, agreed. All property was the private property of
| the state.
|
| _> benevolently protect the common resources on everyone 's
| behalf_
|
| A resource is too abstract a notion. The things we're talking
| about here are services which can adapt and improve. In his
| essay, Marlinspike was trying to communicate that you can't
| federate or decentralize because "the ecosystem is moving"
| i.e. your centralized competitors are innovating and you have
| to keep up with them or ideally even exceed them. Mere
| protection here isn't good enough, it requires active change
| that may upset some stakeholders. Collectivism fails here
| because of its totalizing nature: there's one of everything,
| which is theoretically at least communal property. But then
| you have to please everyone, so the only changes you can make
| are the ultra-low risk ones and because you often don't know
| the risk, in practice that means you're forced to simply
| clone what is observed to work elsewhere. So you end up
| permanently behind and with time it gets harder and harder to
| keep up.
|
| With competition that's less likely to happen, because
| there's an incentive to take risks and do things that may
| upset some existing users, if you think it'll please even
| more people who aren't your users today.
|
| This is a core tension that appears whenever people talk
| about decentralization. It's the way the Bitcoin community
| lost the plot as well. Some people interpret it to mean "one
| universal totalising system which is collectively owned".
| Other people interpret it as "an interoperable system of many
| competitors that can innovate and diverge from each other
| when needed".
| _heimdall wrote:
| Totally fair.
|
| What Moxie argues for in that essay is effectively a setup
| where the service and data are centralized but importantly
| the control/power is kept out if the central authority as
| much as possible.
|
| I can definitely see an argument there for that centralized
| model being akin to theoretical communism.
| ThinkBeat wrote:
| IRC, UCCP, NNTP Are in various ways all distributed
|
| SMTP, HTTP, FTP, Telnet, SSH, SFTP,Finger Are all relatively easy
| to self-host. and it used to be frequently done.
|
| We have plenty of protocols to use already, and we have had them
| for a long time, that is not the problem.
| california-og wrote:
| Can you explain or give advice on how one would self-host?
|
| In my country none of the main ISPs offer static IPs. They're
| only available to businesses.
|
| Self-hosting with a dynamic IP seems difficult if not
| impossible. There are some dynamic DNS services but that kinda
| defeats the self-hosted part.
| tenebrisalietum wrote:
| > Self-hosting with a dynamic IP seems difficult if not
| impossible
|
| You just need something on your network that monitors your IP
| and updates your DNS when your home IP changes. "Dynamic DNS
| Update Client" yields results in Google that will be a good
| start to understanding.
|
| > There are some dynamic DNS services but that kinda defeats
| the self-hosted part.
|
| No, selfhosting at home doesn't mean you have to host a
| public DNS server. You will definitely need some external DNS
| pointing to your home network. There are multiple free
| providers.
| _factor wrote:
| You will still need a static IP for SMTP. Dynamic IP
| assignment and NAT traversal are the largest hurdles to
| self-hosting reliably. DNS updates are great, but then
| you're still relying on a large centralized DNS provider.
| You can host nameservers yourself, but then you're back to
| the Static IP issue.
| billpg wrote:
| I tried this two decades ago. We just had broadband for the
| first time and I installed some web service application on my
| Windows PC. My ISP had what appeared to be a static IP so I
| manually set up a free DNS service with that IP. The
| experiment didn't last long enough for the IP to change but I
| did learn it did because long after I took the service down,
| my domain was pointing to someone else's IP.
|
| It what I now realise was a bad idea, I was writing code by
| web server code using C with CGI. I was supposed to use Perl,
| but I didn't want to spend time learning that as I already
| knew C.
| jongjong wrote:
| One of the things that bugs me is the design of the current DNS
| system which is currently extremely centralized and under the
| control of a small number of organizations. It's ridiculous that
| nobody can truly own a domain name and instead, we're all just
| renting them and renewing them and have to keep forking over
| money.
|
| I really like the concept of Unlimited Domains which lets you buy
| and own domains forever but I'm wondering why browsers don't
| support them broadly as an alternative. Blockchains are optimized
| for high-availability and therefore, that makes them ideal for
| the DNS use case where you want lookups to be free. Also, it is
| acceptable for updates (e.g. ownership changes or changes to the
| 'zone file') to incur a cost that is proportional to the
| utilization of the network for that purpose; it would guarantee
| that each update action would incur the lowest price possible.
| teddyh wrote:
| DNS isn't centralized; it's _federated_. I mean, just because
| there's an ISO and a UN does not mean there is a single world
| government.
| goatmeal wrote:
| I had heard of ENS but yesterday I discovered that SNS is more
| affordable so I tried it out. now you can type
| gushinggranny.sol into Brave browser and it redirects to my
| peertube instance. SNS has A records too but I have not tried
| it yet. I am grateful to see that Brave browser is so forward
| thinking to support a decentralized DNS right out of the box
| and I am grateful to have found a usecase for NFTs that isn't
| completely stupid.
| Geisterde wrote:
| I believe we need creative thinking for a decentralized DNS,
| though im not of the belief it would be incentive compatible to
| do so on a blockchain. ENS and similar systems are a neat
| parlour trick, but as a simple example, whos paying the bill
| for storing and serving that data to users? How does your
| client know that the data you are being fed isnt just a DNS
| injection? You could use POW to validate the authenticity, but
| then data creation must be throttled to maintain high enough
| fees. You could use proof of stake, and find DNS more
| centraluzed than ever.
| xoa wrote:
| I don't see it mentioned yet, but I think it's pretty important
| to address that centralization goes far, far lower to the most
| basic Layer 1: asymmetric (ie, centralization promoting) WAN
| links, stickiness of IPv4, secure trust foundation, maybe DNS or
| other equiv, and lack of IP auth or otherwise core level
| mitigations for DDOS. These are core foundations, and whatever
| the internet standards above it's much harder when the
| foundations are shakier.
|
| 1. To the first, for a solid stretch of decades, WAN links in
| much of the world that might otherwise have supported more
| decentralization have been tilted towards consuming from the
| center vs providing anything oneself, and of course just
| fundamentally stagnating as well at the impetus of powerful
| monopolies and regulatory capture. Until a few years ago I had
| the exact same 5/1 ADSL link I'd gotten in I think 2000 or 98/99.
| It was really something at the start, and I was able to run some
| fun stuff of it. 5, 10, 15 years later? Not so much. The US in
| particular put hundreds of billions into promises of big fiber
| networks, which then instead got used to just consolidate and
| profit. Cable and big telecoms are still fighting tooth and nail
| to prevent efforts like municipal fiber. But once you have
| symmetric 100/1000 or more, an extremely reliable, sudden a lot
| of new possibilities open back up again. Of course in those
| decades a lot of effort has naturally gone into centralized
| efforts because what would even be the point of designing for
| something without much potential user base because said users
| were stuck on crap connections either slow period or with decent
| download but utter garbage upload? So the ecosystem isn't where
| it might be on that front either, even though it's decent for
| more technical users. But I don't think we should forget just the
| most fundamental issue that if you want to serve bits in 2023
| doing so at .5/1/2 Mbps with mediocre latency is pretty limiting.
| Lifting that isn't sufficient but it is necessary, even if the
| decades of mindset and ecosystem will lag.
|
| 2. To the second, I did at least get in early enough that I could
| still get, for free (as it should be), a static public globally
| routable IP address. That has also been a major boon even back
| when I was stuck sipping through a narrow straw. It's hard to
| internet if you can't do the inter part. Workarounds to
| coordinate via an IP elsewhere of course exist, but it's an extra
| layer vs "hey I can just talk directly home (or barn or office)!"
| IPv6, despite its flaws, should help bring that part back as
| well, but the flaws and slow adoption have also delayed things.
|
| 3. To the third, how to authenticate is a perennial problem of
| decentralization efforts. If we at least had universal, highly
| reliable fully trusted secure DNS, preferably with better
| registrar governance as well, then that would be a somewhat
| practical way to bootstrap something. I could put my own domain
| restricted root CA public cert in DNS, and everything could then
| just trust all certs issued by it for that domain only at a basic
| level and it'd all just work. Add a few cross signing options and
| an ecosystem for turn key CA management appliances into the mix
| and it's possible to envision something pretty approachable that
| would at least match and slightly exceed everything Let's Encrypt
| offers. That's another sandy foundation that really stings.
|
| 4. Finally, if everyone has decent pipes, and was running in a
| decentralized manner, there is of course the potential for more
| and even bigger DDOS. It would be helpful if there were standards
| for all the various tiers of operator from core straight back to
| residential ISP so that attacks could be automatically reported
| and followed right back out the stack to whatever WANs worldwide
| were involved and cutting them right there, or at interconnects
| for ISPs who wouldn't comply. Having to layer in providers like
| Cloudflare, however hard and nicely they work, has papered over
| it but remains suboptimal. Granted, this doesn't hurt dark/gray
| types of decentralization, where rather then decentralizing
| services or communications to the world one is doing it to other
| trusted networks exclusively. And that's definitely still very
| useful.
|
| I'm sure there's others, but at the very least continuing the
| fight for a really good physical layer seems pretty critical to
| me.
| throwawaaarrgh wrote:
| For one thing, stop cargo-culting? "Centralization" is a vague
| term that isn't inherently bad. Use specific terms, identify
| specific problems, and it'll be easier to find solutions for
| them.
| teddyh wrote:
| Maybe, but what you propose sounds a bit like the US attitude
| that monopolies aren't inherently bad, only everything it leads
| to.
| throwawaaarrgh wrote:
| Proposing specific terminology means monopolies are good ?
| majewsky wrote:
| > "Centralization" is a vague term that isn't inherently bad.
| Use specific terms, identify specific problems, and it'll be
| easier to find solutions for them.
|
| Thank you for reading the RFC and succinctly summarizing its
| main thrust.
| rcbdev wrote:
| One aspect of this that independent site admins often have to
| deal with is CSAM filtering. Many jurisdictions require it in
| some form but by definition you can't "roll your own" automated
| solution because how could you? Centralized solutions like
| PhotoDNA are not available to most people.
|
| With most other things I can see open source solutions
| prevailing, with this I can't. This will likely be the thing
| killing the decentralized Internet of ye olden days for good.
| goatmeal wrote:
| it's prohibitively expensive to access these tools. I have to
| identify myself and pay over PS1000 to be allowed to access
| them. the agency either doesn't care about independent sites
| catching CSAM or they don't want independent admins finding out
| that these tools aren't very effective. alex gleason the
| fediverse dev tried contacting them about this problem and they
| didn't care at all.
| moolcool wrote:
| I wanted to set up a security camera to watch my pets when I was
| gone. The only requirements were that it had to have iPhone app,
| and I wanted the video to stream from my home network and not be
| funneled through a cloud provider. I couldn't find anything that
| did what I wanted, beyond a bunch DIY solutions which I did not
| have the time or energy to implement.
| djha-skin wrote:
| It is my opinion that there is one singular powerful force
| driving centralization: the need for moderation.
|
| I remember when CmdrTaco left slash dot. The place went to ruins
| almost immediately.
|
| If dang didn't do what he did or someone like him, we would all
| probably leave here as well.
|
| Joel Spolski managed to create a self-moderating site in stack
| overflow.
|
| Say what you will about the platform being toxic, and you're not
| wrong. Content from the uninitiated is not treated well, but on
| the other hand, The quality of the content is generally very
| high. People have a lot to say about this, but I will remind them
| that self-moderation like what stack overflow achieved is a
| monumental achievement! This is a really hard problem!
|
| In the early years of Mastodon the moderation wasn't so up to
| scratch as it is now. It has gotten so much better. It does give
| me hope that moderation can still be done on a decentralized
| platform. That said, it can't be denied that Mastodon is fighting
| in uphill battle precisely because it is decentralized when we
| speak of moderation.
|
| Once we start to have more mature tools around moderation in the
| face of decentralization, I think we'll start to see a
| groundswell of decentralized services finally coming out of the
| shadows. We see this starting to happen already.
| mike_hearn wrote:
| Slashdot's moderation system didn't depend on CmdrTaco, that
| was famously the point of it. The userbase moderated itself.
| Slashdot never really made money and got kicked around between
| different companies a lot. There were some website redesigns
| that upset people and the visual design limited the number of
| stories that could be posted.
|
| Moderation can be done in a decentralized way. Email spam
| filters are an example of that.
| CM30 wrote:
| I guess it depends what you mean by decentralised here. For
| peer to peer networks, moderation is indeed difficult, since by
| definition no one singlehandedly controls what's shared there.
|
| On the other hand, federated services like Mastodon really work
| fine in the same way old school forums and personal sites did;
| the community decides what's acceptable, and content that goes
| against that gets blocked/removed.
|
| The real issue is that moderation doesn't scale; you can't
| easily automate it if you want it to work well, and hence both
| large centralised networks like Facebook and Twitter and large
| decentralised ones struggle to keep things under control.
| iudqnolq wrote:
| I'm not sure moderation scales down well either. It's easy to
| say "the community" decides but in practice that means it's
| down to the handful of people who step up and do all the
| work. And people interested in volunteering their time for
| free to moderate don't always have the personality type we'd
| prefer.
|
| That's why it's so concerning to me that Mastodon admins can
| interfere with your ability to leave an instance. Like email,
| you're to an extent dependent on your old provider to
| forward.
| myaccountonhn wrote:
| What's interesting to me is that Facebook, Google etc.
| haven't solved moderation. Big centralized servers have awful
| automated solutions with no way to appeal.
| eterevsky wrote:
| Centralization happens because it's easier and cheaper to
| implement services in a centralized fashion. Since users care
| more about features and price than about centralization, it seems
| pretty obvious that this problem can't be solved with standards,
| since standards are unenforceable.
| nradov wrote:
| Standards can be enforced through government mandates. We've
| seen that in the US health IT space where CMS/ONC now mandate
| that payers, providers, and vendors implement certain HL7, X12,
| and DirectTrust open interoperability standards. Compliance is
| fairly high.
|
| But there are also drawbacks to government mandates in terms of
| slowing down the pace of innovation and raising compliance
| costs.
| eterevsky wrote:
| This is true, but the closest example of this happening that
| I can think of is mandating USB-C for phones. I don't think
| governments have ever regulated anything like internet
| protocols.
|
| Also the standard has to have wide adoption before
| governments would consider mandating it.
| m3047 wrote:
| I give away technologies / products which favor / foster
| decentralization:
|
| * De-anonymize cloud services and make PTR records work again.
|
| * "Track the trackers" email aliasing; since none of the big
| providers do this well, you'll need to run your own Postfix
| mailserver to take advantage of it. Maybe you should set up DANE
| while you're at it?
|
| * A decentralized telemetry / SIEM -like platform using the DNS.
|
| * "Internet in a box" on your laptop: a wifi access point which
| doesn't have broader internet connectivity and which takes over
| all DNS (as well as DHCP) and allows you to run apps on that
| hotspot that are only accessible via that hotspot. Beyond the
| utility for remote / mobile de facto geofenced applications,
| imagine a world where "routers" were nodes with multiple wifi
| radios and which joined multiple "boxes".
|
| If the three phases of consensus are kook / lone gunman, co-
| conspirators, movement, (...consensus) I'm past the kook phase
| and into conspiracy. Happy to get on a video call and give anyone
| an hour of help with any of the above.
|
| Things that the RFC (and frankly nobody, really) doesn't cover
| are that centralization is overwhelmingly good for "free", but
| this has two sides. What two sides do you think I'm going to
| point out?
|
| There are absolutely awesome proprietary offerings (distributed
| doesn't necessarily mean open source or free) for doing no-code
| responsive mobile development by an "army of one" or a savvy
| user, for 1000 users or less (designed for scenarios where a UI
| needs to be built for a single person or maybe a half dozen at
| the most). Centralization favors the Procrustean (I still like
| that word, thank you commenter for gifting it to me): if the user
| doesn't fit, kill it trying and if it dies another one will take
| its place.
|
| I'm not sure if I need to see Coca Cola ads intended for an
| Argentinian or Ukrainian audience. Just let that sink in. Saw a
| pro-centralization argument the other day that $grandma in a
| $third_world_country can't view her grandson's football league
| games without the wonders of centralization (conveniently
| conflated with not regulating those centralized entities' traffic
| across international borders)... but this chauvinistically fails
| to grasp that this requires an international data plan
| (oftentimes lacking on phones in third world countries) and that
| grandma has to register for some global nexus of surveillance
| capitalism that otherwise has little relevance to her life in
| order to do so.
| wmsmith wrote:
| Asking a centralized body (IETF) to do _something_ about
| centralization. Rules for thee but not for me?
___________________________________________________________________
(page generated 2023-12-19 23:01 UTC)