libreplanet-ca-on
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lp-ca-on] article related to federation from Open Whisper Systems


From: Bob Jonkman
Subject: Re: [lp-ca-on] article related to federation from Open Whisper Systems
Date: Tue, 10 May 2016 18:10:35 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanx to some Toronto friends at CopperHead Security I became aware of
this thread:

https://github.com/LibreSignal/LibreSignal/issues/37

which seems to be what Moxie Marlinspike is referring to in the blog
post Rudolf mentions:

> When someone recently asked me about federating an unrelated 
> communication platform into the Signal network, I told them that I
>  thought we'd be unlikely to ever federate with clients and
> servers we don't control.

In the github thread, Moxie Marlinspike from Open Whisper Systems
expresses a complete lack of interest in software freedom. Even though
OWS has received offers (and code!) to provide blob-free forks of
Signal, federation capability and other enhancements, Moxie says OWS has
no interest because of the costs of providing services to federated
instances or alternate clients are too great, as are the costs of
maintaining backwards compatibility for an open federation protocol that
OWS doesn't control. He says federated systems are dead, which sounds to
me like he thinks closed, proprietary silos are the way of the future.

In Rudolf's article Moxie writes:

> An open source infrastructure for a centralized network now
> provides almost the same level of control as federated protocols,
> without giving up the ability to adapt. If a centralized provider
> with an open source infrastructure ever makes horrible changes,
> those that disagree have the software they need to run their own
> alternative instead.

Except that the server code seems to be completely proprietary; only
the source code to the client is available, and incompletely at that.
It lacks code for the Google Mobile Services (contained in proprietary
Google library blobs), to which Moxie replies:

> If you don't want to install Google's official Play Services on
> your phone, install an open source version like GsmCore instead.

But that breaks reproducible code...

I find it interesting that Moxie Marlinspike can be so wrong and so
right at the same time. Completely wrong about the value of freely
available code and federation, yet completely right about letting
others use that code without any other obligation on his part (ie. not
hosting non-Signal clients on his servers, and not being obligated to
install federation in his software).


I'm reminded of the theme of Tim Wu's book "The Master Switch", in
which he posits that the free and open Internet is over, and has been
taken over by companies with proprietary self-interest. Just like the
telephone, radio, television and cable industries were.

- --Bob.


Copperhead Security: https://copperhead.co/

Twitter thread that alerted me to this:
https://twitter.com/CopperheadSec/status/730136634935500800



On 2016-05-10 04:29 PM, Rudolf Olah wrote:
> there's an interesting article from Open Whisper Systems since
> we've talked about federation before: 
> https://whispersystems.org/blog/the-ecosystem-is-moving
> 
> Some food for thought as I'm trying to get Jabber/XMPP working with
>  federation support (and probably food for thought for Blaise since
>  he's used MediaGoblin?)
> 
>> cannibalizing a federated application-layerprotocol into a 
>> centralized service is almost a sure recipe for a successful 
>> consumer product today. It's what Slack did with IRC, what
>> Facebook did with email, and what WhatsApp has done with XMPP.
>> In eachcase, the federated service is stuck in time, while the
>> centralized service is able to iterate into themodern world and
>> beyond.
> 
> -rudolf -- Securely sent with Tutanota. Claim your encrypted
> mailbox today! https://tutanota.com
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Ensure confidentiality, authenticity, non-repudiability

iEYEARECAAYFAlcyW/kACgkQuRKJsNLM5eoqxgCgt9PD05WQePb+1gfkYI4m0l4y
6tsAoL3lCOjTOrRafpK5B2WIdfYyrfWR
=fO8J
-----END PGP SIGNATURE-----



reply via email to

[Prev in Thread] Current Thread [Next in Thread]