

Unhosted - Freedom from web 2.0's monopoly platforms - chanux
http://www.unhosted.org/

======
piotrSikora
<http://news.ycombinator.com/item?id=2021908>

------
inovica
"Our web has been taken hostage and monopolized."

I'm not so sure that sensationalist line from their website is true. Currently
I use AWS for a LOT of our latest work and I love how they (Amazon) keep
pushing out new and exciting features/products. Amazon, I personally feel,
championed the whole 'cloud' model that others are jumping into and I don't
see this as being monopolized. Frankly, the Amazon entry made the difference
to us of either bootstrapping a product or searching for VC funding - we would
never have been able to run our system using traditional hosted machines and
scaling up / down using EC2 helped us in a major way

~~~
mich-unhosted
yes, that's a good point. in cloud services there are at least 3 options, and
no monopoly (yet). also, we understand the big value that SaaS if offering
people. that's exactly why we want to offer free software alternatives in that
area. if MS Windows would not have been valuable to people, then there
wouldn't have been a need to develop linux as a free software alternative to
it. As I sometimes say about Google, "it wouldn't be so bad, if it weren't so
good". while pleading guilty on the count of sensationalism ;) that line was
more about monopolies like facebook, youtube, google docs, where there is only
one provider.

------
viraptor
Does anyone know how would this platform support messaging between users?
Since each user encrypts his own data, any broadcast would have to be
encrypted with every destination's public key... doesn't seem to work for
stuff like a message forum.

~~~
mich-unhosted
like in PGP, you would use a session key: symmetric encryption of the thread,
then encrypt that symmetric key once for every thread- or forum member. you
can only add people to this; to remove people from a thread you would need to
send the remaining people a new session key. that's the rough idea we have, we
are still waiting for someone to implement a research app so we can test how
well this works.

~~~
viraptor
Yeah, I see it now. I was stuck thinking about private/public keys only for
some reason :(

------
jasongullickson
One thing that isn't immediately clear to me is if there is are provisions for
"dynamic" allocation of storage providers. That is to say, instead of
selecting one host to store the encrypted application data, could some sort of
routing/load-balancing layer be used to allow the application to automatically
select and use a provider (and recover when a provider disappears
unexpectedly)?

~~~
michaelbuckbee
From a purely technical standpoint I believe the answer is "Yes". Whether or
not it makes sense from a performance and cost standpoint is another matter.

I find the idea really intriguing though. We already have a general strategy
of trying to spread our infrastructure between different providers even if
it's just as simple as pushing backups of our Rackspace hosts to S3.

------
torme
This is interesting, I was just discussing a similar idea with a friend only a
month or so ago. Our "inspiration" was the Wikileaks ordeal, to see if there
was a way to sort of crowd source web pages, similar to how bittorrents work.
Could a site such as wikileaks eliminate the problem of finding supportive
hosting if they could just have their user base host their app instead? It'd
be a cloud app hosted by the crowd.

Its an interesting idea, but one that is full of complicated issues, as
mentioned in other comments here. Either way, I'd love to see a project like
this get some traction, even if it provides a somewhat limited platform for
development.

~~~
mich-unhosted
it is definitely full of complicated issues, but we have already found
solutions for some of them (not all yet). please join our mailing list and
help think about the remaining ones. it will at least be interesting to have a
place where people talk about these things. i can also recommend the
p2p-hackers mailinglist to you in that respect.

------
itsnotvalid
The majority of web apps do at least one thing extra: they try to correlate
user data to provide something more out of it (be it Google for improving
search, be it facebook for providing social related suggestions, aka. ads)

This seems cannot be done at least in the current stage of Unhosted. I don't
see how this can be done with encrypted storage that the provider can't do a
lot even with polymorphic encryptions.

~~~
mich-unhosted
you would need decentralized search algorithms. i haven't looked at that much
myself, but there are some projects out there that seem interesting. to give
an idea: when my friend is logged in, his browser could run algorithms that
send me recommendations. think about how you receive information on twitter:
not through centralized algorithms, it works through peer-to-peer retweeting.
at least as a research topic, it is very interesting :) but you are right,
there is stuff that's hard to do. i think the most challenging one would be
google search.

------
sbierwagen
So this is Freenet, only less secure?

~~~
mich-unhosted
i can see your point, but there are some differences. the main one is that
freenet is anonymous, and unhosted is not. i think unhosted is, if anything,
most similar to SMTP: a protocol with which an application, that is inherently
'hosted' (uses persistence on online servers), can be 100% decentralized (bar
its dependence on DNS). Instead of centralized, as is the default these days
for internet apps. All its weaknesses apart, we should thank SMTP for being an
alternative to a centralized facebook-messages. ;) Unhosted wants to create a
decentralization layer for web apps to run on.

