
OrbitDB: Peer-to-peer databases for the decentralized web - ouzb64ty
https://github.com/orbitdb/orbit-db
======
vuldin
OrbitDB is one of the key dependencies in 3box, an awesome tool for building
decentralized apps where the user controls their own data.
[https://3box.io/](https://3box.io/)

~~~
xsdklfsdfklj
that link doesn't load if I block google ad requests.

~~~
pw6hv
How do you block these requests? Just asking as I have pihole blocking google
ads but I have no issue accessing the website.

~~~
doublerabbit
I use uMatrix, however the whole site fails to load in Palemoon.

------
markhenderson
Hey folks! I'm [https://twitter.com/aphelionz](https://twitter.com/aphelionz).
One of the maintainers of OrbitDB. Happy to answer any questions you might
have. I'll also be in the thread answering folks as well.

~~~
Nican
Hello! Thanks for maintaining an open source project. I am excited to see IPFS
take off.

Some basic questions, as I am still struggling to see the use case of this
project.

* How did this project get started? What problem is it trying to solve?

* Are there any real world examples of where this project is used?

~~~
haadcode
> * How did this project get started? What problem is it trying to solve?

OrbitDB got started because we wanted to build serverless applications,
especially for the web (ie. applications that run in the browser.) Serverless
meaning "no server" and no central authority, ie. something that can't be shut
down.

OrbitDB gives tools to build systems and applications where the user owns
their data, that is, the data that is not controlled by a service. As a way of
simple example, imagine Twitter that doesn't have one massive database for all
tweets, but rather you'd have one database for each user.

------
noworriesnate
It looks like they have an identity provider, so this must support
authentication. Link: [https://github.com/orbitdb/orbit-db-identity-
provider](https://github.com/orbitdb/orbit-db-identity-provider)

What I'd like to know is do they support authorization?

~~~
markhenderson
Hey thanks for taking a look at this. We support identity providers (the one
you linked), and access controllers.[1]

Identity providers work by cross-signing an external keypair with the
generated OrbitDB key-pairs, and access controllers generally work by exposing
a `canAppend` function that facilitates any kind of auth you want to perform.
There's support for Metamask for example. OrbitDB is also used _in_ Metamask
under the hood by our good friends at 3box.[2]

TallyLab, my application project, uses these in its IAM system and you can see
the repos here.[3]

1\. [https://github.com/orbitdb/orbit-db-access-
controllers](https://github.com/orbitdb/orbit-db-access-controllers) 2\.
[https://3box.io/](https://3box.io/) 3\.
[https://github.com/tallylab](https://github.com/tallylab)

------
jayd16
Pretty neat if you think about the technology as a smarter cache. One could
easily see certain applications, such as blog networks or Twitter
alternatives.

Security is easy in some cases. Sign your log appends. Security around
transactions without a central authority is pretty complex. Whats the solution
there? Block-chain type things? It would have to be application specific I
suppose.

I never gave FirebaseDB a shot because it felt like too much vendor lock in
but this might be interesting to try one day.

~~~
haadcode
Great comments! Indeed, "sign your log appends" gives everything needed for
authority. Re. transactions, from OrbitDB's perspective this would be
application specific, so you could hook into traditional, centralized
consensus or use a blockchain or other types of decentralized consensus
mechanisms. Or, given the core data structure is a log, build a "custom
database" on OrbitDB that models and provides an interface for a consensus
algorithm, eg. "append 1: head is X" <\- "append 2: ack head is X" <\- "append
3: ack from me too that head is X" etc.

------
dang
Related from 2018:
[https://news.ycombinator.com/item?id=18748542](https://news.ycombinator.com/item?id=18748542)

------
qorrect
What is the use case for this ?

~~~
haadcode
The use case is shared, mutable data structures that don't rely on central
coordination or control.

~~~
collyw
Does that even make sense? Why wouldn't you want centralized coordination of
your data structures? We could go back to people emailing emailing Excels to
each other is that's what you want.

------
LoSboccacc
last time I tested it needed to fetch the whole db to do even the most basic
reads, so even simple but long running applications had a very long, network
intensive initialization time. is that still the case?

~~~
markhenderson
OrbitDB works with a CRDT stored in IPFS. In order to calculate the state of
the database, it does need to reduce the CRDT oplog which requires fetching
all the entries. This was indeed very time consuming, particularly for remote
requests, since we used a "nexts" list of addresses to load.

HOWEVER! Our latest release, 0.23.0, mitigated this by using a power-of-2
skiplist to load things in parallel, which gave us a nice 4-5x boost there.

~~~
aboodman
Does this mean that in order to initialize the database, the entire version
history must be synced and reduced, to get the current values?

(Is there a design doc for OrbitDB anywhere?)

------
continuations
p2p DB in JS using CRDT. That sounds a lot like GUN.

How does OrbitDB compare to GUN?

~~~
gun_throwaway
> How does OrbitDB compare to GUN?

I went to a meetup where the creator of GUN gave a presentation. To this day,
it was the single strangest presentation I've ever experienced.

The presentation had numerous obvious errors. The audience kept pointing out
major misunderstandings and errors about distributed systems. I remember one
awkward moment where someone pointed out a glaring error in the author's model
of conflict resolution that undermined one of his key points, which the GUN
creator tried to gloss over as quickly as possible. To top it off, he ran out
of slides before he finished his talk because he hadn't bothered to complete
his whole slide deck before presenting. Instead, he just tried to improvise
the last 1/3 of his talk about GUN.

It was so bad that we all walked out of there wondering if we had just been
trolled. To this day, I'm still surprised when I read about GUN on Hacker
News.

You don't need to take my word for it. I encourage anyone considering GUN to
open up the source code and look through some random files:
[https://github.com/amark/gun/tree/master/src](https://github.com/amark/gun/tree/master/src)

~~~
sagichmal
I wasn't at this specific presentation, but I've seen other presentations by
the author, and had basically the same takeaway. Snake oil.

~~~
tecleandor
What are the alternatives for offline-first databases? I have a project in the
back of my head where clients to a simple central database would be frequently
offline and I had GUN in my notes for doing that.

~~~
olah_1
I'd say another option might be PouchDB in combination with CouchDB. That's
what Hoodie uses.

But I don't see why you couldn't try GUN if you wanted to. It's disturbing how
HN seems to demand a kind of "brand loyalty" regarding technology. Just use
what works.

------
budabudimir
A database implemented in JS; very encouraging. I guess performance and
robustness were not a priority.

~~~
haadcode
> I guess performance and robustness were not a priority.

You'd be surprised how well JS does on both fronts, in addition to being able
to run across platforms :)

~~~
brabel
Performance-wise, JS is not too bad when you have lots of IO going on, as in
this case... but robustness? You gotta be kidding! JS is the poster child of a
language does NOT have robustness as one of its attributes. Just about every
single one of its design decisions makes robustness difficult.

~~~
wayneftw
You should check your definition.

Define robust:

1\. Strong and healthy; vigorous

\- _(of a process, system, organization, etc.) able to withstand or overcome
adverse conditions_.

JS is the most robust language we have according to the main definition,
however you measure it. What other language is as alive as JS right now? What
other language has as much programmer attention?

JS is also easily robust according to the noted sub-definition. What other
language would survive the web? The web, an environment that could easily be
described as "very adverse"... What other language is ready to run in a
browser where it will be dynamically and continuously mixed with modules from
many different sources, without breaking? JS was built for this.

What other popular language is so easily runnable cross platform? What other
popular language lets you program with both OOP and functional paradigms while
also being as popular as JS? What other popular language lets you monkey patch
things to fit a piece of code into any situtation?

Robust means all of these things to me. What does robust mean to you and what
is your example of the most robust programming language? You didn't say...

None of these fit the bill: Python, Ruby, C, C++, Golang, Rust, C#.

~~~
brabel
You are arguing for the sake of arguing. OP said JS is not a good choice when
performance and robustness is important... any programmer knows exactly what
they mean, but I will spell it out for you as you clearly do not get it: if
you're going to write a DB, you want it to be performant (run fast) and robust
(does not fail or lose data, or get into a corrupt state easily). JS is
absolutely not the first choice when performance is very important, but I
concede it can run fast enough for some kinds of a applications... but would a
DB written in JS be robust? The answer by anyone who knows anything about
programming languages has to be a big NO!

Any language that has a dynamic & weak type system, and where monkey patching
is not only allowed but used widely, cannot make a claim to leading to robust
software.

I would argue that languages focusing on correctness are the ones that would
have a good claim at producing more robust software. As you've asked, I would
say that Rust, Ada, Haskell fit the bill... but even languages that focus on
keeping simplicity and boring uniformity at scale, like Go and Java, could
still make such claim (and lots of software written in them can be described
as robust) a lot more than JS, which offers basically 0 features focused on
correctness beyond the bare minimum.

~~~
wayneftw
> You are arguing for the sake of arguing.

Nope. I actually just disagreed with you. I think JS is a robust language and
I said why very clearly and politely.

You, however - well I stopped reading after your first sentence.

Good luck to you!

~~~
brabel
You start with " You should check your definition." and you think that is "
actually just disagreed with you. I think JS is a robust language and I said
why very clearly and politely."?

You didn't say why JS is robust, you twisted the word's definition to fit your
point. Don't do that.

If your way of debating is to leave the debate when someone says something you
don't like, then good luck working in IT.

------
tln
Did any of the demos work for anyone? HN hug of death?

~~~
markhenderson
Yeah, sorry about that :( There's this though:
[https://github.com/haadcode/orbit-db-control-
center](https://github.com/haadcode/orbit-db-control-center)

(which also seems to be putting [https://ipfs.io](https://ipfs.io) under
strain. Sorry, ipfs.io!

~~~
collyw
Decentralized with a control center?

------
eeZah7Ux
javascript? No thanks.

~~~
dang
Could you please stop posting unsubstantive comments to Hacker News? You've
been doing it repeatedly, and we ban that sort of account because we're trying
for something a bit better than that here.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

------
xchaotic
eventually consistent database Is an oxymoron

~~~
dchyrdvh
Iirc, Spanner is eventually consistent.

~~~
exacube
spanner is strongly consistent

~~~
dastbe
spanner does support eventually consistent snapshot reads as well with
improved latency benefits (as you're effectively foregoing a transaction).

