Hacker News new | past | comments | ask | show | jobs | submit login
Solid – Reshape the web as we know it (inrupt.com)
750 points by yarapavan 5 months ago | hide | past | web | favorite | 250 comments




After reading what little documentation is available and installing a single-user solid server myself, I wonder if this is how people felt when the World Wide Web was first invented. I find myself asking: Okay, now what? Except I think even the World Wide Web, when it was first invented, at least had a demo that worked.

Solid doesn't even seem to work. Following instructions for "learn[ing] how to install and run your own Solid server," I successfully installed a single-user solid server. Great, now I have a single-user setup that is supposed to give me control over my data. So how do I authenticate as the single user? No clue. This thing is so secure, not even I can get my data!

I would have expected something more useful from the inventor of a technology that so many people can use today without having to think much about it.

EDIT: I deleted and started over. I still don't know what happened, but now at least I can create an account and login. Still not quite sure what I can do, now.


> I wonder if this is how people felt when the World Wide Web was first invented. I find myself asking: Okay, now what?

Yes, That is very similar to how I felt when I first found the web. I forget how early it was (1991?), but I was on gopher and saw the docs and a few small sites and had the same thought -- mildly interesting, but not much there. But it took off quickly, and I'd say within 2 years from my first seeing it, gopher was dying, browsers were coming out for Windows and I was trying to explain to people that this was going to change the world.

Will this change it, too? Who knows. But I'm not going to dismiss it just because it is starting small.


This may be hint regarding how to authenticate:

https://github.com/solid/node-solid-server#testing-solid-loc...

> In order to really get a feel for the Solid platform, and to test out solid, you will need the following:

> 1. A WebID profile and browser certificate from one of the Solid-compliant identity providers, such as solid.community.

EDIT: Seems if you run `solid init` and accept the defaults, it will configure a local WebID provider that you can register to on first use.


I look forward to the day where getting on the internet is like opening a bank account, complete with KYC verification.

I will love standing in line at my local DMV and waiting for my WebID profile to be approved.


LOL, no. I want to be able to have internet access anytime anywhere without identity checks, verification, or even anyone knowing exactly who I am. What is legal speech today is heretical "call the death squad" speech tomorrow.


Exactly. Anonymity is a feature, not a bug. Certain unpopular opinions can’t be said if the one posting now has to worry about the repercussions in the real world. A despotic government or just some malicious people are now able to punish you for simply having a different view point, which is NOT my version of an ideal internet.


It'll be nice when browsing without a license is punishable the same way driving without a license is. People will finally be held accountable for the things they say and do online.


I feel the exact same way about writing. How much human suffering has been caused by people's ability to just read and write down anything whenever they want? There is zero accountability! Heck, nowadays, I can even make graphics on a computer and then walk into Staples and print them out on official-looking, high quality paper. And they even have the gall let me pay anonymously in cash!

In the good old days, only the Church could publish books, so everything that was written down was thoughtful and true.


Those were the days. People were good and true when they feared being burned at the stake.


If God didn't want heathens to burn, He wouldn't have made them so flammable. It's just common sense.


I smell some sarcasm in this thread.

But we are on the net so nobody knows for sure.


I just had flash backs of Reddit...


It's refreshing to see people refer to reddit in the past tense, maybe its finally dying.


Why would people be punished for things they say (people can't do things online, unless you re talking about remotely controlling a robotic arm).


Har har har har, right?

Voting machines and nuclear reactors get hacked with code - which is just something people say on computers.


neither of these are people "saying" stuff.


Seems like language to me


> 1. A WebID profile and browser certificate from one of the Solid-compliant identity providers, such as solid.community.

Hmmm, a centralized WebID eh? No thanks.

Even the "How it works" page [0] indicates how your solid pod becomes your id.

"In order to prove ownership of your data, you need a way to identify yourself. Rather than relying on a third party, you can use your Solid POD to say who you are. So no more “Log in with X” or “Log in with Y” on the Web — just “Log in with your own Solid POD”."

It'd be nice if it didn't replace one type of SSO with another, but proposed a way that SSO wasn't required at all.

[0] https://solid.inrupt.com/how-it-works


I was actually able to authenticate, finally. I guess somehow the configuration was initially corrupted when I first tried. If at first you don't succeed, delete and start over.


AFAICT there are literally no apps to try this on. Why did they decide to announce this and publicize it before a basic, well-polished, example was ready? The pod signup process is using vanilla bootstrap, there wasn't even a visual design pass.


Well, I guess we just asked the opposite question: Is there any reason to keep this sub-surface any longer, and we didn't find any such reason... :-)

So, it is just "release early, release often". So, the code and the spec has been out there for a long time. I mean, some of this stuff is really old. Us geeks have been thinking about decentralized social networking since the dawn of ages, and it seems like the rest of the world is starting to wake up to its necessity too. So, I think the timing is pretty OK now.

Like, Linux didn't come with a well-polished example either... It wasn't even intended to out-do Minix. :-)

I guess you could say that we could say even more clearly that this is a prototype, and we have a roadmap where it will stay a prototype for some time. But we are seeing people finding it interesting that we're actually not trying to engineer something from the ground, we are seeing what kind of impact we can have with pretty well tested Web technologies. I suspect we have a lot less development to do to have a great social impact than you'd have to do if went full P2P.

At the same time, there is a large graveyard out there of failed decentralized social networks, so we are under no illusion that this is going to be easy. It is going to be pretty hard.

Still, I don't see any reason why we should be sub-surface any longer.


It would be good to have a set of demo applications that do something that can't be done by competitors.

I read the website and I don't really get it. If I give an app read access to my data, they've got a copy. Maybe they don't have the canonical copy, the original, but they've certainly got A copy. How do I have control?

As far as I can tell you've reinvented Facebook with a better API. Why wouldn't someone just embrace and extend to take control? "Oh yes, we made some changes to our PODs so you won't get full functionality with other people's PODs. You can just move your data to our company with a click of a button, CLICK HERE, and everything will work great! Also, we no longer support exports of data, sorry. But we'll take really good care of your data, we promise!"

Maybe I'm dumb and I just don't get it, that's certainly possible. But maybe you're not doing a good job of explaining it.


I think I saw a few example apps linked elsewhere -- the apps section of the marketing-oriented website just said "coming soon." I think it'd be a good idea to show these apps off, even if they are unfinished. I know I'm personally skeptical of any specification that lacks working examples, and the website, due to its lack of apps, implies there are none (hence my "afaict.") good luck with the launch!


Especially considering that they claim you can make an app in a lunch hour. They were just one lunch hour from a "solid" launch!


It seems kind of vaporware to test people's reactions and get allies. It's definitely interesting and could be game changing if well implemented. Microsoft and Apple could push it and win an important battle.


I am curious:

Is it actually worthwhile to solicit this kind of “ally” interest? I would think you’d attract mostly onlookers, people who are puttering around thinking about these topics. People who may just gum up the mailing lists.

Is it really likely to attract actual contributors? I’d think that comes more from providing something that solves a real problem for some obscure group of people.



Do some of these work? I haven't been able to login to any including the ones listed here: https://github.com/solid/solid-apps


Why? The web seemed to grow on with this kind of roll out.


isn't there something about if you wait to launch until you have a basic well-polished example you launched too late?


no, the saying is that if you aren't embarrassed by your first version you've launched too late. it doesn't mean that if you launch something embarrassing you've launched on time.

a new, far reaching platform for internet data exchange launching without a basic proof of concept seems like a clear and obvious gap that should have been filled before launch.


i.e.

    A->B != !A->!B


I hope there’s a lot more than that. I mean, they claim that they’ve been working on it for 15 years.

“Solid has taken 15 years of development work to finally deliver this.”

I probably missed something, but I didn’t see mention of Solid being taken through a standards body, either (even his own one). Web protocols were standardized early and were royalty free, with working prototypes. That helped lead to quick adoption.


As far as I see, solid is just bunch of existing standards bundled together. Especially RDF and things related to it.

The w3.org site describing solid is actually more readable: https://www.w3.org/community/rww/wiki/SoLiD

See also https://www.w3.org/DesignIssues/LinkedData.html


IMO it's a waste of time to try to standardize something that hasn't proven its value yet. Leads to a design-by-committee situation (committee should be spelled ccoommeettii)


The initial W3 code releases from CERN likewise preceded any formal standardization effort. They came with documentation defining the protocols and data formats (albeit loosely), but those were project documents generated internally, and not elaborated or ratified by any formal standards body.


To me it looks like as another incarnation of semantic web stuff.


This was my first impression too. Tim and a certain contingency have always wanted that stuff to take off, but the benefits have never been clear enough to make it happen. It's an easy concept to overengineer. The Web took off because it was simple. Anyone could author a rich document in HTML and share it just by sticking it in a folder and passing around the link. The Web now gets harder by the day, so history just might repeat itself sooner or later.

I think Solid needs to start with cleaning up their communications as the whole thing is hard to understand.


I'm very interested in 'new things', especially in this area, and I find it incredibly frustrating how bad they often are for a significant number of users.

One of the more promising initiatives I've seen recently is Patchwork, which is a kind of Facebook or social network that runs on the Secure Scuttlebutt (SSB) protocol.

It's a user-friendly app that you can download, and after getting over the hurdle of adding a 'pub', you can get things going pretty quickly.

What frustrates me is that I can imagine quite a few people would go through the trouble to install the app, non-geeks included, even though it means going to a weird .nz domain and even though simply searching for 'Patchwork' on Google isn't enough. In my experience there's a subset of the general population that will be willing to do this.

But then they get an app that does nothing, and they'll have to figure out that to use the app, they need to add a 'pub' server. Doing so requires a bit of searching and then adding the pubs to the app. I'd say that's a bridge too far for most.

The same goes for developers. Patchwork is written in Node.js and for various reasons there's no easy way to write clients in other languages. Even though I am familiar with Node.js programming, it's enough of a hurdle that even as a fan I just resigned myself to just wait until something more user-friendly shows up (Elixir client plz).

My point is that Patchwork/SSB has been one of the best-implemented things I've seen, and yet it sucks enough that I hesitate to recommend to 'regular' users or developers. And the frustrating thing is that, considering the effort involved, it wouldn't be that much more work to bridge the gap. But doing that is just not interesting enough, and so the whole thing remains a niche that will probably die in due time.


That’s exactly how the Web was at first. I clearly remember downloading Mosaic in the summer of 1993, a few months after its release. I clicked around for a few minutes, but quickly ran out of content. So I went back to gopherspace, which was rich and endless in comparison.


> I wonder if this is how people felt when the World Wide Web was first invented.

It did feel like a new beginning.. combined with a "that's it?", combined with a "how will they ever get everything online?" At the time, no one was really online or knew what the internet was. Protocols like Gopher, Archie worked ok, and there was a BBS world..

Still, the web just felt unspeakably different to what came before in an indefinable way.

If application logic can be separated from data in Solid, this could be meaningful evolution to the web.

Imagine plugging in all of our existing data in one app or database into any other app or database.


Here's some more information about the app experience. I'm sure this is a very very early test to see how many people are interested.

I, for 1 and super excited to take back my data.

https://www.inrupt.com/our-work/


Thought this was similar with more details: https://patentimages.storage.googleapis.com/7d/03/9f/7779479...


There was almost nothing on the WWW, gopherspace was still the big thingy, and many folks still had their email hand-delivered via UUCP.


security implies availability friendo


The w3.org site describing solid is much better (even if some links don't work):

https://www.w3.org/community/rww/wiki/SoLiD

https://www.w3.org/DesignIssues/LinkedData.html

inrupt.com site is just marketing hype and crap experience.


Was just about to say that after reading for a minute I understood nothing about the material. It was just a random array of buzzwords.


The footer of the Wiki page says: "Last edited 3 years ago"


Thank you so much! I was wondering wtf this was about. Much clearer on the w3 site.


I hat websites like this: after reading for 3 minutes I learned that Solid is revolutionary, game changing and whatnot, but I have aboslutely no idea what it is. Very frustrating experience.


This early 2010s sitcom clip [1] comes to mind when reading about this. Many of the same buzzwords were used, in the same way. Notice the lack of substance in the product discussion, and the literal dancing around what it (Jabberwocky) was.

Who needs a product, when you have a presentation.

[1] https://youtu.be/spyJ5yxTfas


Yes indeed. Marketing buzzwords before any kind of substance.


applications :(

Does anyone else feel nostalgia for the pre-"web app" days of the internet? I'm talking about personal sites on Geocities and web rings built on communities of shared interest.

The browser was an application for navigating hyperlinked information. Other applications include email clients, news readers, FTP clients, and IRC clients. You never had to download a megabyte of minified JavaScript just to read a 500-word article; you never would, since it took about ten minutes to download a megabyte on a blazingly fast 14.4 modem.


I don't. For me to get a nostalgia rush I need to go down to the Computer History Museum and see yet older stuff. Nostalgia isn't a function of quality, but of age.

Douglas Adams expressed this well:

“I've come up with a set of rules that describe our reactions to technologies:

1. Anything that is in the world when you’re born is normal and ordinary and is just a natural part of the way the world works.

2. Anything that's invented between when you’re fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it.

3. Anything invented after you're thirty-five is against the natural order of things.”

For me the stage that came after this is, "Well, change is going to happen, so either I need to get off the merry-go-round or I need to learn to like it." Geocities and FTP clients are as dead as fan-fold, green-and-white line printer paper, and for the same reason: we found better ways to serve the same needs.

Justifying one's nostalgia by pining for the days of 14.4 kbps modems doesn't make a lot of sense. If they were good, then surely my first modem, a 300-baud acoustic coupler was better. Although I feel a tug of nostalgia when I see one, it wasn't better. Optimizing to save a resource we have in abundance makes as much sense as depression-era grandparents saving bits of string for possible reuse. It wastes that most precious of non-renewable resources: your time.


Nostalgia isn't a function of quality, but of age.

It's not just age, it's a sense of loss. I can still go down to the store and buy milk in bag form, just as I could when I was a kid, so I don't feel nostalgic about it even though it's old. I feel nostalgic about the web of my youth because that place is gone now and it'll likely never come back.

In tech circles we like to obsess over new technologies and all of the amazing new possibilities they've brought. We don't spend nearly as much time talking about all we've lost.


Except that a lot of things was instantaneous just 20 years ago. I can't believe how slow even new smartphones are when I'm trying to make a phonecall... Every press of a button feels slow, there have to be animations scrolling screens left and right instead of instantly activating something. Every time I'm using something new and flashy, I feel like I'm stuck in sirup.


The closest thing dialup ever got to instantaneous was text-based terminal interfaces. And I remember agonizingly slow load times in Lynx just as often as agonizingly slow load times in Mosaic, NN and IE. Our expectations change, however, and as tech speeds up, we ask “why aren’t people optimizing for what we care about, performance?” But there’s a multitude of answers, many of which are sadly non-technical. Speed and responsiveness often take a backseat, but improvements do happen. (AMP, CDNs like CloudFlare, use of native apps, etc.)


Yeah, didn't mean old modems, more like applications. My 300 baud modem was pretty slow. But applications were always very fast compared to most new stuff.


Yes, exactly. So while today on a slow connection you can find yourself waiting a long time for Gmail to load up and let you read your email, in the days of 300 baud your email would be downloaded in batch and your mail reader would come up instantly, letting you peruse and read your email at leisure.


I don't recall anything on the internet being instantaneous 20 years ago. Surely you're misremembering?

I also don't find that new smartphones have much touch-based interface latency; but even so, that kind of latency doesn't have anything to do with the internet, nor the halcyon days of late 1998. To my recollection browsing the web in the late 90s was far more exciting but also far less useful than today.

The modern internet has a lot of inefficiency, but I don't see how you could seriously claim it's slower than what we had 20 years ago. Sometimes heavy web applications are relatively slow because they're underoptimized, but that's less of a technology failing and more of a developer failing. Most websites load spectacularly faster, and perform better, than all but completely static HTML websites from two decades ago despite having much larger byte footprints.


Yep - I remember very carefully planning which mp3s I wanted so that I could dedicate my small window of modem time each day to download them because each one took 10-30 minutes. Sometimes I was able to get through a full game of Age of Empires before disconnecting due to lag or because my dad needed to make a phone call. I find long page loads due to excessive javascript as annoying as the next person, but I'm much happier with the internet in 2018 than 1998.


Ok, maybe I was spoiled with 100 Mbps connection at the time but I was mainly talking about Apps. They were not web-based, all written in C, some form of BASIC or Assembler.


I find exactly the opposite.

Some websites overloaded the 98 web by being an entire page of diced and sliced graphics that assembled the page. Most were mainly text and appeared pretty much instantaneously. Images came slower than the article you could be already reading if you were on dial up.

One of the things I dislike about the current web, is how slow most sites have become - mostly thanks to an absurd overhead of JS and third party SaaS just to display a text article with a few pictures. The number of sites that will unreadbly bounce the content around as various web fonts, icon fonts and other trivia load is pretty ridiculous. It's the main reason I now browse with JS off and white list JS for a tiny few.


My computer from 20 years ago was a lot snappier than anything I've used today. And this is not just nostalgia, there is data to back it up:

https://danluu.com/input-lag/


That's interface latency, not internet speed.


And it's due to bloat; the same kind of bloat that leads people to add megabytes of javascript and other resources to simple articles.


Use a rotary phone for a couple weeks.


You were using a rotary phone 20 years ago?


A rotary phone was at least instant physical feedback...


Like a lot of people on HN, you appear to be conflating "download a megabyte of minified JavaScript just to read a 500-word article" with the concept of a web application, and implying that embedded applications are somehow a violation of the web's intended purpose.

But hypertext is an application, and the web was always about hyperlinked text as well as embedded content. The <script> and <applet> tags and now defunct concepts like VRML demonstrate that the "only static, only hypertext" version of the web you miss were more due to the primitive nature of an undeveloped platform than a state of grace and purity which has since been defiled by the ability to do computation on the web... the intent for the web to host both static and interactive content was there practically from the beginning.

>Does anyone else feel nostalgia for the pre-"web app" days of the internet? I'm talking about personal sites on Geocities and web rings built on communities of shared interest.

I don't. I like being able to watch videos and play games on the web, and buy things, and so on.

And webrings were fun, but modern social media offers a much bigger and more varied set of communities than the old web ever had. I know that's an unpopular sentiment to voice on HN, but as far as most end users are concerned, Reddit and Twitter and even Facebook are useful in ways that IRC and web chatrooms never were.


I don't know, the older days also had IRC, messaging apps, internet forums and BBS systems too, and my experience is that the people on the last two tended to be more... mature than the kinds on social media sites. Even today the slower and more thoughtful pace of a traditional forum is more conductive to decent discussions than the obsessively upvote/view focused world of social media sites.


>I don't know, the older days also had IRC, messaging apps, internet forums and BBS systems too, and my experience is that the people on the last two tended to be more... mature than the kinds on social media sites.

Social media is just about as mainstream as the telephone now. Everyone who was on those forums and BBS systems and IRC is probably also on social media.. along with their parents and kids. The web long ago got too big to draw narrow demographic conclusions about. And everything you mentioned apart from BBS is still around.

I mean, my elderly mother uses Facebook and I wouldn't call her "obsessively upvote/view focused." She is obsessed with sharing pictures of her grandkids doing everything, though...


How much of that is the eternal September of going from something where a tiny niche of the population using a thing to the vast majority?

I don't think there's much structural about Yahoo Answers being what it is. I think it's mostly the population.


irc still exists and I usei t every day. The same jerks that you see on "social media" exist all over IRC as well.


> And webrings were fun, but modern social media offers a much bigger and more varied set of communities than the old web ever had

Most of it is undiscoverable, private, or short form. There are very few people putting up public multi page tutorials or project summaries in the way that they used to.


I feel like that's not all that rare—you just do it as a series of blog posts these days. You could make a strong case that a set of independent pages that freely interlink is a better format, but still, the impulse is there, so people have found a way to make that kind of content.


I don't see many independent bloggers these days. Especially outside of the tech community. Most of it feels like it's becoming hidden behind monetized walled gardens.


It’s not so much the web apps, but the professionalization of content that makes me nostalgic. The charming thing about the early web is that almost all of it looked equally terrible- even the sites made by paid experts looked only marginally better than what junior high schoolers would crank out in computer class (ask me how I know.)

This created space for passionate amateurs to create content for their niche. You got wonderfully personalized, quirky sites that didn’t look weird or suspicious and, importantly, actually got traffic (or what passed for a decent amount of traffic at the time.)

The rise of Google, security issues, “walled gardens”, blogging platforms, and YouTube have basically ended the ability of a new amateur site to get a significant amount of new traffic. Internet stardom has moved to YouTube, Twitter or more specialized communities like Reddit, StackExhange, or Wikipedia. The Wikia networks have driven out most need for fan sites. Social networks are a better sharing mechanism than personal blogs meant for keeping friends and family up to date.

This all has had the effect that the internet “feels” far more structured and professionalized than its early days, and IMO is much more a “winner take all” environment for content. I miss the amateur web the same reason I go to high school sports and watch low ranked college football teams- the play may not be as good, but passion is the same, the games feel more human and occasionally you see unexpected flashes of brilliance, beauty, and serendipity that you’ll never see in the professional world.


As follow up- there still is space within some of the walled gardens, primarily YouTube and Twitter, and I’m sure some emerging media will support amateurs early as well. I certainly don’t want to go purely back to webrings, marginal search engines, hand crafted directories, and printed “internet phone books” (yes, this was a thing) as it made it far more difficult to accomplish tasks, but TBL and others fighting against the Balkanization and centralization of the web content as a whole is not a bad thing.


I do not. Geocities was a miserable collection of weird text that was almost completely unusable. FTP and IRC were great for the people who used them, but the community was small and still exists.

For all the people lamenting the loss of the old internet, most of it is still there(irc,ftp,rss,ncurses email clients) -- you can still use it. You should probably ask yourself why you aren't.


I use it. And people keep working hard to replace the standards it is built on with unimplementable complex, insecure, poorly thought out crap.


You should probably ask yourself why you aren't.

Because there's no gopher client for macOS.

I bet if Google indexed Gopher sites at the outset, Gopher would still be a thing.


There are browser plugins: https://addons.mozilla.org/en-US/firefox/addon/overbitewx/

They have very little use. There's also a web proxy:

http://gopher.floodgap.com/gopher/gw

Browsing it makes clear why Gopher would not still be a thing, except in the same sense that there are hobbyists who maintain Model Ts and steam engines and whatnot. For a time, Gopher was a miracle and a wonder. That time lasted about a year. The web does all it does and infinitely more.


Plenty of terminal-based options (e.g. Lynx) for Gopher.

Gopher pretty much died long before Google was a thing. Here's a good article: https://www.minnpost.com/business/2016/08/rise-and-fall-goph... (lots of interesting comments below the article from many of the people involved)


Use lynx in your terminal emulator...

There is a vibrant international community of people still on gopher, and a lot of us run our own servers. Check out gopher://gopherproject.org

There you'll find a getting started file, and other useful things such as a curated site listing (think DMOZ for gopher) called the Gopher Lawn.


Why do people still run gopher servers? To keep some content/discussion open to only a self-selected community?


> Does anyone else feel nostalgia for the pre-"web app" days of the internet? I'm talking about personal sites on Geocities and web rings built on communities of shared interest.

Definitely! There's a lot of that sentiment over at Micro.blog [1], which has built a community of writers & indie software developers (especially developers from the RSS era, if you've heard of MarsEdit or NetNewsWire). There's an emphasis on personal blogging, keeping things simple, and using dedicated desktop/mobile apps (usually made by solo/indie developers) for each task, instead of the website. And as part of the IndieWebCamp [2] projects, there's even people making web rings again [3] as well.

There was also a search engine someone showed on HN recently, that didn't have a crawler - the only pages listed were the specific pages (not domains!) that people submitted to the index. That gave the searches some serendipity, you never found what you searched for but stumbled on something that someone else thought was interesting anyway.

[1] https://micro.blog

[2] https://indieweb.org/

[3] http://th3core.com/talk/traffic/i-made-a-web-ring-5-days-ago...


Sort of.

90% of the web apps that are useful to me would be equally useful as native local apps with local data. As a native MacOS or iOS program they would be hugely faster, without latency, and just as useful out of signal area (still common enough that it happens daily for me).

That would leave me to choose which I wanted to sync either internally or via something like dropbox.

Most of the innovations in the browser that enable apps also promote and enable tracking, auto start videos, and JS loaded ads, and use of the browser as surrogate OS. Mostly I find this a serious misstep. I don't miss bad design and sites that were cut up bits of image etc.


Nostalgic yeah, but that doesn't mean very much... After all, those discovering the web today will feel nostalgia for the current version in N years.

As exciting as those days were, I wouldn't want to go back to dial-up, CRT monitors, no-broadband, no-wi-fi, no-wikipedia, no-dropbox, no-stackoverflow, no-git, no-digital-distribution, etc.


No spam. No tracking. No monetization. No clickbait.* No Zuckerberg. No profiling. No selling surfing habits. No social credit score. No tying insurance rates to activity monitors. No bosses firing people for expressing their personal opinions on private time. No HR minions making hiring decisions based on personal web spaces.

And yes there was broadband in the old days. It just wasn't widely distributed. It was mostly at businesses and universities. As broadband became more common, web sites got needlessly heavier.

On the plus side, future generations will never know the horrors of a RealPlayer "Buffering..." message.

* Unless you really needed punch that monkey.


"As broadband became more common, web sites got needlessly heavier."

100% this. About 8 years ago, I had LIGHTNING fast loading times on every page I visited. 800-1000ms was average, on a connection that is slower than mine is today... Now 4-8 seconds is average, and the new Gmail takes 10-12 seconds to load.

I'm nostalgic for the days when the web was faster and more functional than it is today.


Even in the very early days of the web, technologists were talking about the browser as a potential platform for applications. This was pretty much always the vision for browsers, it just took a while to figure out exactly how to do it.


But that was where Netscape, a commercial company, and others wanted to take the web. The original idea of the web was to share simple marked up documents, not applications. The image tag was even hotly debated when it was first introduced.

As for figuring out how to turn the web into an app platform, Netscape and Sun might have gotten farther in the 90s if it wasn't for Microsoft. There used to be a saying in the 2000s that MS held back technology for a decade.


>Does anyone else feel nostalgia for the pre-"web app" days of the internet? I'm talking about personal sites on Geocities and web rings built on communities of shared interest.

http://wiby.me is a search engine that indexes pages like the ones you miss. Full disclosure though, I made it.


> Does anyone else feel nostalgia for the pre-"web app" days of the internet? I'm talking about personal sites on Geocities and web rings built on communities of shared interest.

I don't understand the premise. Tumblr is / was over ten times larger than Geocities. It did what you're describing. It was still wildly popular with young people just as recently as a few years ago.


Tumblr wasn't personal in the way that Geocities was.

With Geocities you could see millions of high school art students demonstrating for the entire world that they don't know the first thing about design or color.

Tumblr is the epitome of a walled garden. The flowers look pretty, but you still have to plant them in neat, orderly rows. Even Facebook's Pieces of Flair offered more of a creative outlet.

You can still make oversized blinking purple Comic Sans text on a black background above an animated "Under Construction" GIF. But you have to do it in CSS.


You're both talking about Tumblr like it's dead. Tumblr will never die.


> With Geocities you could see millions of high school art students demonstrating for the entire world that they don't know the first thing about design or color.

They've moved to DeviantArt now.


While I agree with the sentiment (it's become more cumbersome to create and access content on the web), it goes without saying that the vast majority of users find value in web apps and the platform-agnostic functionality they provide.


I miss aspects of it, for sure. What I think you're getting at here is that we used to have a cleaner separation of protocol, data format, and client application - enabling us to have multiple ways of combining the above. Tons of email clients, tons of formats, but ultimately just one email namespace - the DNS. That's much more idiomatically Internet than webapps are, which rely on my browser very carefully executing instructions provided by a site with very little control on my part as to what they do with the chunk of screen real-estate they've been afforded.

There's also something about the snappiness of desktop apps on hardware 1/100th the speed of what we're running now that I dearly miss.


Yes. There should be room for both.


The goals are laudable, and sometimes a backwards-looking implementation can get traction faster than a forward-looking one. But the reliance on Pods and URL location-based identifiers roots it firmly in the past.

I think the future is the robust content addressable distributed web. Which could give developers the same flexibility, and users the same friendly experience, but with everything virtualized in a peer to peer mesh. I’d like to see the developer smoothness of Solid married to future-proof content identifiers like this: https://github.com/ipld/cid/blob/master/README.md


Would the content-addressable distributed web really "give ... users the same friendly experience"?

I'm a bit outside my wheelhouse, and I don't fully understand what Solid means when they say "You own your data", but with content-addressable strategies, often users _don't_ really have ownership once something is published in the sense that you can't delete or change something if anyone else is serving a copy.


Depends on where/how that data is distributed. A big focus with technologies like IPFS is to have data be local and to not upload it anywhere. OR, to encrypt data within a small, private swarm where not everyone can access it.

This is important, because getting rid of a content-addressable strategy doesn't actually protect your data. In practice, running application logic locally and having small private swarms is better for privacy than what we have on the web right now.

So say you're hosting your own data at a traditional URL and on IPFS. Well, if someone wants to save your data, they can do it with the same ease on both. They just download your stuff and save it. If you take your data down from IPFS and from the traditional URL before someone saves it, then your data is safe. So, again, same situation.

What IPFS says is, "if someone re-hosts your data, can we cryptographically prove that it's the same data? And can we refer to the data by that signature rather than whatever the host is this week?" So, if your data goes down but someone else found it and rehosted it, stuff like URLs would still work (although in practice, the URL you'd use would be a pointer to the most recent version of your site, so even that isn't necessarily typical).

This is a minor loss to data ownership because you can't literally invalidate a URL if other people are willing to host it. But that's the only thing you've lost. Under the web as it exists today, someone can still take all of your images and rehost them on Reddit or something. If you think it's easy to prevent that, go let the MPAA know what your strategy is so they can end piracy forever.

So the problem with IPFS/DAT isn't fundamentally any different, it just means that URLs break less often, there are fewer Man-in-the-Middle attacks on your website, and there are fewer download links that lie about their payloads.


Very much depends on the concept of ownership, doesn't it? ;)

I mean, you own it, but so does everyone else. I think the traditional(?) concept of ownership you are referring to, that allows people to "delete" information is very unnatural and feels akin to trying to reverse entropy. You can't unring a bell, and you can't delete data from the world.


Anyone aware of any PFS / perfect forward secrecy that is baked into this or similar projects like briar, scuttlebut, ipfs, zeronet, kinds of things?

I guessing it would be less likely an issue if your friends / associates have a downloaded copy of your messages for the past year if each week a different key pair was made to decipher a section of the data store or something.


The human concepts of ownership implies a very important right that people tend to overlook: the right to DESTROY it, to undo it, to "take back what you said".

This is important, because for physical artifacts having the right to destroy/demolish means having the right to create new things in its place (if I inherit a historical monument castle and I can't f demolish it to a pile of sand by my liking, than that's a scam, I don't really own it; also I might want to demolish it for aesthetic/informational reasons too, to "wipe" a part of its history from the human collective knowledge base).

And for informational artifacts, the right to "undo" or "take back" is also important, because the fact that what you say/publish is there to haunt you forever will have a chilling effect... lots of interesting things will go unsaid unwritten.

You have to burn books/libraries/things from time to time, otherwise everyone becomes afraid to write new books or build new things!

And on a physical level death has the same liberating effect. You know you're gonna die sometime anyway, so you can enjoy that cigarette, it increasing your risk of an incurable cancer by 1e-3 percent will not have consequences that will haunt you forever... Death and destruction are necessary for true freedom, at least for the kind of freedom I want to have.

Things like block-chain/graphs combined with content adressability bring significant limitations to FREEDOM. Endless responsibility and accountability for everything you've done and said would make life of all creative and disruptive people a living hell. Heck, if you're not free from at least some of the consequences of your actions, then why do anything at all, why even carry on living.

And on:

> You can't unring a bell, and you can't delete data from the world.

Yes you can, if you kill someone, a part of the information that is in their head and haven't been shared with anyone yet will be lost forever. That's a good thing imo. If everyone who's heard the bell is dead and hasn't told about it to anyone... has the bell truly rung? The information that it has is irrecoverable now. And you can thank your friend entropy for that impossibility to recover this data and for the liberating effect that this can sometimes have ;)


> than that's a scam, I don't really own it

Legally speaking then, you don't own information about yourself like your address or past actions. The government won't let you erase that information. The only way to make your friends and family forget it is to kill them, which is obviously highly illegal.

Even with efforts like Right to Be Forgotten, Europe isn't positing that you actually own information about yourself in the same way that you're doing here. Right to Be Forgotten is a) balanced against public interest, and b) only applies to information access and indexing. Right to Be Forgotten doesn't mean that you can demand a newspaper burn all copies of an article it wrote about you.

The reality is that "ownership" means different things in different contexts. There's not a single definition. When we talk about "owning" data or Intellectual Property, we don't mean it in the same way that you "own" a wrench.

How can you own something that is inside my head?


> Legally speaking then, you don't own information about yourself like your address or past actions

...and of this: clearly you want just some information to be impermanent or undo-able. I wouldn't want all information about myself to be delete-able. Just pick a class of infos, like "tweets" or "tv interviews" etc. And delete-able shouldn't mean modifiable. If I'd delete a year of my "certified resume" I'd still end up with a "blank year" that wouldn't look good.

There's room for forgettable channels of communication and publishing, from which information can be permanently deleted, and these should also have legal protections ensuring that if someone retains copies of that infos then they are inadmissible in any court, even if they were public at some point. A fully networked society needs such safe-spaces too...


Okay. Does immutability make this harder?

If the information is inadmissible in court, then who cares if there's an immutable copy someplace? We make information inadmissible in court all the time without requiring it to be deleted.

We even make it illegal to ask about age, race, and religion in job listings, and we aren't deleting any of that information. I'm not 100% sure what the problem is.


> How can you own something that is inside my head?

If I put it there, I own it, and I should be able to destroy all proof that it's not purely a fabrication of your imagination. (Sure, you can still know it and use it to guide your decision, but it shouldn't be legally valid any more, and there should be no way for you to convince others it's true.) Yeah, obviously if it's in the heads of other people too, it would be more accounts in favor of that information being authentic, increasing the probability that I am lying about that in a legal situation. But key thing would be that it's a probability. I can destroy the certainty. That could swing depending on context, maybe I'm more trustworthy than the group of people arguing for the authenticity of that piece of information.

Obviously there's great deal of criminal activities that can be protected by going too far with this, so it's a question of "tweaking the dial" until we get the right amount of informational "light" and "darkness". As Jung said, there are some who need light, and some who thrive in the shadows...


There's two problems. First, there's a basic argument from the outside that you're fucking with historicity for no good reason other than that you think that you're more important than humanity.

Second, from the inside, this simply isn't how memes work. Memes are designed to propagate and survive on their own. If your ideas are at all good or interesting to society, and they manage to become memetic, then you have zero recourse, just as if you were Patient Zero for some new plague. You shared it, and unsharing is impossible, regardless of how moral you might believe unsharing to be.

Seriously, take some time and think about it: How many of your ideas and concepts are actually original to you? Almost none of them, right? And if you're honest with yourself, pretty much every concept seem inextricably linked to others. Really, what matters is the structure between ideas, and that can't be shared, since it's private to each person's mind.

Anyway, if this doesn't sway you, I'm okay with it; you're purely a fabrication of my imagination.


> and I should be able to destroy all proof that it's not purely a fabrication of your imagination.

But this is even more problematic. What if you don't own the thing being used as proof? Do you get to destroy it just because it could be used to incriminate you?

For example, if I take a photograph of a public non-performative event, I legally own the copyright on that photograph. The photograph itself is treated like a creative expression. So should you be able to destroy my photograph? Because the law says I own that, not you.

With Right to Be Forgotten, you might be able to have that photograph delisted from Google images, assuming you had gone through a lengthy court process based on multiple determinations of how public the information was and how harmful it was to you. But you can't come over to my house and make me delete it.

If I go onto a forum later and say, "yeah, I can prove this thing happened; here's a photograph", I haven't done anything illegal. Do you think that should be illegal? I feel like at the point where we're talking about destroying physical evidence of something, maybe this is going a little bit too far?


> DESTROY ... and I can't f demolish it to a pile of sand by my liking, than that's a scam, I don't really own it

There are other definitions of ownership more akin to stewardship. Some circumstances recognise others interests and therefore limit rights and elevate responsibilities.

This, arguably, sensible.


> And for informational artifacts, the right to "undo" or "take back" is also important, because the fact that what you say/publish is there to haunt you forever will have a chilling effect... lots of interesting things will go unsaid unwritten.

Yes, that's the root for a lot of information censorship. Society as a whole is still very immature and tends to pretend that not every human is flawed and has a past with mistakes. I hope that we can collectively move past that at some point.


I agree with this, at least in general. Linking content location to content ID is a serious mistake.

I'm not convinced it's worth investing time or effort into something that might make it harder to address the problem of URLs in the future. I get "solve one problem at a time", but I feel like URLs are so fundamental of a problem, you have to get them right first before you move on to other problems. And for the most part, we have gotten them right -- build whatever web replacement you're working on on top of DAT/IPFS, unless you have a really good reason not to :)

A decentralized web is a web where content can be re-hosted and verified by anyone.


Well, maybe this is a fully-fleshed out vision:

https://qbix.com/blog/2018/08/28/vision-for-a-new-truly-dece...


What’s not clear to me is how this will work from a data storage and access standpoint.

In order to have a permissions system, you have to have permissions. For example: read:photos, write:photos, read:running_data, etc

In order to do that, there are a few hurdles:

  - You have to define ACLs for every type of data stored in everyone’s POD. 
  - More complex is to define what parts of what data certain ACLs give access to. For example: I may want to provide heart rate data from my runs, workouts, and temperature data but not GPS. That’s getting very granular 
  - Since every app will have different or possibly new types of data, having a central standard for data types and ACLs will be tough. 
  - You’ll also need a mapping mechanism for where the data is stored and how it’s named and the formats that are being used. Even within a single app, you can denotmalize data and store it in multiple places for different purposes.

I like the principle of this but it seems very challenging to adopt. I look forward to seeing someone solve the above challenges.


Right, so that's one of the reasons why Solid is built on top of Linked Data and RDF, we need the power of these technologies to support those advanced use cases.

The Web Access Control spec is here: https://github.com/solid/web-access-control-spec . In principle, we could support really granular data ACLs based on that spec, the ACL applies to a URL, and you can give any datapoint a URL, so problem solved. In practice, it may become a bit cumbersome, I suppose it remains to be seen how you'd do it in practice, but I think we have a really good start there, there's lots of stuff that can be realized now.

There's a wealth of academic research that applies to these problems, the problem of the Semantic Web community has been that it has been strong on the academic stuff, but not very focused on truly useful stuff that can be done right now (to quote AaronSw). That's one of the things that Inrupt sets out to change. But the good thing is that we're not setting out to solve really hard problems in the dark, since we have that academic research, we know pretty well what's hard and what should be within reach.


Thanks for the thoughtful reply. I think this is a good start and the question still remains as to how usable it will be.

We’ve seen this issue on mobile where users give access to certain capabilities on their phone and then are surprised at how apps use them (camera, mic, location, etc).

The challenge is how to describe these things in the way that the average user can understand and trust.

ACLs, capabilities, etc are generally easy for developers to consume but much harder for the average person to understand.

My main thought is that there will need to be some standardization of data and how it is consumed for this to take off. If a consumer is providing access to their location data in 15 different ways for 15 different apps, how are they even suppposed to keep track and understand that?

Standardization of ACLs/access has become standard on mobile and the permissions are very coarse so they aren’t overwhelming but it often leads to unwanted results. I’ve yet to see someone implement ACLs in a way that is easily consumable by the average user.

As noted, I’d love to see that happen. It’s a tough problem to solve but one that would benefit all users.


it's probably better to use capabilities (as in: having a secure handler to some resource means having some kind of access to it), instead of ACLs. As in Sandstorm (see https://docs.sandstorm.io/en/latest/using/security-practices...)

(note that URLs can't be a secure handler, since it's just a string that anyone can create. But a URL plus a cryptographic signature could be)


Same questions I have from reading "Build a Solid app in your lunch break", the app leverages the friends stored data but makes no mention of how the permissions system might work.


Maybe I am just naive, but this all seems terrible. There are paragraphs of ideology everywhere for every aspect of this and nothing boils down to any understandable description of what engineering mechanisms I can use or how it solves the problems laid out.

I really want to like this, but if I spend 15 minutes clicking the guides, the “build a solid app on your lunch break” link, and going all over the site, and I still don’t have the foggiest idea of the actual engineering mechanisms, something is wrong.

It is hard for me to believe some consortium of really knowledgeable web architects and inventors made this. It feels like a PR website with attractive purple colors to make me feel cozy. But I want to know really how it works!


Terrible seem apt. As proposals go, this seems to border on the insanely naive.

It’s impossible to find in the impenetrable marketing speak, but presumably the backend here is some off the shelf LDP? Existing LDPs tend towards being profoundly unscalable; typically the number of clients they can handle without choking per second is in the low single digits. All of the implementations I’ve seen are more concerned with adherence to an ill-conceived shitpile of “standardize-first, use-case later” W3C standards than ever tackling the core performance and protocol problems.

And I cannot imagine a worse choice for presenting Linked Data to the modern web than RDF. It’s ugly, dog-slow to parse, and is INCAPABLE of representing a simple ordered list without significantly painful work-arounds that practically by their nature force N+1 queries on to clients. JSON-LD solves a lot of this and has existed for years.

And then we’ve got yet another attempt to pretend the W3C’s WebACL spec is anything other than a lunatic’s fever-dream of a UI and UX nightmare. We’ll apparently just expose it to end users to let them manage their data. That’ll end well.

The Semantic Web Community’s biggest problem is that they think continually recreating “existing thing but with as many of these awful W3C standards as they can shoehorn in” is some kind of Good in and of itself, no matter how bad the resulting user experience would be.


> Maybe I am just naive, but this all seems terrible.

I do have most respect for TBH and I would consider everything he thinks and writes about, but this does not sound too good to me either.

The idea of linked data and semantic web has been around for almost two decades now and I have yet to see an application, technique or site that amazes me. On the contrary, most of the things in this space I have seen are bloated, unusable or simply unnecessary - whereas every paper sounds like revolution is around the corner. In that combination, it is the worst of both worlds: academic output, that claims practicality and fails to deliver.

Peter Norvig put it best, when he said: "The semantic web is the future of the web and always will be."

A recent discussion touches upon a few problems: https://news.ycombinator.com/item?id=18023408.


Maybe I'm missing something, but what does this have to do with the semantic web and why is everyone discussing that? Solid appears to be a decentralized identity platform.


The proposal here seems to be that data, as Linked Data (as RDF, specifically) be exposed directly to the web, manipulated by rich front ends written in JS using an RDF parser. The marketing speak is so thick that it’s impossible to discern much of the technical detail, but presumably the server side is an LDP server backed by something (triplestore?).

RDF, LDPs, and Linked Data in general are all child projects of the Semantic Web movement, and nigh-on inseparable from it in practice. The venn diagram of their user communities is one circle.


Maybe this disagreement about what Solid is demonstrates the GP's point that the intro site is a piece of PR puff so that nobody knows what it's supposed to do.


Peter Norvig put it best, when he said: "The semantic web is the future of the web and always will be."

Norvig is a smart guy, and maybe he meant something different by that quote than the obvious reading, but at first blush that sounds silly. If he's saying "The semantic web "always will be" the future because it will never happen, then he's objectively wrong. The semantic web is here and has been for a long time.

The key thing to remember though, is that the semantic web is about machine readable data... semantic web technologies are not, by and large, something end users interact with, or even need to know about, themselves. They empower things for developers, but are mostly invisible to the average user.

Google, Yahoo and other major search engines have been extracting semantic data - in the form of RDFa, Microformats, etc., - and using that data for at least 10 years now.

OTOH, if Norvig mean that it will always be the future because it's always evolving, adapting, and growing, then, well, yeah... of course. And that's exactly where we are. Semantic Web tech just keeps getting better and more useful.


> The idea of linked data and semantic web has been around for almost two decades now and I have yet to see an application, technique or site that amazes me.

Ted Nelson invented the idea of hypertext in the early '60s. It wasn't until the creation of HyperCard in 1987 and the WWW in 1990 that there were practical applications of hypertext that you could put your hands on and use.

Ideas can take a long time to mature.


The failure of the semantic Web is that it's repetitively being built by and for technologists rather than to meet a real need of real end users. It's technologists in a vacuum building approaches that don't actually solve problems that millions of people have. So long as they keep doing that, it will perpetually fail.

Freebase as a prominent example, was pointless for an average person. There was no reason for it to exist in regards to doing something for millions of people.

Wikipedia, Quora, Stack Exchange, etc. are what people want to consume. Until the semantic Web leads to a dramatic improvement on those types of end user products, it's not going to matter.


> The failure of the semantic Web is that it's repetitively being built by and for technologists

The failures of the semantic Web are pretty much the same as the failures of the Web of evil, i.e. the internet: 1. You cannot make people tell the truth. 2. You cannot always determine when someone is not telling the truth. 3. You cannot always make people do things the right way. 4. You cannot always determine when someone is not doing things the right way.

So, you are correct. The true creed of each hard-core technologist is: "Everything would work great if only everyone always did everything my way."


The failure of the semantic Web is that it's repetitively being built by and for technologists rather than to meet a real need of real end users.

The Semantic Web hasn't "failed" and it's not something that end users need to see, know about, or care about directly. It's those technologists that use Semantic Web tech and data to build applications for the end users.

Freebase as a prominent example, was pointless for an average person.

Likewise Github is pointless to an average person. Because the average person isn't who it's meant for.


There is more information on GitHub. https://github.com/solid/solid-spec



The Solid Spec from their github. https://github.com/solid/solid-spec


Same. I clicked "about solid" and it gave no clue what solid is.


[dead]


Ain't we all fed up with the current status of the web? At least there's someone sticking to his vision, and maybe (maybe) his work could inspire others to come up with a real solution.


Were it not so esoteric, I'd be all in favour of something like Urbit that builds a whole new layer on top of the existing foundation with a real push for _personal computing_, not just application services.


Since a real computer costs jack all anymore and gigabit will be increasingly common routers should have an app store. P2P via other peoples routers could handle load beyond what the individual router could handle.



One would think that after a few years of working on this he'd have built a place to post content using it.

EDIT: at least there's the original outside medium on their project page, but seems like just a static squarespace page: https://www.inrupt.com/blog/one-small-step-for-the-web


On a basic level, it seems to be the same old web, but rather than Facebook or some other company storing your data, you store it on a pod, and give the app access to it. Which is fine, until one day you share a bit too much, or you 'create' personal data in connected apps, which the app obviously has access to anyway. Not sure what this solves. Also, I can imagine lots of "pods as a service" popping up, which is kinda scary, because now it's not just your social life that's stored in one place, but ALL your personal data, including medical records and whatnot. Perhaps I've missed something, but they need to elaborate more on the underlying concepts driving this idea, as, like others, I'm not convinced of its validity.


That said, I'd be happy if the NHS (National Health Service in the UK) can just point to my POD instead of asking for paper forms to be filled in each and every time you change your GP.


I like the idea. It's basically an encapsulated portable personal "wiki" for a user (persona) with an open data model that can be accessed by external apps based on permissions.

What it doesn't solve is the problem how this data is going to be used by those who access it. I wish there was some kind of digital contracts that only allow using personal data in a way permitted by the user.


Have you heard of the concept of "homomorphic encryption"? It allows someone to perform computations on encrypted pieces of data, without actually ever having access to the raw data itself.

I have no idea how realistic or how "possible" this technology is for in the near future, but this seems to be a great match for technologies like these.


Yup, it is. Though, I'm not sure about homomorphic encryption, but there has been some work on encryption in the academic community that has very clear application to Solid. Here's a paper written by some friends of mine: http://epub.wu.ac.at/5818/1/10.1007_978-3-319-58068-5_37.pdf


I've found https://www.openmined.org use of homomorphic encryption to be really interesting, (+ Unity integration!)


The answer is not at all realistic or possible. Homomorphic crypto is a mathematical curiosity, not something that is any actual use currently.


https://hyperledger-fabric.readthedocs.io/en/release-1.2/acc... there are several emerging approaches to deliver that level of control over identity and artifacts. Each identity you provide to apps will have a root folder where you store the smart contract which maintains your sharing preferences and permissions. It's early days, but progress is being made, and it seems as if there will continue to be strong forces of co-opetition across the web3/indy web, and federated multi-verse. It will be interesting to see what kind of standards ultimately emerge and which community leads that charge.


How does this solve problems of data leaks? Let's say some social network uses this Solid framework and you login with your Solid POD. Can't the social network then just save your data into a database? Now when the social network gets hacked millions of personal data is still released into the wild?

What I'd like to see, is every device run a small process which can read the user's data. Html then has a syntax that can be interpreted like

{{ solid://mydata/name }}

{{ solid://mydata/profile.jpg }}

{{ solid://mydata/age }}

etc.

That data is on the user's device encrypted. Apps can never read your data, they can only tell your device to display that data.

That way developers cannot read your data, store them in their own databases, and then accidentally get their own database hacked and we are back to square one.

I'd like the data on your device to be encrypted and have some type of homomorphic encryption such that if an app were to show average age of users, then an app would be able to run some sort of `select average(age) from users` but since the encryption is homomorphic, the app never learns information about any individual user. This would apply for machine learning operations too, so that we could get netflix style recommendations of movies, without a company ever learning what movies we liked, our age, etc.

However, I don't know the first thing about homomorphic encryption so I guess I just have to wait until some great soul builds something like this for us.


I might suggest taking a look at Blockstack and Urbit, which are efforts to do the exact same thing through two completely different approaches.


Two years ago I wrote a little Progressive Web App which stores its data in an offline cache (browser) and syncs to my Nextcloud via WebDAV. IMHO that has pretty much the same advantages that Solid proclaims.

I mean, in spirit I seem to value the same things as Solid (decentralized, own your data, etc.), but what I don't understand is why it has to introduce so many abstract/new names when it wants to be 'simple'?

Building on top of the Semantic Web concepts isn't going to help either as it has enough disadvantages of its own (e.g., complex standards without adding any real value).


ActivityPub suffers from this problem as well but has become widely used.


Who's "Inrupt"? The main Solid site is https://solid.mit.edu/".

Inrupt is not in Crunchbase. They don't have a business address on their site. They try to get people to sign up without giving terms and conditions first. And they want you to give them access to all your personal information. Right.


So, we're kinda dogfooding that, we're not only building decentralized social networks, the business is also decentralized, so we haven't got any big corporate offices. A lot happens out of Boston, but I'm based near Oslo, Norway, we have people in Belgium, Czechia, France, Costa Rica, etc. Nevertheless, you're right, we're a responsible business, and we should identify with a business address.

And we definitely need a ToS and a privacy policy, etc. The explanation for why we didn't have that is that the code running the sites that we put out there for people to try out is the same code you'd use for your POD on your own box. And most of us are running that code on our own boxes (mine is in a server rack in my basement :-) ), and those installs don't need a ToS. :-) So, you're right, we should have that as an option, so I filed a bug for it: https://github.com/solid/node-solid-server/issues/799


It's a company founded by Tim Berners-Lee himself, As a way to propel Solid.

From https://www.inrupt.com/blog/one-small-step-for-the-web:

    So I have taken a sabbatical from MIT, reduced my day-to-day involvement with the World Wide Web Consortium (W3C) and founded a company called inrupt where I will be guiding the next stage of the web in a very direct way. Inrupt will be the infrastructure allowing Solid to flourish


Fast Company wrote an article about Inrupt, published on September 29; see the link below. It has been in stealth mode and is only just launching publicly this week.

https://www.fastcompany.com/90243936/exclusive-tim-berners-l...


A company of some respected people it seems: https://www.inrupt.com/meet-the-inrupters/


Theranos had an impressive collection of names, too.


Please correct me if I’m missing something that technically prevents this, but once you grant a 3rd Party access to your data (via a SolidPOD), what’s to stop them scraping it and keeping it for themselves in order to build a profile on you?


Seems like a better marketed, but less-technically well thought out version of Sandstorm (https://sandstorm.io). Perhaps they should have acquired the IP from Kenton Varda.


I had the same thought. The hard parts really are the containerization of apps, and the auth and permissions model. Sandstorm as far as I know is the best thought out attempt at tackling those problems.


Solid appears to use TLS client certificates for authentication. (Granted, they're working on some kind of OAuth integration too.) WebID-TLS appears to have the same severe drawback that HTTP authentication does: the UI is provided by the browser, and so can't be customized, branded, or tweaked in any meaningful way by authentication providers. The TLS certificate dialog my browser presented just now attempting to use the "hello world" live demo also appeared to be extremely intimidating for non-technical users: for example, it presented long strings of hex numbers.

I don't think Solid is going to get any meaningful adoption until the signup and authentication flows resemble those of major current social platforms, which have enjoyed years of usability optimization.


I don't get it...

What is a pod and what's so great about it? Something about controlling your data... Storage space... Secure USB stick for the web? So I can mount it and add/remove files from it? Like dropbox or something?

I clicked "Get a solid pod" and it asked me to register, which I did, after which it dumped me into some kind of "home page". Clicking "get started with solid and data browser" brings up instructions for creating notes and calendars and text files in a very primitive interface. There's no link to get back to the "home page" and the back button doesn't work because it's force-forwarding from an interim url.

So is it like a primitive owncloud? What's it supposed to do that's valuable? What am I even looking at?


My reading of it is that it's a database you control that you can allow third-party web applications to use. So instead of the web application storing your data on their servers, they store it on yours.

From the perspective of the end user it's useful because retain control over your data, so there's no barriers to switching to a competitor, for instance.


So, I need to ensure that my POD(s) are up and running just to access other services (which will read data from my POD) ? Isn't that a step backwards ? or am I missing something ? Will the data be cached somewhere, so the services are accessible even if PODs go down ?

If people can't run their own POD servers reliably, then they need to use some other cloud POD providers (Inrupt, as mentioned on the website). Which means your data is now with a third-party.

    Solid changes the current model where users have to hand over personal data to digital giants in exchange for perceived value
Won't Inrupt become one of those digital giants (in context of Solid) with access to numerous PODs of people who cannot reliably host them ?


I really would like to support this, but I seem to miss the big picture. Looking at the github repos, Solid appears to be mostly about giving a second life to TBL's and W3c's failed pet projects, notably semantic web, linked data, RDF, SPARQL, JSON-LD.


What's wrong with bringing those back to life? Their organizing features have been unmatched by any application we have today, except maybe wikis.

They didn't fail for not being useful, but because their engineering was clunky and their demands on resources were way beyond the hardware of the time. Also those systems were too complex for the classic programming techniques. Now that we have a better understanding of reactive programming and async dependencies, maybe we can finally build the tools ecosystem to take advantage of homoiconic data, and these systems can take off.


I think Solid is the way those inventions (Linked data, RDF...etc) were meant to be used with each other.



Something like Solid probably needs a strongly inforced GDPR in place. Otherwise big actors can just access all the private pods and cache them in their own big data stores, and we are back to square one.


But what prevents an app that you gave permission to from copying your data and selling it to third parties, just like Facebook does?



Well I feel like an idiot, I populated my 'pod' with a couple of personal details, and now have no idea how to undo what I've done* and haven't received a confirmatory email to my address so now have some 'thing' on public space I have no control over, no understanding of and no ability to delete.

Not a great start.

* Ostensibly I've over-written with nonsense details, but a cursory check in another browser, not signed in, shows the same original information.

What a mess.


Use the Access Control pane to remove public access from whatever you are worried about. If you go to your public folder in the data browser, then select the sharing control pane by hovering at the top of the pane so the pane icons appear and then click on the rainbow icon. You should see the access control list including yourself at the top as the owner, and public (a globe icon) at the bottom as readers - in green. Delete the globe icon line by hovering at the right side, clicking on the read minus sign, and then confirming you want to remove the public. (If you need to drag it back, there is a globe icon at the bottom you can always grab to drop into the access control list.) Sorry not better documented!


Mmmmm, sorry. So, we have an #UXFAIL here. I've relayed it on to the rest of the inrupters. Obviously, we're happy if you have more detailed experiences to share, there's a bunch of frontend stuff to fix (I'm working mostly on the server side and developer experience stuff).


Why do you populate your personal details in the “thing” you don’t understand and have no control over in the first place?


Yep, an entirely valid point and the reason I called myself an idiot - I used my real name and my email and I stupidly assumed I'd have some immediate control over public visibility, or at worst, the ability to undo what I'd entered or nix the thing entirely.

Given the sign-up asks for both details and I assumed there might be some potential for further use here for a platform created by a trusted party, I unthinkingly stumbled with the minimum.

I usually - which is to say always - don't, but here did.

Not looking for sympathy or sanctimony, just relaying my experience.


https://solid.inrupt.com/how-it-works

Ok, I like it. Throw in some homomorphic encryption in the future, and maybe we can reverse all this SaaSS nonsense of today.

I love the data stays owned by the user. It's how it should be. I hope the system has some provisions against applications encrypting the data on on user's POD.


That page doesn't explain how it works at all :(


Yeah :(. I just finished browsing the page and unfortunately, there's surprisingly little technical details about anything. Oh, you can build a client app with Angular. Cool. I'd much prefer to know how it all works.


Paging Kenton Varda and the company/product/system he and his team created that does something very similar called Sandstorm: https://sandstorm.io/. (Kenton also led the protocol buffers team at Google which is their main format for data interchange).

I'm curious how this is different.


Hello... you paged?

It looks like Solid has progressed since the last time I really looked into it. But, from what I recall, Solid focuses on standardizing data formats and storage... but not compute. That is, all of your personal data is stored in some central location chosen by you, and then web apps can access that data (if you give them permissions). The web apps themselves still run on their own servers, controlled by the respective developers.

I'm skeptical of this model because:

1) If the code still runs on the developers' servers, there is no way to place technical restrictions on what they can do with your data. They can make a complete copy of whatever data you give them access to, they can store additional telemetry on the side, etc.

2) I think developers will resist standardized data formats because it makes it hard to develop new features. If you want to build any feature that requires storing additional data, it needs to be supported by the format. Perhaps the formats are extensible, but if multiple vendors do not agree on the extensions, then your data is no longer portable, defeating the purpose. I find it hard to imagine that any developer will voluntarily restrict themselves in this way without a huge incentive, and I don't see what that incentive is. (Certainly, not enough people care about data sovereignty for that to be an incentive.)

My opinion is that data sovereignty efforts must focus not just on storage, but on compute. The servers on which code actually runs should report to the user, not to the developer. Developers should build apps, which run on the user's servers. This way, developers are still free to create whatever data formats they want, but the user ultimately controls the storage. Other developers can attempt to develop "compatible" software which can read the same data, but this doesn't hold anyone back from adding new features to their own software.

But my own attempt to create such a platform didn't work out. So, you know, you shouldn't necessarily listen to me...


If I may, I’ve been bankrolling a project for about 7 years along these lines, and I remember being very impressed with Sandstorm. Our approach was a bit more “Wordpressy”:

See the video on qbix.com and qbix.com/platform

We just wanted to focus on developing a general-purpose “operating system” for social networking, so startups and any communities can build their social networks by just installing the system, getting plugins and throwing reusable components on pages (like chatrooms, collaborative documents, group rides, etc.)

That way we can get real user and community adoption and then gradually decentralize things like so:

https://qbix.com/blog/2018/08/28/vision-for-a-new-truly-dece...

To date we have about 5-6 million users download our apps, and around $1M in revenues that we can reinvest into this thing. I would love to speak more to you by email if it makes sense... please look at the above links and let me know your thoughts.

I really believe that the project that will really make this take off will have to work backwards from user adoption (by doing for social networks what Wordpress did for blogging) and then incrementally move towards the decentralized architecture where everyone owns only what they are entitled to. The key is to avoid painting yourself into a corner, so that you can decentralize your own software later without losing features. But until now we focused on actual killer use cases, like this:

https://youtu.be/Z7Q7IzVv1VU


Reading this comment, I'm saddened again that Sandstorm failed, and that you had to abandon it to work on something that, while technically interesting, doesn't advance end-user freedom as Sandstorm tried to.

And I'm ashamed that I didn't do more to get behind Sandstorm sooner. I suppose this is too little, too late, but I just signed up for the Oasis power-user plan. I suppose if a few thousand of us did that, then you and a handful of other people could work on Sandstorm full-time again.


Thank you for your kind words.

FWIW, while my current day job (Cloudflare Workers) is not immediately aiming to solve the same "political" problem as Sandstorm, it turns out we have to solve many similar technical problems, in that we are building a massively distributed platform for applications. For example, we'd like it if an application built on Cloudflare can store each user's data in the closest Cloudflare location to that user. That means applications need to be designed to treat each user's data as a separate unit that can independently migrate. If we succeed in getting applications to do that, then it becomes a much smaller technical step to say, OK, now let's store the data on the user's own machines.

It may turn out that this is a much better technical basis for what Sandstorm wanted to do, while making the "political" problem far less ocean-boiling. That's my hope, anyway.


Not simple enough to attract anybody but geeks. The landing page of a project with ambitions to replace the existing web should target simple users and let them get in, see and access the value in a matter of a click on a very visible button labeled in a very obvious way rather than requiring them to learn how it works (the majority of people bringing money to the internet have no idea of how it works and little desire or capacity to learn that) and expecting them to get a clue they are supposed to click a button with a mysterious label "get a POD" and making them decide if they want their free pod to be provided by a commercial or a non-commercial entity (I bet they will rather click "apps" but there seems to be nothing there). Geeks like us are probably going to love it but geeks alone can't replace the web and fill it with economic value, we are to attract ordinary users.


Interesting idea, but I'm interested in the security implications. Now I have a Pod that has all my data in it, and I can host this pod anywhere I want. Great, but its now the single target for getting all data on me.

I get that its great when its working and secure, and I can control it. But exploits happen, and now all my data is in one place.


I believe (from scanning the website quickly) that you can host your own pod, but you can also put your data with third party. Currently, it offers 2 free options from a commercial provider and a community provider.

So in terms of security, you can choose to trust a 3rd party with hosting your data, keeping the apps etc up to day or you can host it yourself. I'm not sure what's better!


You are correct, but in this world I'm choosing a SINGLE third party to host ALL of my data. There's no distribution of risk, my data portfolio is undiversified, etc. They get hit, its all over.

In fairness, I guess I could have a bunch of pods like financial, social, pictures... or even a pod for each service: facebook_pod, bank1_pod, etc...and host them all with different third parties to try to minimize risk. But this gets incredibly cumbersome.


Any idea if data is encrypted by default? I didn't see any mention of encryption... or, TBH, much of anything other than rather ludicrous marketing language, which is very disappointing from TBL


I don't quite understand "how". It all sounds magical.


I could be wrong, because I'm also a little bemused by the lack of specifics on the site, but it sounds like the Pod stores sort of "quanta of shareable information" (photos, essays, one's phone number, etc.), and makes them accessible via authenticated APIs.

So instead of posting a photo on Facebook, Twitter, and Instagram, one would (ideally) authorize Facebook, Twitter, and Instagram to read photos stored on the Pod with a "shared publicly" tag (or similar), and then anything with that tag would show up automatically in one's feed on all three sites, and (if also authorized) push reactions and comments back to the Pod.

If I'm understanding correctly, it sounds like a neat idea. I'll be interested to see how well it does.


How is this different from https://tent.io ?

Exactly the same principle, but it failed to get adoption. Perhaps because users don’t care where their data is stored, and most can barely comprehend it?


I like the spirit of this, but expecting average internet users to buy fancy hard-drives to store their data for apps that don't exist yet, simply to be free of the cloud, is way optimistic.

Also, having a Solid pod does not prevent the worst kinds of personal data abuse, such as identity tracking and brokering of tracked data. I don't care that Facebook stores my photos, but I do care that they've built a profile around the contents of them.


Seems to be a rebranding of Linked Data. Need convincing that Linked Data is key to decentralized applications.

I do think that the Semantic Web is still a cool idea though.


One advantage is you can build up your data and different apps can re-use that data. Presumably you have to grant permission to use that data but apps could easily ask for access to much more data than it needs? This seems a little dangerous because people just say "Yes" when they want to use something. Or does it have a strategy for dealing with this?


The (initial) killer app for this has to be warez. Messaging and publishing seem like compelling uses, but to get people to bust out the credit card to some pod host each month before there's a sufficient network built up to make those attractive, there's going to have to be a lot of pirated content available somehow.


I'm on mobile, so please excuse my innacurracie, but from memory how it works is pretty simple. A solid server is sort of like Dropbox. everything is a file, and you can give apps read-write access to a "folder".

It also recommends the use of some XML thing so that all your "contact" objects are the same format.


Sounds about right. Even if we imagine that developers adopt this technology for some reason, what's to stop them from also keeping copies of any data they are granted access to? or just using it for auth and giving you no direct access to your data? It all seems too idealistic, since developers derive little benefit from the added complexity.


The "Centralized to Decentralized Recursion" is a bit like Moore's Law.

It works for all aspects the digital ecosystem. Clients, Data, Bandwidth, Storage, etc.

Centralized -> decentralized -> centralized -> decentralized -> centralized -> decentralized -> centralized -> decentralized -> etc.


From the visionaries that gave us RDF and the Semantic Web.


Yes, Solid is something to looking forward to.

Many years ago, we face the vendor lock-in problem from the software giants, due to proprietary data formats. Thanks to Berners Lee, W3C, XML and open source community, that is less of a problem today.

But now we face the problem of vendor lock-in, not due to proprietary formats, but due to cloud-service lock-in. With all the software giants, Microsoft, Google, Facebook, Amazon, ... offering their services primarily as cloud services, this cloud lock-in issue is going to become more severe in years to come.

It's a new war the software industry needs to fight. It cannot be addressed just by one person, one project, one organization. It needs collaboration from the entire community.


This sounds good but in practice is hard to implement. Even for email clients we started to display generic/html pages to handle the authentication because we couldn't agree on a standard api/protocol. I doubt we will move into semantic web anytime soon.


I gave this talk[0] a few weeks ago at MyData 2018 about ActivityPub. Dmitry was going to come and talk about Solid on the same panel, but couldn't make it last minute. So I spoke a bit about Solid at the end too, and compared and contrasted.

Kim Hamilton Duffy gave an illuminating talk right before me about "Decentralized Identifiers and Self Sovereign Identity Standards"[1]

lmk if any feedback or questions

[0] https://www.youtube.com/watch?v=ikCumzhfV9k

[1] https://www.youtube.com/watch?v=KsIM0zq37fU


I don't understand.

HTML5 is on the way to become this. You have permissions, local storage, indexedDB, and a ton of APIs. Anything else you need you can just submit it to the HTML5 working group (e.g. shared data)


Maybe I've been programming too long, and I saw Solid POD and I read "a solid pile of data." Perhaps that was the intended play on words. I never saw the english word "pod".


It's like two peas in a pod.

Or a pod of whales.

https://www.merriam-webster.com/dictionary/pod


I didn't say I don't know what "pod" means, I meant I did not see that word, only the acronym POD, when reading about this product.


There's a broader set of problems with the whole 'personal data store' space and a lack of evidence of user research to address big problems users have and incentive for companies / app developers that would drive the necessary adoption for impact. https://medium.com/@shevski/how-solid-is-tims-plan-to-redece...


So it's Diaspora meets a CMS? I thinking the issue here will be the chicken and egg problem - how do you bootstrap something like this without a killer app to drive adoption? After a certain critical mass adopts a system like that, all web applications start getting pressured toward supporting it too, but how do you ever build that critical mass to begin with? The whole point of the system is to prevent vendor lock-in, so what's the vendor's incentive to help make it popular?


I'm thinking the incumbents of each field that has a vendor lock-in problem could gather around this common platform and provide an open ecosystem as an alternative to all the monopolies that don't respect their users.


In order for apps to make use of your POD data you’d have to give them access to it and once they have it you’re back to the same experience as pre-Solid, right? What am I missing?


I like this and I'm in favor of decentralization. However, it's hard to imagine decentralized beating centralized when centralization has such a huge economic incentive. We need to create an environment where people and developers are incentivized to use/build decentralized systems. Maybe through law? Like a carbon tax would incentivize people to buy EVs. Data tax.


Tim Berners-Lee may have invented the web, the wonderful, inclusive, open-to-everyone web. But his new focus is DRM for everyone. DRM is the complete opposite. Horrible, exclusive, open-to-money. It started with supporting EME, now this. I hate that he gets to use his own name to promote this, even more now that there's a "Sir" prefix.


Can someone clear this up for me?

"This Solid POD can be in your house or workplace, or with an online Solid POD provider of your choice."

"you never have to sync, because your data stays with you"

If you choose to keep custody of your own "pod", how are you supposed to achieve redundancy without some kind of sync / backup process?


I don’t want anyone to be custodian of my data since a hard drive costs so little and my data is supposed to be so valuable. There is always an incentive to break in and steal it. or just use it in unscrupulous ways like tge multitrillion dollar grift system we call the tech industry does daily.


Content is editable when it's allowed to be edited. We have "guestbooks", "chats", boards, commentaries, forums, even wiki-sites long time ago, so this issue is solved, "Solid" doesn't sound revolutionary in this scope.


The hard part is ID, you need either a centralized authority or a standard specification.



Honestly, for something this long in the works I was expecting a UI less... retro?

I hesitate to call it outright bad, but I have no idea what to do after I create a pod. And I'm someone who knows how to write Solidity.


So is the idea that we're going to swing back in the direction of personal websites again? Pretty much like an Angelfire 2.0?

What separates this technology from everyone just making their own websites?



Is the protocol open and documented? I couldn’t see it.


So how is a pod different than a self-hosted database?


Yeah, and how do people know which format the data has you put inside.


I really have to ask the perennial VC question: "Why Now?" . What changed that makes this technology ready for mass adoption?


Now remove Berners' name from this PR tide and try to make sense from all of that. Looks like another VC pump and dump project


Mh, can someone explain how is different this idea from old Plan9 model, except from the big limitation of "web" tech?


One idea on top of this would be to store hashes of your files on a blockchain, to be able to prove original ownership.


I have had a similar idea about the future of the Web. Instead of navigating to websites that give you both data and presentation, how about sites that only give you data adhering to a defined convention. Then you can consume this data in a common ui and visualization platform that can merge data from various sources for you and answer questions and visualize info on the fly.


How could you build advertising into the data?


Hm sounds reasonable. There can be a standardized markup language, maybe like a simplified SGML or something?


Hahaha, right? You're just going to rediscover the same path that lead us here to start with.


What convention did you have in mind?


We can create a language for it. It could be like HTML, using tags, but extensible, and the author could declare the schema of the information.

You could even mix data from different schemas in the same document, using something like namespaces.

Like, some kind of extensible markup language, almost.


Sounds like RSS and Atom.


This sounds like Blockstack. They've been in production with this for at least a year now.


Let me know when they have a new browser that doesn't use HTML and JavaScript.


It seems like steemit.com may be a better model. On steemit, all of the data is public on a blockchain. As a result, things you share are public but not locked into any one application. Many apps exist using the same underlying structure but serve completely different purposes (See dtube)


How does this compare to Urbit?


Disclaimer: This comment contains some self-promotion (as we are working on a related solution)

Solid overall looks very interesting, and I can very much empathize with the "decouple data and applications" magic aspect of it (even though they're not doing a great job describing it). My personal experience has been that with a good linked-data approach, building apps can become a lot easier, as linked (more specifically semantic data) mimics traditional information gathering much better, where you start with a small information point, and then enrich the data by just adding more and more related data points to it. I also found that a linked-data approach lends itself better to adaptive UIs, where one entity might be missing data, that another one has.

All that being said, I feel like Solid made some (non-)decisions that might lead it down the same path as the things that were tried in the last Semantic Web hype:

- Solid is using the same old linked-data formats, that are largely URL based. The problem with URL based systems is that the content behind those URLs might at any point disappear, or change. That makes it especially hard if you try to achieve some semantic conciseness, where the data you entered keeps at one point in time is guaranteed to keep its semantic meaning forever. - In a world where most application developers think about data models on the level of database tables, RDF/JSON-LD is too low level and verbose when trying to use it for building something sophisticated. W3C also standardized a higher level format, OWL2 (which can also be expressed in RDF(S)), which provides a nice abstraction level in its native form.

Those are some of the lessons I've learned while working on Rlay[0], where among other things we've built a content-addressable adaptation of OWL2[1] for the decentralized web. We had to cut some small parts out of the specification so that the semantic stability of concepts is guaranteed when adding additional concepts to the worldwide ontology everyone is sharing, but overall the expressiveness is the same.

Content-addressability has many nice side-effects, but the one I like the most when it comes to Semantic Data is that it allows for a much more organic evolvement of the concepts people are using. If you decide to add a new property to a concept, you can just do that, get a new content-addressing-hash and start using that instead of the old one. No need to add it to the de-facto centralized schema repository that is schema.org.

I hope I didn't go off on too many tangents here. I've been meaning to write a blog post about the topics I touched on for a long time, but never really got around to it. Well at least this comment exists now.

[0]: https://rlay.com [1]: https://github.com/rlay-project/rlay-ontology


Looks like an MVP (Minimum Viable Product) with a sharp landing page to attract attention


how is any of this different than "hotlinking" the A or IMG tag in html?

it adds absolutely nothing besides that.


Again


> Step 2: add jQuery

....


blockstack?


Please change "solid" to "Solid" (note capital) in the title.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: