Hacker News new | past | comments | ask | show | jobs | submit login
Scuttlebutt – A decentralized secure gossip platform (scuttlebutt.nz)
346 points by dgellow 10 months ago | hide | past | favorite | 164 comments

SSB is such a wonderful idea. There’s no global timeline — just archipelagos. It assumes that network heterogeny is the default, and is transmission layer agnostic. Breakages will occur. Maybe you’re living on a catamaran in the South Pacific and you only have connectivity once a month — SSB will work even then.

Your own timeline is a sigchain — a sequenced list of signed messages. You replicate the content in your network (2 hops away). Bridges between communities can be built or burned. Many islands can exist without needing to erase the others from even existing — mutual separation is possible. Consensus is not necessary.

Is global network culture still possible? If it is, in the midst of the national internets we now live inside of, I suspect it will look something like this. A little different from what we were promised, but maybe a little better too.

Founder actually lives on a boat in NZ

That’s where that reference comes from of course :)

And maybe also SSB, which also stands for Single Side Band and is a way to get data over marine radio.

> Is global network culture still possible?

I'm thinking the next constellation of LEO satellites will cover the planet with high-latency (e.g.: 90 minutes) and high-bandwidth connections. If someone can fulfill your request in your footprint, you'll have low-latency bandwidth for a few minutes. Otherwise, someone else in the shell will send it up later once the satellite is in your footprint and get it down to you later once you're back in the footprint.

All you need to do is send a request to someone else in your shell and they'll upload it the next time the satellite passes.

Probably some centralized or decentralized crypto payment to make it all happen. Still need cheaper phased-beam arrays though.

Do you have links to expounded, introductory writing? I'd love to look into this type of architecture and play around with other domains.

For a look at SSB in particular, I would strong recommend the protocol guide — it explains the core ideas quite well, which I think are broadly applicable to future networks of this pattern: https://ssbc.github.io/scuttlebutt-protocol-guide/

I absolutely love the simplicity of Scuttlebutt, but the APIs and (dev)user extensibility are anything but, imo. I hope for continued work there.

As an example, i wanted to write an application on top of SSB. I found it difficult to determine _how_ to achieve this though. Conceptually the appendlog is stupid simple, but SSB still has meaningful complexity in the secure handshake implementation. While they do have libs, it mostly seemed JavaScript (NodeJS) was the only meaningfully complete lib to use (where as i am on Rust). I also found it difficult to determine what the network would accept. If i write an app and start pushing blobs onto the network, will they reject it because they're not of the same type? What if my data is too big? Am i abusing the net?

I also had difficulty conceptualizing how to write app data in SSB. It felt like i needed to abandon SQL or common application interfaces for data. Having to reinvent wheels in the application code because SSB-data is mostly (i think?) a JSON blob store felt bad.

Shared identities also proved to be a bit of a blocker. Since the app i was writing wanted multiple devices to author data the notion of a device identity came up, and at the time that didn't seem well (or at all) supported. I didn't want to invent my own mechanism that would later seem invalid to the community.

For now i decided to hold off and implement my own SSB friendly data storage mechanism. Since i know the data layer of SSB is simple, and SSB folks have proven it can handle Git fine (they distribute their source in SSB iirc). I imagine my own data later will plug into SSB without issue.

These aren't critiques of SSB exactly, just highlighting some areas (for anyone interested) where SSB is currently weak in my mind. I love SSB. Even if i end up using an entirely different p2p tech stack than SSB, it has changed my way of thinking on this. What SSB does right is everything that i dislike about IPFS. SSB is small, simple tooling. It feels like Git. Not some huge complex network of IPFS nodes, but 2 people, 3 people. It can work over P2P, email, floppy disk. It can be more, but it also can be less. And that's something more projects could adopt.

I've wanted to write a longer blog post about this, but after a few years of working on SSB I appreciate you highlighting these pain points. I think everyone in the SSB maintainer community feels the same way.

My hot take: Scuttlebutt should be something that you can implement yourself in an afternoon. I've done this a few times, using Python, Node.js, and Deno, but I've only implemented the message type. (Not Multiserver, MuxRPC, Secret-Handshake, Box-Strean, Private-Box, or any of the other protocols that are associated with SSB.)

> It feels like Git.

You got it. You could express an SSB chain with Git and a pre-commit hook (to verify messages), but using Git as your database is even harder than learning the toy database that SSB uses.

Various links:

- My SSB data expressed as a Git repository (outdated): https://github.com/christianbundy/ssb-git-data

- My speedrun SSB implementation with SQLite, using HTTP for replication: https://github.com/christianbundy/http-ssb

I agree that the nodejs implementation makes contributing and using the libraries difficult. There are rust libraries being worked on and incorporated into the project as we speak, so if you feel like contributing, now might be a good time to look back into the project.

Alternatively, if you're interested in a replicated datatype that was written specifically for Rust, which is more compact than JSON, I'd suggest looking at RON:

http://replicated.cc/ https://github.com/gritzko/ron

Thanks for the analysis. Have you checked out Matrix? I'm looking for a p2p network layer and am most attracted to it so far but haven't used any of them yet

I've been debating Matrix too! Though, i've not looked into it. My hope was to make (as i mentioned) a Git-like layer for my data that was in the way i wanted (wheels reinvented hah), which would work over SSH/Email/etc, and then plug it into a mature P2P setup. Matrix is definitely on the list of P2P impls i want to look into.

Though so far i've never heard of anyone actually using Matrix for a generic P2P backend. I'm curious what you've found on Matrix for this use case?

Just been poking around the site really, and I dig their vision. This in particular is inspiring and exactly what I've been hoping for too for a long time:


One of the cool features of SSB is making actual P2P a first-class feature. It works just as well on an isolated private adhoc network as it does over the web.

I wish more dencentralized/federated services operated this way.

Matrix is making p2p a first-class feature, and how they’re doing it is pretty simple. They’re just embedding a “homeserver” right onto the user device alongside the client.

With the new fast homeserver efforts, like Dendrite and Conduit, this suddenly becomes feasible.

Just as a reference for anyone else like me who was not familiar with this effort: https://matrix.org/blog/2020/06/02/introducing-p-2-p-matrix

"Tending and pruning are not a stranger’s duty, it is through near moderation and free listening that we improve our surroundings" https://scuttlebutt.nz/docs/principles/

What does "near moderation" mean?

The idea is that moderation will be based on who you trust.

First and foremost, that is yourself, i.e. you can moderate your own timeline by choosing who to follow or block. Since this happens on your device, there's nobody who can interfere with this.

Further, it also means that you can trust your peers when you want. One default behaviour is that if you do NOT follow a feed A, and feeds B and C, who you do follow, each block A, your client will not by default replicate A's messages and thus you won't see them. Of course, if you unfollow B and C, or if you choose to explicitly follow A, then you'd see their content again. That's what I would understand by "close moderation" anyhow.

Censorship by osmosis?

If you follow people you don't trust to understand these mechanisms, and wield them accordingly, then maybe. But IF you understand how this works, the client will never prevent you from reading something you would want. And it's hard-if-not-impossible to prevent the client from fetching a specific feed. So in that sense, no, not censorship.

It is good practice on SSB though to make a comment on why you block a feed. There are many reasons, from NSFW content to actual harassment to simply spammyness being an issue when you replicate the entire feed onto a mobile device.

Of course, that practice is not enforced by technical means. But it is still quite common. And in that case you actually get a notification.

Depends what you mean by “censorship”.

It's free listening — you have the right to choose whom you listen to.

I believe it means handling moderation yourself rather than relying on platform providers to do it for you. You have to choose your peers that you receive content from carefully rather than rely on platform moderators to filter content.

I get it. Remember killfiles on USENET?

About the only thing considered universally intolerable and subject to administrative removal, at least on USENET's alt.* hierarchy, was spam. But spammers could spam faster than cancellers could cancel, so it eventually overwhelmed the platform.

Spam was not why I stopped using USENET, I expect the same techniques that worked to clean-up email would have worked with that if we’d hung around a bit longer. It’s just that the overall maintenance required too much work (and legal risk) by ISPs and clients alike, in terms of disk space, synchronisation, integrity checks, backups, etc etc.

Scuttlebutt inverts this idea of cancelling — as a new user you're just shouting into the void until you persuade someone to follow you.

Essentially, each user is just writing their own diary. If you follow someone, your client periodically asks around for a copy of that person's diary.

No-one's gonna ask for the spammers' diaries.

But then you could just subscribe to some peoples RSS feeds (or .plans for the archaic people ;). At some point you want to "listen" to a group/forum where you don't have personal control over every member and as soon as a spammer joins you'd get their spam.. how does this work in scuttlebutt, or maybe this is not a use-case it tries to supply, is it just a twitter-clone? (I don't know anything about it...)

I guess you could design a group so at first only a few get hit with junk from a new member and as long as nobody stop listening, others would eventually accept the new member as well.

Just thinking on this use case as USENET was discussed elsewhere here as an analogy, maybe it's not relevant at all.

> At some point you want to "listen" to a group/forum where you don't have personal control over every member and as soon as a spammer joins you'd get their spam.. how does this work in scuttlebutt

Scuttlebutt clients typically request the feeds of anyone you follow, plus anyone _they_ follow. (This is called “2 hops”.) If you only follow Alice, and Alice follows Bob, you'll also see Bob's messages. Then if you choose to follow Bob, you may also see Charlie's messages; and so on.

It builds a social network in the original sense — neither a bubble with sharply-defined edges, nor a global free-for-all.

I see messages from people I don't really agree with (because I follow someone who follows them), but they're not strangers with wholly-incompatible worldviews.

And because they're not strangers, and because messages tend to be slow and considered, I'm more likely to engage constructively with their different opinion (even if that's just by listening). It's anti-divisive.

Proof of work makes this expensive.

on a tangent, alt.sysadmin.recovery was a great place.

I can see the appeal. I imagine this means that if none of my friends follow conspiracy theory content, I won't see any of that, and if one of them did, I could presumably block the conspiracy theory content feeds while still following my friends.

The downside may be that, presumably, this puts everyone into a bubble even more than Facebook did? At least there is no algorithmic meddling or centralized content control.

On the other hand, having to take conscious action to enforce the bubble (rather than needing to take action to pop it) might be beneficial / lead to less of a bubble.

Last time I looked it was half baked and not easy to use, has it changed in recent years or months and can it be considered practical in a way that let's say Matrix is?

Some updates:

Oasis is a new frontend (alternative to the Patchwork desktop app): https://github.com/fraction/oasis/

Manyverse continues development, including working on low-level database improvements, and gossip "rooms": https://www.manyver.se/blog/2021-01-update

Planetary (iOS app) approaches public launch: https://planetary.social/ https://viewer.scuttlebot.io/%25kXEXGmyNyo%2BuKkcySMwghVKpvR...

I don't see how these apps dont eventually get taken down like the Fediverse apps earlier this year. Eventually (probably once it's polished enough to be usable) the deplatformed communities will discover SSB and then Google/Apple will take the apps down.

Manyverse’s work on room servers version 2 will be huge.

The rooms will function a lot more like real life buildings. Some will be private like homes, some will be public like libraries, others will be restricted like a club.

Really cool development!

It also spun up my laptops fans for minutes when syncing, I don’t know if thats still an issue. Cool project though and there are some interesting people involved and contributing.

Yes, the initial syncing and indexing can take a moment. I would recommend joining a single Pub or SSB room [1] to find people and grow your network organically. The large Pubs [2] have a lot of content to download and also follow bots (which you would have to block).

[1] https://github.com/staltz/ssb-room/blob/master/FAQ.md [2] https://github.com/ssbc/ssb-server/wiki/Pub-Servers

That's like running a blockchain on your laptop - it first has to get the entire (in some cases, relevant) history so that it can act as a peer.

Every time I try it, it reminds me of Matrix. So near, yet so far.

I have similar questions too. It seemed as if it was tied to a single device and transferring information from one to another also seemed cumbersome.

Yes[0]. AFAIK fully transferring an identity from one device to the next should not be a problem. The problem is more that updating the feed from multiple devices would create diverging feeds.

[0]: https://github.com/ssbc/handbook.scuttlebutt.nz/blob/master/...

It's common for one person to have multiple feeds/identities, so this is less of a problem than you might expect.

There's no structured way to indicate that 2 feeds are the same person (aka #sameAs), but you can easily link to the other feed and just say “this is also me” (because your audience is a bunch of humans that mostly pass the Turing test).

Because of this, we get the bonus feature that you can easily follow a different set of feeds on different devices — e.g. perhaps on your phone you want feeds you're less likely to reply to, because you prefer typing on a physical keyboard.

It's kind of funny to think that decentralised apps, built by idealistic Silicon Valley hackers, now have a potential core audience among extreme MAGA types.

Scuttlebutt wasn't built by "Silicon Valley hackers", but people from New Zealand, Sweden etc.

Unrelated to who builds it, decentralized or self-hosted platforms have been the go-to place for lots of extremist groups, even before MAGA, so not sure what this comment is supposed to bring to light?

A lot of Silicon Valley hackers worked on it

Who? I can't think of a single core contributor who lives in California.

The vast majority don't even live in the US. I think I'm the closest to SV and I'm in Portland.

I'm not sure that your living in Portland entirely disproves my underlying point :-)

> built by Silicon Valley hackers

No, it's not.

> a lot of Silicon Valley hackers have worked on it

No, they haven't.

> well Portland is basically SV

No, it isn't. Just do your research and nobody will correct you.

EDIT: If you'd like, maybe you could clarify your "underlying point" or which "idealistic Silicon Valley hacker" traits you mean to highlight. Nazis have been trying to weaponize Scuttlebutt for years, so I don't get why it's "funny" that MAGA chuds are trying to join now. They aren't welcome.

I think a lot of the dweb people first got interested in this area because they were on BBSes and so on sharing stuff like the anarchist's cookbook at risk of getting a visit by the FBI and used to think information wanted to be free.

Now they're adults, and have kept their interest in dweb technologies, but have come to see "dangerous speech" as a huge problem, and are waking up to the realization that their technical interests and goals would enable these kinds of things. And they're not happy about it, or at the very least are experiencing cognitive dissonance. But that was always the case, and for many, they were the unsavory people in their youth that the older folks were saying were participating in dangerous rhetoric and ought to be silenced or investigated, just like they are saying now about people who are saying things adjacent to things which are illegal.

At the very least we should seek consistency. If you support decentralized technology for speech, you should be happy with the net benefits and net harms. The alternative is the status quo. Arguably the spirit of the internet was not to have what we have now.

I agree with your first paragraph but not the rest. We still feel information should be free and decentralized technology is the future.

I'm not saying all dweb people feel this way, I'm in the other camp myself. I'm saying part of the dynamic going on includes a subset of people who forgot that these aren't some global good, they will create both good and harm, like anything else.

I agree that the BBS tradition of G-files plays into this, but those were very different times. The people downloading this sort of stuff were almost exclusively kids who got a thrill out of possessing forbidden knowledge, but aside from setting off a smoke bomb at an abandoned quarry or something, nothing ever came of it. The near mainstream culture of prepping and guns and conspiracy is far different than it was back then.

I still think that there is a positive place for DWeb technologies, but that place is specifically to enable more truly free speech. A lot of what got us into this mess is that speech on social media is not truly free. The only speech that is allowed/promoted on those platforms is that which appeals to base instincts, because it is that speech that drives revenue for the platforms. What we're allowed to say, and have heard, should not depend on what is most profitable for a few companies.

The problem with your first point is that however true it may be, it doesn’t provide a good mental framework for creating values that are universally applicable. The lessons of fearing an FBI visit for just sharing text files was correct: being free to speak and not fear oppression due to not what you say but what it implies is what freedom of speech is. It’s quite uncontroversial to say that people who explicitly advocate specific violence are breaking the just laws around that and should be suppressed. The controversy is around what speech adjacent to that is not just permissible, but if it’s just to jump to conclusions about a person’s motives or intentions and act on them in the absence of illegal speech.

You will find that the people who were on the unsavoury bbs are the people who are against censorship today.

Out of the half dozen people I know from that period in my life (2000-2006) not one has had a kind thing to say about facebook, google or twitter since 2010. Those firms are the lame dinosaur stuck in a tar pit that we made fun of Microsoft for being in the 00s.

It's the people who called us nerds and made high school hell for us that somehow ended up in hr at tech co and are now setting policy there.

That may be a more valid perspective, but I don't think these are homogeneous groups. I will say it's been surprising and disappointing to see people who have been railing against tech company centralized power for years, it turns out their big issue is more when that power is not directed in a direction they like.

> I will say it's been surprising and disappointing to see people who have been railing against tech company centralized power for years, it turns out their big issue is more when that power is not directed in a direction they like.

What else can you do?

Saying that tech co is wrong today is as much career suicide as saying that the US deserved 9/11 was in 2002. I even had one guy tell me he is going full accelerationist on his main twitter because the http based internet is a dead end and the more unusable it becomes the sooner we will get something better.

You're making a false equivalence.[1] The "dweb" people were indeed merely anarchic and irresponsible. The deeper, conspiracy-minded parts of the MAGA community are verifiably dangerous. They said for weeks that a storm is coming, that they were going to take washington, that congress had to be stopped, that the vice president should be executed, etc...

And then on Wednesday they made the attempt.

Comments like yours are predicated on this idea that speech itself can only ever be merely "irresponsible". But... the world isn't like that. If you spend years making "jokes" about insurrection, you eventually find someone attacking congress.

[1] Edit to answer the question below: you are falsely equating harmless anarchic geeks of the 80's and 90's with violent terrorists. It's not appropriate to manage these communities using the same tools.

I have no idea what equivalence you're accusing me of, you seem to have made up a whole story about what I am saying that isn't there.

Edit: OK, I'm not making that equivalence. My use of the word "adjacent" was deliberate and intentional. That's the point of this whole debate.

I think this is overplayed at this point. You must concede one of only two possibilities.

1) The capitol building has all along been an easy soft target that could have been infiltrated by a small contingent of terrorist.

2) The police purposefully stood down and allowed this to happen while doing the minimum to make it seem like they tried.

Neither option is a good look for our country.

Now compound that with using this event as a popular excuse to restrict free speech, when the correct reaction should be to improve security at the capitol for any enemy.

If you think this goes away becuse big tech takes even moderate voices down, you don't understand what's going on.

I worked on Capitol Hill for years. The Capitol is not a soft target. Its security measures are taken very seriously. Multiple agencies are responsible for its protection. Multiple strategies are in play from intelligence ops to deadly force. These agencies handle crowd control for dozens of very large protests every year. They are world experts in preventing violence, terrorism, and rioting. The Capitol is the very center of our government and the most powerful symbol of democracy in the world.

Some things went very wrong. It should not have been possible for a loosely organized mob to breach the perimeter, let alone get inside. There must have been some complicity or even permission. On the other hand, some things went exactly as they should have. Lawmakers were rapidly taken to safety. No VIPs were injured. Bloodshed was kept to a minimum through careful deescalation.

Overall I think we came to within inches of a major tragedy. It was avoided through a mix of competence and incompetence. We were lucky and we should consider ourselves warned.

I dont see reason for people to downvote you: I find it exceptionally hard to believe that the capital building does not have a proper response to a small group of people trying to storm the building.

Here is my theory: the "coup" was such an utter non-threat that those in charge did not want to give an ounce of evidence regarding how they could respond in order to prevent legitimately threatening bad actors from understanding the possibilities.

The side effect of being able to move towards more restricted speech is just icing on the cake.

After seeing thousands of soldiers with machine guns in full military gear with armored vehicles protecting the Capital from Black Lives Matter, your statement sounds ridiculous.

Perhaps a history of burning and looting might have had some influence in that difference.

Sometimes I wonder, and serious question here, when the reporter on TV stands in front of a burning building and exclaims the protest is mostly peaceful, do you see the building in background on fire?

I mean, I see the capitol building being broken into and think "that needs to stop, bring in the military if necessary".

Right wing millitias and groups have history of violence last years in USA. They also talked about their plans openly. It is not like the bombs they brought to capitol were shock this January. It was not first bomb plan.

Also, in videos you see organized trained equipped men in uniforms. That is absolutely something agencies are expected to follow.

> Here is my theory: the "coup" was such an utter non-threat that those in charge did not want to give an ounce of evidence regarding how they could respond in order to prevent legitimately threatening bad actors from understanding the possibilities.

Six people died! How is that an "utter non-threat"? The mental revisionism is out of control. How is it that people are so unwilling to condemn the most obvious kind of political violence imaginable?

You can condemn it, be fearful of it, and be specific with regards to the threat it presents. It presents threats. I assume the specific threat the poster was refuting (which I won’t throw my 2c on here) is that it posed a threat to materializing a new government in the United States, which is typically the top of mind threat when talking about coups. So citing the number of deaths is neither here nor there in assessing the validity that it was a legitimate threat to creating a new government and ending the previous one.

I hadn't thought of that, yet I see the sense in the thought.

However, I don't think providing adequate police presence for a planned protest would have been showing your hand.

"2) The police purposefully stood down and allowed this to happen while doing the minimum to make it seem like they tried."

seems likely that the trumpers gave that order so their mob could get in

These can both be true

Really? Can a weak man lose an arm wrestling match to a stronger opponent and truly say "I let you win?"

Either the authorities were capable of repulsing an hundred unarmed civilians or they were not.

I'm unclear how both can be true, but I'm open to ideas.

Other explanation:

Republicans have mostly posted online, rallied with Trump etc while BLM and friends has been torching cities, looting etc.

Basically the police weren't expecting anything near this from this crowd and it took them by surprise.

Disgusting anyways.

The white supremacists and other violent right wing groups (Proud Boys, Oath Keepers, etc.,) had been planning for a while. In plain view of anyone paying attention. There was plenty of warning. So, the fact that no preparation beyond the waist high barriers was done is surprising, no? https://www.propublica.org/article/capitol-rioters-planned-f...


Yes, it was clear security was needed. But this wasn't any of those groups.

That's simply wrong. Representatives of all of those groups were seen breaking into the capitol. The Oath Keepers in particular seem to have had a large and heavily militarized detachment. There is a video of a line of them in full body armor marching up the steps past the throng to enter the building.

Likewise known Proud Boys and 3%'ers were present, etc... This was the Place to Be for all militant right wingers, and those who couldn't be in DC were staging protests elsewhere. IIRC there were violent actions on the same day at both the Oregon and Kansas state houses.

Everyone Knew they were going to be there. Everyone Knew they had the potential to be violent. And Everyone Knew that Trump's rhetoric was inciteful. None of this was a surprise. And it finally boiled over into real violence. There's no excusing or downplaying that. We could absolutely have seen this coming, and lots of people did.

"Oath Keepers in particular seem to have had a large and heavily militarized detachment"

Source video? Larping in camo and a helmet doesn't make you militarized or an oath keeper.

I saw it on twitter, but this article has it too along with a good overview of the subject:


You keep dodging. First it was "these groups aren't there" now they're just LARPers in camo and don't matter. People keep shooting down your arguments and you keep moving the goalposts.

Accusing people of doing exactly what you're doing is a well worn and bazar tactic that I'll never understand. Does it work?

You even provided a "quote" of something I never said. Good on you.

You made a statement "Oath Keepers in particular seem to have had a large and heavily militarized detachment". I asked for source video, which you now can't find and instead offer a video that doesn't corroborate your statement. So, who is moving goal posts?

What I am saying is the people causing the violence (including in the video you provided) are crazy larpers and MAGA fanatics, not oath keepers. Oath keepers are typically former military, open carry weapons, and don't look like they just broke out of mom's basement.

I am also saying I haven't seen a video of anyone who looks militarized in either organization, coordinated assault tactics, or armament. Can you cite a source video that demonstrates your statement is even close to true?

> big tech takes even moderate voices down

Can you cite some "moderate voices" that have been taken down by big tech? They're all still up as far as I can see. Trump incited an attack on congress. He got banned. Parler deliberately cultivated an extreme community of violent rhetoric (they really did, have you looked at that site?). They got banned. Who else? Seems like only people reasonably identifiable as extremists are affected.

I remain horrified at the right wing community's ability to rationalize violence. The President directed an attack on Congress last Wednesday to prevent his opponent's certification. And... what people really want to talk about is Parler losing their hosting?

(Edit to note that you refused to answer the question and jumped off on a WHATABOUTBLM?! tangent instead. In fact, contra your hyperbole, no moderate right wing voices have been censored or silenced.)

"Trump incited an attack on congress."

Evidence of Trump telling people to storm the capitol?

"I remain horrified at the right wing community's ability to rationalize violence"

We'll, I'm right of center and I condemn it. Just like I'm sure there is a history of you condemning this entire year of BML and Antifa burning and looting cities across the US.

I remember what Como said on CNN. "who said protests need to be peaceful". Of course CNN is the bastion of right wing extremists... Oh wait....

We have to condemn all political violence.

If you spend a whole year burning and looting a city and the city is still there you weren't very good at it.

I haven't tried, I make things, not destroy other people's things.

Don't get me wrong, there's definitely a double standard at work. I recall every news outlet spending bottles of ink explaining how massive BLM protests somehow weren't spreading covid but now the capitol protests are. However I think there's a fundamental difference between breaking into a Target and looting it and attacking the capitol of the United States. Of particular concern are all of the side details. The detail that a threat assessment was not done for this protest despite knowing about it weeks in advance. The fact the police responded less strongly to this attack than they did to a protest by disabled veterans in wheelchairs and later took selfies with the attackers. The fact that insurgents carrying blue lives matter flags beat a police officer to death with a fire extinguisher. The detail that the person speaking to this crowd just a few hours earlier was the president of the United States.

> I recall every news outlet spending bottles of ink explaining how massive BLM protests somehow weren't spreading covid but now the capitol protests are

It's actually been reported that a covid-positive individual was clustered with members of congress during the evacuation. I don't know why you think that isn't correct to report.

It is correct to report. My point was that any large crowd of people is likely to spread covid.

In Germany the government used census data tabulated on IBM punchcard equipment to find who to round up. Later, during the liquidation phase of the effort each camp had punch card equipment to help with maintaining the inventory of slave labor skills. That's what the number on the arm was for - the primary key. Copies of punched cards were sent to the central administrative HQ of the camp organization for additional processing and were used to identify specific skilled people who needed to be moved to other camps. Authoritarians rely on the stupid for the grunt work but they're not stupid themselves and can exploit technology to achieve their goals.

How is this relevant to my point or the article?

it was in response to the comment about decentralized apps built by idealistic silicon valley types being used by MAGA types. The point being that it might be funny to him but authoritarians do have a track record of exploiting technology.

But these apps are explicitly designed to be decentralised and avoid state control! I'm no fan of e.g. the capitol rioters, but the analogy with IBM and the Nazis seems to get things backwards. The rioters don't control the government apparatus, they are trying to subvert it. And the use of this technology is to aid that by preventing centralised censorship and snooping.

If you really want to power past Godwin's law, then you could compare them to Hitler in the 1920s, subverting the Weimar constitution.

Given their past, I found it just a little rich, that IBM so publicly decried the recent "insurrection." [0]

[0] https://twitter.com/ArvindKrishna/status/1346932293991079936

Well the IBM of today has little to do with the IBM of 80 years ago. Just like the Germany of today has little to do with what happened 80 years ago and people living now are not and should not be held responsible for the misdeeds of previous generations.

> people living now are not and should not be held responsible for the misdeeds of previous generations.

I'm sure we could all agree on this point.

However, the aspects of IBM that led to their assisting the Third Reich are still very much alive at IBM today. It remains in the form of their core business model of assisting the world's most powerful regimes in automating oppression, autocracy, and authoritarianism at a global scale.

Okay fair point. But sadly that holds for most companies. There are remarkably few of them that do not sell or provide support on FOSS to big governments that in turn do all kinds of nasty things. How can we change this, if at all? Isn’t it part of capitalism?

The goal of decentralization isn't to give a voice to people inciting violence, however that is a consequence of such systems when you share technology with everyone - though we shouldn't fear this, we do need to actively and proactively counter it at a higher layer, educating people and helping them heal their closed heart and mind.

The goal of decentralization is to take power away from companies who govern poorly or in a way we don't agree with, so our data and network is mobile, so we can "vote" by leaving their platform - and not buy their products or services or give them our attention to monetize with ads. And then once this fluid system exists with a hierarchy of good, good hearted, well meaning governors - we must then focus on educating and healing the population - where we won't reach them easily in the digital world due to self-perpetuating filter bubbles, anyone who tries to reason with them are ignored or simply ban/blocked to reenforce their echo chamber.

Inciting violence is illegal in most countries, you can still prosecute people who participate in such actions with a decentralised system.

You might not be able to remove their speech but it would still have consequences (again in most countries).

This could even be worse for people who engage in such activities since you can't remove your words in hindsight! I've seen a lot of back-pedalling and removing of tweets from people.

If you can find out who they are then certainly they could be prosecuted, it's one reason I feel or think that in the future I mostly only want to engage on platforms - decentralized or not - that have an identity verification for the accounts so any bad or unacceptable behaviour can be addressed.

I still juggle in my head as to what kinds of behaviour would be acceptable or not - things like racism, calls for violence would be obvious and go through a review and moderation protocol and start with temporary suspensions (a time out in the corner), and after X offences, then a block or limiting of function until some other remedy is met. Where I wonder how much of a caring hand to impose when necessary are things surrounding say bullying or perhaps someone being non-critical or arguably abusive by simply saying "you're stupid" or other name calling. Arguably I'd want people on the platforms I engage on to be trying to improve themselves, to grow, to improve their emotional regulation and manage that impulse or energy that leads them to calling someone stupid instead into developing a deeper understanding - responding instead of reacting; or realizing engaging with certain people is futile, and to put their energy and passion more into the physical world instead of their keyboard. I wonder how many people are ready for such an environment, for that level of a safe space.

> educating people and helping them heal their closed heart and mind

> we must then focus on educating and healing the population

Do you not see how wrong this sounds? Who gets to create this “healing” education curriculum which will “open hearts and minds”?

You're making an assumption - you're assuming my statement means there's force involved, which what I said doesn't insinuate that. You can educate society by putting ads on TV, as one example - which I am arguably against ads because of their shallow, cheap, manipulative aspect of them - but it's the status quo and perhaps an acceptable bridge to use. And indeed, who determines the curriculum will be the individual that wants to follow it. It has in fact been historically bad when a government body states something health wise as fact - such as the "Food Pyramids" of what your daily diet should consist of, which still is heavily influenced by food industrial complexes.

Another assumption you've made is there would be a singular curriculum, which I never argued for either. Learning and healing will be decentralized and fluid to some degree, the effort must be in providing the resources for people to access the healing and education, while skillfully directing people through the nuances and also providing whatever tools they may need to succeed at the practices they will benefit from taking on, and access to diagnostics that can give insight and help guide someone to help them orient through problem solving.

We're all at different points on our path, of our understanding, some further along in one area than another and then you can learn from them - or teach them something they're less familiar if they're interested in that moment of interaction with you or what you've put out in the world. In fact you want a huge amount of diversity - people who explain things differently, people who have different personalities - we need the diversity to be attractive to diverse people. There does need to be a core protocol that gets developed, evolves, and should be referenced and a research methodology followed for conflicts that may appear, where disagreement occurs say of one practitioner calling bullshit on some claim someone else is making. One of my previous family physicians, middle aged man - not very healthy himself, was skeptical and didn't believe stem cell treatments I had - the healing that had already occurred - he was skeptical, didn't believe that it actually helped and that any benefit I may be experience wouldn't last; stem cell treatments 100% work for regenerating/healing many tissues of the body if the doctor knows what they're doing, however this is an example of a disconnect between current knowledge (stem cells have been being used for treatment for 25-30 years now) vs. mainstream understanding; this also points to a broken, stagnant system of how most doctors aren't knowledgable in the latest (not talking about within the last year of knowledge but it seems to take decades in some cases for the knowledge to propagate to the front line).

One of my goals is to create a system where community thrives, community which means relationship building and learning through communicating, and a system where the brightest stars are able to shine so more people are attracted to what they have to share - and hopefully learn from it - and then those students become teachers and so the process continues.

I can see how someone can easily interpret what I said, fear being invoked that this "must educate" people could be akin to the CCP's "re-education camps" - however no, I'm solely talking about voluntary participation - but there are ways to lead people towards healing practices, ways to incentivizes it, ways to make it more available, more accessible.

Thank you for the thoughtful reply.

You mention educating and healing twice. Could you elaborate on who "we" is, and also, how we can go from where we are to a place where education and healing is taking place? What are the steps we should take?

I'm writing a slowly book on this, so there's a lot to share to answer such a question; I'm also slowly planning out a network of health-wellness differentiated online platforms to provide practical tools for people to develop their self-awareness, to gain and maintain their health.

We is everyone who is conscious enough and on the path of good (practice of non-violence to other and self, whether specifically acknowledged or not) or of healing, those who are more self-aware than not, who have developed their critical thinking more and less indoctrinated. There's of course a huge spectrum of where people are in this evolution or growth stage. Part of the challenge is rallying good hearted people, rallying, organizing and directing them and resources in the most efficient way possible.

The book will be a story of my healing journey including the incompetence I've encountered throughout our health systems, along with sharing my proposed solutions, explaining my own project plans to try to solve for those problems by providing practical tools to people. I will also be explaining a protocol I'm developing to help guide people to develop their self-awareness, to gain and maintain health, including everything from food sensitivities, fasting, yoga, acupuncture, entheogens like Ayahuasca, MDMA-assisted therapy, inner child regression therapy, stem cell treatments/regenerative medicine, etc.

In short, it's all about organizing and directing resources efficiently, while eliminating the waste. There are deep flaws to the health systems: indoctrination, a lack of multidisciplinary approach, industrial complexes who've influenced the knowledge and current practices, and more. The how of getting to a place where education and healing is taking place is - every possible way, any entrance point to direct people onto the path that they're willing to open the door to. For many people they only begin to care about their health after an impetus occurs. The reality is most people on average aren't very awake, conscious yet, and so indoctrination is easy - and then those indoctrinated are "sheep" following the status quo - and so what has to happen is the culture needs to shift, so then by default you're following a path that's healthy and supporting critical thinking and self-awareness development - which will lead to gaining and maintaining health - individually, community wide and globally.

I think it's actually rather sad. I think there is a good chance that these in my opinion very important technologies will get a bad reputation because of this.

You mean like the bad reputation that has been established for ages that decentralized technologies are "only good for" piracy, CP, etc.?

Same with encryption, no? Also, you forgot to mention terrorism.

Of course this is highly subject, but I think that the view of the general public is generally favorable towards encryption (as it also provides privacy), and governments/law enforcement agencies have again more recently tried to paint it in a bad light. I think the jury is still out whether that is successful, and the public will adapt that opinion too.

I know very little about Scuttlebutt, but supposing, say an ex-president decided to start using it. Would it be able to handle the level of traffic this might generate?

I realise it's decentralised, but would that, for example, at some point require every one who were to get on Scuttlebutt to download on 80gb file in order to get started?

his followers can barely figure out how to get on parler, many of them thought parler groups on facebook was parler itself. They will NEVER, ever, figure out scuttlebutt, DJT couldn't even figure out scuttlebutt.

People want to sign up and login easily. This doesn't seem to do any of that. Convenience is king and necessity it's history maker.

Well, I guess it would.

Firstly, only the followers (and maybe their friends) would need to download 80GB of videos posted by that supposed ex-prez.

Then, it's peer-to-peer. I don't know the details, though. It could be torrent (very effective, scalable), or direct connections (poorly scalable).

Some pubs (servers) can retain your data, IIRC, though they could pick who they accept.

Syncing would be pretty easy on local networks and sneakernets, provided you have the storage capacity.

In some ways we’ve come full circle: SV was enabled by defence types, I bet a lot of the early work in advanced electronics and decentralized communications was carried out by “square” types who used “socialist” as an insult. There are still plenty of traditionalist right-wingers in STEM.

Remove "decentralized" and you largely described Twitter's trajectory.

Segregation is what you get when you permanently remove people from platforms. Sounds almost like a truism.

Kind of funny? The US branch of libertarianism ain't exactly left wing.

Tech libertarianism (not just US) has always leaned right, toward anarcho-capitalism.

Gab (the basically Nazi version of Twitter) is the biggest Mastodon instance, for example.

Why'd this guy get downvoted? Are either of these assertions incorrect?

It's asserted upthread that gab isn't part of the wider network anymore, so that's objectively untrue, and "Nazi Twitter" is subjective, but a reasonable person could question it.

It’s not part of the largest network, as no big Mastodon server federates with it, but it is a Mastodon instance

“Nazi” is a racial slur for a white person that doesn’t hate themselves or their ancestors.

I can't believe I have to say this, but no, that is not what "nazi" means.

“Nazi” is literally short for NAtionalsoZIalistische Deutsche Arbeiterpartei.

Twitter is the nazi version of twitter, gab is the freedom version.

I really like the idea of Scuttlebutt. I think there are a couple of things it needs on top of what it already has;

Right now, your public key is who you are, which I think is a mistake. It's easy to imagine a world where we have a "web of trust" solution here, where you can scan someone's public key from a QR code straight off their phone, and then sign said key so other people who trust you know that the key is legit. Then you could use that key to sign future keys, allowing easy key rotation. It would also be easy to post a message signed with your private key that revokes a key and all messages it has authored/all keys it has signed.

I also think there needs to be multiple transports for posting content - if I want to send a message to my buddy Dan, I should be able to send it directly to him if he's online. If he isn't, though, I should be able to let other users whom we both know grab a copy to pass on to him later, or maybe have a "deaddrop" server or a "pub" where I can stash messages and have them get picked up by someone else later.

It needs a top-notch client, too. Something to compete with Facebook and Twitter.

But it's a very promising start, and it's the way this needs to go if we're ever going to escape the surveillance players in this industry - we need a social network that's truly distributed, based on open standards that anyone can implement.

>I also think there needs to be multiple transports for posting content - if I want to send a message to my buddy Dan, I should be able to send it directly to him if he's online. If he isn't, though, I should be able to let other users whom we both know grab a copy to pass on to him later, or maybe have a "deaddrop" server or a "pub" where I can stash messages and have them get picked up by someone else later.

Scuttlebutt is built around enabling this as a (the?) primary feature. It's not just "supported", the entire ecosystem does this by design. It even calls that kind of server "pubs" (they're normal peers, they just auto-follow anyone who asks).

How do I get started with SSB? I've downloaded Manyverse probably six times now, and then got blocked on "find something to join somewhere, good luck!".

Does anyone have a community? Otherwise I'll make one for HN.

EDIT: Join me:


Historically, I got sizable streams of posts by joining a couple pubs. None of which are offered in Manyverse, for good or bad. (definitely un-ideal for first-time users, but it does at least avoid overloading or over-promoting some)

The "get started" docs on the website do walk you through it though, e.g. https://scuttlebutt.nz/get-started/#step-3-get-connected -> this smallish list of pubs: https://github.com/ssbc/ssb-server/wiki/Pub-Servers . You'll automatically discover more as you pull other people's content.


I did join yours via Manyverse, but tbh I'm surprised that viewing your pub doesn't show member join/leaves, and I haven't seen any posts yet (I've made one). Have you made any? Could it be having problems perhaps?

(edit: and shortly after posting this, now I see some stuff, after around 45m. So my initial minorish-complaint about Manyverse from a year or so ago is still around: it doesn't tell you what it's doing. Patchwork was much better about that, though it kinda looked like constant thrashing.)

I agree with you, I don't really understand what Manyverse is doing. I see posts, but I don't know if they come from the pub, or from following someone directly, or what. I see four posts that I think are from the pub, but if you don't see them they might not be. I also see someone's stream, and I'm not sure why...

All in all, it's very confusing.

Yep. It's intentionally a bit of a minimal client, to make things more mobile friendly, and... it sorta works out. If you want to see more detail and higher quality, definitely try Patchwork.

For manyverse in particular: if it doesn't show something you think it should, or it says it's indexing, give it a while. Like, a lot of while. After the database got a bit large and something got confused and caused a rebuild, it took over 30 minutes to recover. But it does actually recover.

Thanks for the info, I'll try Patchwork for now to get a better sense of how it works.

I feel like shared blocklists will become an emergent feature of this platform, as it inevitably will be used for planning violent/illegal activities and harassment, and I feel that pubs and individuals would want a way to combat such things to promote more focused membership (for topic forums for example). There will be ident wars where blocked individuals will then create new idents which have to be identified and blocked and so on, and there is little other than not inviting people to prevent this. The basic infrastructure of forum moderation seems possible, but I think automated/subscribable block lists would become a standardized feature of clients.

It’s also available on mobile: https://www.manyver.se/

This really isn't a good space for most of the people here on HN. SSB is very much a work in progress. When I first started trying to use the Patchwork client, lots of SSB Pubs were down. It took 3 days to get to a point where I could see people.

While censorship isn't directly possible, it's not really in the kind of state suitable for lots of people currently departing existing social networks and looking for something new.

I'm not saying there isn't potential. Even for the average HN user it's possibly ready to try but not yet ready for mainstream use.

I clicked get started and nothing happened. Pretty pictures on the website, though.

I see this is append only[1], so my biggest question is really if you are following someone that posts illegal content like child porn, is it stuck on your profile forever or can you somehow remove it?

[1] https://ssbc.github.io/ssb-db/

Blob storage (images and other binary media) is stored in your file-system utilizing it's content addressable hash as a filename. You can delete these at any time. The append only log is for json messages, which will make reference to the hashes of the blobs through markdown.

So, the message referencing the illegal content can't be removed without removing the user's whole ledger, but the content can be removed at any time.

Ah, but that's good enough.

The system is interesting I was just afraid of people having the ability to "brick" your account so to speak by sending illegal stuff to it.

If I can effectively delete the other user (ledger) completely from my system that would also be good :)

Haven't tried it yet but can someone clarify whether it's possible to discover sub-communities or you have to be explicitly 'invited' to those ?

IMO scuttlebutt's mood can be summed up by https://coolguy.website/the-future-will-be-technical/

Ill be honest, convincing my friends to sign up for this seems futile.

I would rather not download any executables to test this out.

Is this a web app packaged into an app?

Then why not simply allow me to open it in my browser?

I think this comment comes closest to the "correct" answer here:

> It's p2p, no webapps.

That is to say, this is not a "service" that you use, so there is no scuttlebutt.com where you just sign up. The software running the replication, and the storage backing it, will be local. Insofar you will always eventually want to run this locally.

Now, of course some fine folks are working around that with modern web tech (see @arj's sibling comment) but the whole idea of this project is that you will locally control your data.

There is a browser based demo you can try out at: https://between-two-worlds.dk/.

It's the latest build of https://github.com/arj03/ssb-browser-demo.

If you need an id to follow to get some data, you can try following @6CAxOI3f+LUOVrbAl0IemqiS7ATpQvr9Mdw9LC4+Uv0=.ed25519. You need to manually add either a room or a pub under connections first.

On the topic of untrusted executables, is there a decent GUI to run arbitrary programs inside the MacOS app sandbox? Last I checked, users still had to fiddle with config files and command-line incantations, but at least it was possible:


There is Feedless ⌘ https://feedless.social/

However, it has some serious limitations compared to e.g. Oasis. One of them is that it limits messages to 140 characters, where all other apps I know of accept up to 8192 characters (including metadata).

The Oasis SSB client [1] is a webapp which you open in the browser. Oasis (like nearly all SSB clients) is a JavaScript package which you can install via npm.

[1] https://github.com/fraction/oasis

It's p2p, no webapps.

I always thought this would be really fun to run over ham radio.

Is use of Javascript a requirement.

I got the app Manyverse, now what?

You need to connect with others. I think Manyverse is best used with SSB rooms where you can find others (to connect/follow), see https://github.com/staltz/ssb-room/blob/master/FAQ.md

Alternative is a Pub, but joining a Pub is not so great with Manyverse as it will download a lot of content to your mobile phone.

So is this basically like YikYak?

not at all - doesn't YikYak rely on a central server?

That landing page needs a text TL;DR; explaination and not just a video explaination.

Luckily this is HN and someone wrote one already:


Make a goddamn effort

Make a goddamn effort to figure out why someone's project is worth time investigating? Literally, that landing page has a video and links to articles. I don't want to spend minutes watching an ad. I went to the about page and read the info I should have read next to the video and understood what was what in 10 seconds.

Expecting people to make an effort to find out if a product/project is useful to them is basically asking not to have as many users. Basically, you just wasted your time building the product.

If you're relying on Marketing to tell you what's worth your time then you must be one sad sad person.

Read the documentation, if you're here you're pretending to be a technical person. Be a technical person.

Some of us value our time. And this is not a techincal project it's an end user project. So as an end user I want to know quickly if it's worth my time. Even on a techincal project I want to know a rough overview within a minute or so of reading. Marketing is all about giving people the info they need fast. Marketing is about selling the benefits and telling of the pains it solves. If you're unable to do that for your project, why did you build it?

And I think the person who spends their time reading techincal documentation to decide if a social network is worth using is probably sadder than the person who goes and reads the about page. Not got much else to do?

@realdonaldtrump can install it on Hilary's mail servers

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact