Brad Ideas - data hosting - Comments

Skype and servers

brad — Sun, 26 Dec 2010 07:04:41 -0800

The Skype trick has some merit, though some people are a bit bothered by it. In order to be superior to Facebook, it has to work from your mobile phone and laptop and desktop even when the others are off or disconnected from the net, just as Facebook and the rest do.

The question is, can you do that with the Skype supernode approach? With Skype, the calls go through the supernodes (and failed last week because of this) but they are encrypted end to end so the supernodes can’t listen. If you want to rely on the servers of random people to provide hosting and processing for your data, then they could possibly look at the data and publish strange things they find — a non-starter I think. You can’t do it all with zero knowledge operations.

Yes and no

Bjarni Rúnar Einarsson — Sat, 25 Dec 2010 11:21:07 -0800

Yes, for anything to take down Facebook et al, it has to actually be better, not just free-er.

However, I do disagree with the installing a server bit. It just has to be really easy.

People install software all the time - games, apps, networking tools like Skype. If anything, things like the Android and iPhone app stores are making this easier and more common.

The complexity of server software is not necessarily any higher than the complexity of something like a web browser or a word processing tool - making a server of some sort equally easy to install, use and keep secure/up-to-date is in no way impossible. Hard yes, but not impossible.

Arguably, companies like Skype are doing it already. They just don't tell people it's a server. :-P

A good step

brad — Thu, 23 Dec 2010 11:00:45 -0800

Though I remain convinced that to get adoption beyond the true believers, the final result must match or exceed what people get from facebook and similar sites in terms of ease of use, performance, abilities, and initially cost — ie. free.

Down the road I suspect people will pay for their own hosting to get better that what is offered free or free-with-ads. But it must be as easy to sign up as it is to sign up for facebook, which is a high bar but one that must be overcome. Having to set up a server yourself is a non-starter.

A step in this direction?

Bjarni Rúnar Einarsson — Thu, 23 Dec 2010 04:54:07 -0800

I just shared this article with the guys at the Unhosted project, figured I might as well spread the link both ways.

Unhosted (www.unhosted.org) aims to realize a somewhat simplified version of this vision, creating a standard way to separate data storage from application logic in Javascript web-apps. It's a small step, but it's in the right direction.

As I mentioned to you in an e-mail a couple of months back, I'm working on a lower segment of the stack (www.pagekite.net), trying to give people a realistic way to run globally reachable servers on personal hardware, so they can actually self-host their sites (or just data) if they so choose.

Both projects would obviously benefit from advice, testing, advocacy or all three. :-)

Building libraries

brad — Wed, 08 Dec 2010 23:10:00 -0800

One thing I envision is that when an application starts storing data about you on your own server, they might not just store the data but offer classes which can be used to work with the data, and abstract it. In fact, one can imagine arranging it so that the only way to get at most data is through the official interfaces of the classes, with a security model that prevents other approaches. This can allow things like logging access to data and so on. I don’t know if Javascript can do this, perhaps it can.

Of course, just as there are translators from other languages to JS, there are implementations of JS for the JVM, though I don’t know if they have fully caught up with everything in modern server side javascript.

Overall the goal is to provide important data access and sandbox features, but otherwise restrict the language choice of coders as little as possible.

Javascript anyone???

GWBasic — Wed, 08 Dec 2010 15:00:18 -0800

I experiment with some of these concepts in ObjectCloud, my web server that's designed like an operating system. It acts as a form of a personal data store.

One way that I could accomplish running untrusted 3rd party code is with a simple in-browser Javascript sandbox and XHTML. There could be a way for my server to grab XHTML and Javascript from an untrusted source and filter it to a subset of trusted tags and scripts. I could then pass it various APIs for limited access to the users' data. (ObjectCloud has a rich Javascript API for many kinds of data.) The biggest challenge is some way to prevent malicious Javascript from generating script tags that let it communicate with APIs outside of the sandbox; thus leaking the users' data. (I know Yahoo has done some work in this area, but I don't know if it's applicable.)

The scale is just vastly different

brad — Tue, 25 May 2010 18:40:04 -0700

These are just two very different orders of things, dictatorships and web sites playing too lose with your data.

Facebook is a useful service, and we want innovative useful services. We just want them to be designed to not cause so many privacy risks, and they can in fact be designed that way, it’s just harder.

As I have said before, most people don’t focus on their privacy needs until after an invasion. So it’s not surprise that millions join Facebook or Twitter regardless of their policies, and then push even those who are concerned to also join.

Call it courage

Phillip Helbig — Tue, 25 May 2010 08:16:02 -0700

Many people are criticised because they join the dictator's party. People expect more
courage (often wrongly stating that, in the same situation, they would show more
resistance). My point is that if this expectation has some value, shouldn't we expect
even more courage if the threat is not backed up with guns?

Can and will

brad — Mon, 24 May 2010 16:58:32 -0700

Relatives can email pictures, or print them, but they don’t. It is indeed quite convenient that they can just post them to facebook and that’s all they need do to show them to the whole family and to friends. While you can ask your relatives to print and mail photos the reality is they won’t do this, or if they do, it will be reluctantly, and a smaller subset of the pictures.

And in fact the same has been true of MS software, as they work to make their formats more proprietary, so that people are mailing you documents that won’t load properly in anything but MS Office. We don’t like that either. The ruling party analogy goes too far — there the power of that party is backed up with guns, the lines are very clear. I’m talking about something more subtle.

Give me a break

Phillip Helbig — Mon, 24 May 2010 07:36:46 -0700

"But I’ve seen lots of people who have recently joined Facebook who for years did not want to. They still would prefer not to but it is the only place to get certain things now, including locating many people, and even seeing pictures of your relatives."

The same argument can be used for using Microsoft software, joining the ruling political party in a dictatorship etc.

Pictures from relatives? Don't tell me that one's relatives can't email the pictures, or even print them out and send
them snail mail.

Oh, I don't think so

brad — Sat, 22 May 2010 00:41:32 -0700

But I will play the violin for you.

XKCD disagrees with you

Anonymous — Fri, 21 May 2010 16:24:57 -0700

http://xkcd.com/743/

Exactly

DensityDuck — Tue, 18 May 2010 15:39:05 -0700

I don't have a problem with Facebook selling my private data, because I NEVER GAVE THEM ANY. The closest they've gotten to me is one of my spamtrap email address.

As for the rest of the web, do you really think that my email address is "what@why.net"?

Facebook is the web and the internet is computing

brad — Fri, 14 May 2010 11:29:11 -0700

Well, for those folks those statements are true.

If Facebook were just one player in the social network and identity battles, I would agree with your statement (which matches Facebook’s own statement that they believe all of Facebook is “opt in” because you have to decide to use Facebook.)

But I’ve seen lots of people who have recently joined Facebook who for years did not want to. They still would prefer not to but it is the only place to get certain things now, including locating many people, and even seeing pictures of your relatives. At least with today’s architectures, there is a bit of a natural monopoly in social network databases. Only the one that has your associates is usable for you, and that’s generally the market dominator in your geographic area or sector. It’s very hard for two companies to meaningfully compete over the same zone of people, especially if one is a giant. It’s even hard to get competition in the identity space once it congeals, though it is slightly easier. Many people seek “data portability” as the answer to the anti-competitiveness, but as I have written, that may just mean all your data is now out at lots of sites, with an even greater probability of losing all control of it.

As I identify in this article, there will be market pressure for Facebook to play free with the data. However, the irony is that the more secure they are in that state, the less need they have to sell off their users for revenue. (They may still have the desire but not the need.)

Different strategy

Phillip Helbig — Fri, 14 May 2010 04:17:17 -0700

Facebook has to earn money somehow. Obviously, playing free with data is good for their
business, so I don't see how they could be pressured into changing this (if it happens, they
might fold as their revenue goes down and they can't afford their expensive backend).

But why not "just say no"? I don't think the idea of using the website of a private company as
a universal identifier is a good idea.

If someone finds social networking essential, as opposed to useful, then he has my sympathy.

This reminds me of folks who think Facebook is the web is the internet is computing. :-)