Login

Redecentralize

We’ve had enough of digital monopolies and surveillance capitalism. We want an alternative world that works for everyone, just like the original intention of the web and net.

We seek a world of open platforms and protocols with real choices of applications and services for people. We care about privacy, transparency and autonomy. Our tools and organisations should fundamentally be accountable and resilient.

Home

Parent
Jörg F. Wittenberger [LibreList] Re: [redecentralize] FireChat in Economist 2014-06-04 10:32:38 (5 years 4 mons 9 days 09:52:00 ago)
Am 03.06.2014 17:17, schrieb Paul Frazee:
Multiple-server verification is a guard against untrusted peers, not closed source.

That's the point.  People might not share their opinion regarding open source.  Still they might want at least some trust among each other.


On Tue, Jun 3, 2014 at 9:35 AM, Eric Mill <eric@konklone.com> wrote:
I'm not sure how verifying the output of a server also verifies that the code running on a server is unmodified? Or am I misunderstanding?

Which code exactly, two cases here:

a) The whole code stack doing all the i/o, libraries, OS kernel, the server itself?
     It doesn't verify the this code is unmodified.  Why should it?  How would one ever update?

b) The dynamically code loaded MAY be (usually is) the output of the network itself.
     So it's actually verified against the hash from the source control system.

But both cases, verified or not, it does not matter so much to verify the code. Because suspicious code must produce the same output as the copy you trust. This reduces possible damage quite a bit.

Doesn't help much with keeping data secret when attackers already own a peer.  Still at least no website defacement, no attacker sending messages in your name.



On Tue, Jun 3, 2014 at 2:29 AM, Jörg F. Wittenberger <Joerg.Wittenberger@softeyes.net> wrote:
Am 02.06.2014 17:34, schrieb Eric Mill:
I'd go so far as to say being closed source completely rules it out from being part of the decentralized web.

Agreed.



Certainly, open source software that is hosted on a server can still be silently backdoored in some ways -- you can't generally verify that the server is running the same code that's in public source control.

This BTW is only correct as far as it pertains to the secrecy of the information handled by the software.  Though even unmodified code would often leave data accessible to administrators anyways.

To assess correctness of execution there is a proven way: one can always run the software at multiple server (or rather peers in that case) at the same time and have them audit each other.

(I.e. each peer would almost act as if it was the server, but check with the net whether the result is acceptable according the the underlying "smart contract". The check could be done via Bitcoin-alike block chains or using byzantine agreement.  Maybe other options I'm not aware of.)

So far I only know of askemos.org doing so in practice (to the extend that the website itself is hosted that way).  Though at least Ethereum works towards the same goal. (With Askemos taking the per-contract byzantine agreement route and Ethereum using the global blockchain approach.)

Best

/Jörg



But all the intentions, architecture, security, community engagement, good faith participation, etc. of the project are all obscured by closing the source. They exist apart.


On Mon, Jun 2, 2014 at 5:33 AM, Stephan Tual <stephan.tual@ethereum.org> wrote:
Agreed - closed source really sucks.



Stephan Tual
Chief Communications Officer
--
sk. stephan.tual
tw. @stephantual

On Monday, 2 June 2014 at 10:10, Steve Phillips wrote:

OpenGarden sounds awesome, but it's closed source :-(.  The founders aren't worried about that though, it seems: https://twitter.com/elimisteve/status/473086170725756928

--Steve


On Mon, Jun 2, 2014 at 1:04 AM, Francis Irving <francis@flourish.org> wrote:
FireChat, an iPhone app that does mesh network messaging, had an
article in the Economist this month (can't find it to link to,
and paywalled anyway).

It seems to be one app of a thing called OpenGarden, which is a
meshnetwork thingy for iPhones:

http://opengarden.com/faq#faq-general-001

The Economist article was pretty good at explaining it to the general
reader, and why mesh networks might help with resilience, and gives
the shorter term application of use in football stadiums et al.

Francis





--




--


: