Wow, I can't believe my bank really thinks now is a good time to add voiceprinting as a form of authentication. When AI-powered deepfakes are more available than ever? The security story for biometrics isn't looking good these days.
Sheesh, Mozilla has really lost their way. Putting ads in the search bar? We already have a search engine that does that, we don't need two running at the same time.
@happyborg yeah, I'm hoping P2P is the way forward too. I'm working on a few projects of my own in that space. But moving to a browser monoculture (Chrome(ium) and forks) in the meantime won't be doing us any favors. We need some independent options. Actually viable ones.
@happyborg Yeah, I'm hoping Servo becomes the next Firefox. .... Eventually.
Someday I'd like to build a social media app with actual privacy guarantees. Before that, there's apparently a ton of infrastructure I need to build first. One piece is a P2P network to host web sites and web services. I'm calling it the SmolWeb protoco. I'm using it to host a blog at the moment and the first post explains how it works.
@happyborg Bummer. It works in a lot of cases now, but some things still slip through. Some browsers have the needed technologies disabled by default, for example.
If you click on that "Error" button, you should get a ton of diagnostic info. Anything interesting in there? Like details about the error?
@happyborg Thanks for the info! Looks like you're getting a timeout in a place where I've never seen a timeout before. You must have an interesting internet configuration.
Sadly, there's nothing I can do to get you connected now, but I'll add this to the list of issues.
DuckDuckGo browser looks like maybe it's based on Firefox? Firefox on Android is one of the browsers that disables P2P by default. You can turn it on by going to about:config and toggling media.peerconnection.enabled to true.
@happyborg Ah well, I couldn't find any authoritative information about DDG browser's architecture online. I was basing my decision on screenshots, haha. I guess browser UIs have all carcinized at this point.
If the browser is Chrome based, there's a WebRTC setting for that too. Something about enabling host addresses, perhaps via mDNS, if I remember correctly.
Glad you got it working on desktop tho! :blobcatthumbsup:
@happyborg To be completely honest, when I looked into Autonomi, I didn't like what I saw, so I would have reservations about associating with the project.
There seems to be some kind of digital currency involved? Any kind of cryptocurrencies get an automatic no from me. Even if the intentions behind the project are good, the digital currency well has been muddied by too many people whose intentions are anything but good. Easier to just stay away I think.
Also, the idea of hosting unreadable content from strangers on my devices doesn't sit well with me. That feels like a liability issue waiting to happen. What if my device is hosting content that I don't want to be there? Seems like I'd have little control over that. I feel like a lot of P2P approaches get this part wrong.
Digital currencies aside, the idea of "Lifetime Storage; One Time Fee" feels like an economic pipe dream. I have a lot of trouble believing that claim is true. Ongoing services have ongoing costs. Ignoring that feels ... disingenuous?
@happyborg Yeah, I figured these aren't new questions for a project that's been around that long, but they don't seem to be addressed on the website anywhere. The FAQ seems pretty rose-colored. I'm curious what the rebuttal would be, even if my mind is probably already made up. =)
@happyborg Thanks for the link to the forums. I browsed through a few things the other day and feel like I got a good vibe check. This is definitely not the project for me. I appreciate the effort you took to explain it though. :blobcatthumbsup:
@happyborg Thanks! I'm glad you like my work. It's not quite ready yet, but I hope it will be useful to people someday.
Autonomi doesn't sit well with me mostly because there's a digital currency involved (and all the well-deserved bad reputations those kinds of projects have is a huge detractor for me), but also because they don't have a good solution to the I-dont-want-to-host-content-I-dont-like problem.
It's definitely possible to do P2P things without creating a digital currency, so that was probably a deliberate choice on their part. There's probably not much to be gained by questioning that decision this far into the project.
The I-dont-want-to-host-content-I-dont-like problem is harder to solve I think. For what it's worth, the solution I'm using in my P2P work is to let go of the idea of hosting content from strangers. If you only host content from people you know, I think the problem gets significantly easier.
The happy path is you trust the person to not send you content you don't like and then they actually don't send you content you don't like. The unhappy path is they violate your trust and send you content you don't like, but it's secret and you might not know right away. But if you ever find out (maybe from law enforcement), you know who sent it and can re-evaluate your relationship with them. You have no such recourse with strangers though.
@happyborg And that's the problem I have with these kinds of projects. Anti-censorship and moderation are two opposing goals.
Personally, I think moderation is the more important goal of the two. If people are putting content on your device that you don't want there, you need to have the power to remove it. It's your device and you're responsible for it, so you need to be the one in control of it.
And if your government compels you to use that power the censor something, that's not a technical problem you can solve by writing different code. It's a social problem. Regardless of what code you're running, if your government wants you to stop hosting something, they can make you do that. And if overthrowing your democratically elected government is in scope for your project, then I definitely want nothing to do with it. That's not a software project, that's a revolution. Associating with that kind of goal is not a decision to make lightly.
The same argument applies to digital currencies too. If the goal of the digital currency is to end-run around your country's monetary system, that's also not a technical problem you can solve by writing code. It's another, different, social problem and it doesn't care about your code.
@happyborg There are multiple different kinds of moderation at play here. Once is, as you said, the ability to moderate what you see. Another kind of moderation is to moderate what devices under your control enable other people to see. I'm not interested in systems that focus only on the first one and ignore the second one.
As a device operator, I have a responsibility to ensure it doesn't harm other people. And if a P2P network takes away my ability to do that, then the responsible choice is to not join that network.
Democracies are far from perfect. Mine may be actively failing at the moment. It's not clear what's going to happen there yet. But I think it's a bit naive to believe that these problems can be solved by building a certain kind of P2P network. In my opinion, sharing harmless files with your friends shouldn't be mixed together with joining a revolution against your government.
Once again I get foiled by switching languages. :blobcatfacepalm2:
In Javascript, you have to compare strings with ===, not ==, or else you'll run into type coercion problems, because Javascript thinks 1 == "1" is a totally fine thing to be true. (it's not)
But in Kotlin, === compares identity not equality for strings. But in the JVM, string values are aggressively cached, so === actually does what you want most of the time. Unless your strings come from weird places, like JNI code. Then you get awful non-deterministic behavior that's incredibly hard to debug, but it totally goes away when you use the correct comparison operator == for strings.
sigh I'm not really as good at this whole programming thing as I should be by now.
@happyborg Rust is definitely an improvement in language design, and tooling too. Tragically, I can't use it everywhere. Like browsers. Sure, browsers have WASM now, but I still feel it's not ready for primetime just yet.
@happyborg what always bothers me about WASM in web land when I periodically check in on it is that you can't really build much using just the WASM VM yet. You still need the JS VM for really basic stuff like accessing the DOM, or fetching resources, so it seems like it's purely extra complication to bring WASM into the mix. It seems far easier to just not do that.
I haven't checked in on WASM in maybe 6 months or so tho, so maybe things have gotten better now?
@happyborg for sure. I feel like WASM in the browser now is a good fit for compute-heavy workloads, but maybe less good for DOM things and IO. So I wouldn't reach for it first for usual web app things like fetching and UI work, but I'm tempted to try it out for cryptography libraries.
The thing I'm worried about there is performance of the channel between the JS VM and the WASM VM. Would, say, encrypting a large file perform well if we had to send it into (and out of) the WASM VM? Or would keeping everything in the JS VM be faster, even tho JS bytecode probably executes a bit more slowly. Because handling the sensitive cryptography bits in a more suitable language like rust has a lot of safety benefits, but it might not be worth it if low performance makes the UI unusable.
When mining Hacker News for tidbits of wisdom, sometimes you actually find one:
"Really, any sufficiently simple path to wealth that doesn't involve the capital class gets patched out by the system relatively quickly (see Wall St's furor over FAANG engineer salaries)."
Just installed a brand new Firefox on a brand new Linux computer (Linux Mint if you must know) and oof! I forgot how many "sponsored" things you need to turn off now.
I really wish Mozilla could figure their shit out and be financially independent without resorting to adtech. Seriously, where's the option to just donate to Firefox development?! And only Firefox development.
@nyquildotorg Your words... they cause me great :blobcatverysad:
Maybe there's no hope for Mozilla. Maybe we just need to burn it down and start all over. Maybe we need Igalia to get Servo off the ground and make a better browser out of it.
@deshipu Thanks, I found info on their investments in a summarized financial statement. Looks like when the fund isn't actively losing money, it only makes a tiny fraction of what they get from royalties. I'd say Mozilla is still very much a financial appendage of google for now.
