[tor-talk] Facebook brute forcing hidden services

edhelas edhelas at movim.eu
Sun Nov 2 10:10:46 PST 2014 

On dim., nov. 2, 2014 at 2:37 , rysiek <rysiek at hackerspace.pl> wrote:
> Hi,
> 
> okay, fuck that, I'm going to dive in, because the level of FUD is 
> strong in
> this one.

Well, thanks :)

> 
> 
> Dnia niedziela, 2 listopada 2014 12:19:24 edhelas pisze:
>>  I can resume this fragmentation issue by a simple sentence that I'm
>>  saying more and more these days : "If you have a problem, do not 
>> write
>>  an API, write a protocol".
> 
> Sure:
> https://xkcd.com/927/
> 
> I don't understand why we need over9000 different, incompatible 
> federated
> social web protocols. It would seem to me we need *ONE* with several 
> *GOOD*
> implementations.
> 
>>  The social federation protocol is already here : it's XMPP. And yes 
>> it
>>  can support everything a social network has to offer (feeds,
>>  subscriptions, profiles, contact list…). There is already 
>> millions of
>>  users on the XMPP network, and you can easily find several clients 
>> on
>>  all the plateforms for it.
>> 
>>  I'm working since 2008 on the Movim project (https://movim.eu/), to
>>  build a full, good looking, "decentralized" (federated) and open 
>> source
>>  social network on XMPP. And believe me, yes it's possible.
> 
> I won't discuss that. I will however point out that "possible" is not 
> enough.

It's possible to push it forward and try to not reinvent the wheel 
again and again by creating a new protocol.

> 
> 
>>  I like the link that the guy made in the presentation with Firefox. 
>> Why
>>  Firefox surpassed IE ? Because they just choose to implement the W3C
>>  standards and try to improve it (and they offer some nice features 
>> too).
> 
> Absolutely.
> 
>>  Diaspora, GNU Social, Friendica are not trying to do that, they 
>> create
>>  their own "proprietary" protocol
> 
> Oh, wow. Do you even understand the words that you use? I mean, 
> "proprietary"?
> It's documented, the code is open, the protocol has at least two FLOSS
> implementations. Seriously, what were you trying to achieve here?

Ok, the term "proprietary" was a little strong. Of course the 
sourcecode of theses projects is open. But can you give me any serious 
documentations (more than a Wiki or some ML links) that can help me to 
implement properly the Diaspora/Friendica/GNU Social protocols like 
RFC, IETF stuffs ?

A protocol have to be stable in the time, most of theses project just 
create their own protocol from their need. The Diaspora protocol was 
re-written already one time (which totally broke the Friendica 
compatibility at this time), the guys from Status.net moved to 
Pump.io…

> 
> 
>>  to talk between each other and after that face the same issues than 
>> all the
>>  others network : "Hey, we are not compatibles ! Lets create an API 
>> and the
>>  other networks will be compatible with us".
> 
> No. They created a protocol that other networks implement. For example
> Friendica implements GNU Social's protocol, Diaspora's protocol and 
> their own
> (documented, opensourced) protocol. Red similarily.

No, they wrote their own protocol for their own project, and someone 
just try to implement it to try to be compatible. But it's a one way 
work, the guys from Diaspora will not adapt their protocol to help the 
guys from Friendica/GNU Social/whatever.

> 
> 
> Reading a bit on it would be a good idea.
> 
>>  So keep calm and implement XMPP ;)
> 
> No. Come to The Federation assembly at #31C3, get involved in a more
> meaningful way than calling open protocols "proprietary" just because 
> you
> don't know them, and try working with quite a few projects that 
> already
> cooperate and federate with common *protocols* (not APIs).
> 
> The question is not "which protocol is better", because while we 
> bikeshed on
> this question, people are still sitting on Failbroke and Shitter, 
> instead of
> moving out of these walled gardens.
> 
> The question is: "how can we *cooperate* to get people on the libre, 
> federated
> side of social networks". 1.5 year ago I submitted to all the 
> fedsocnet devs a
> simple question, here's the link again:
> http://lists.w3.org/Archives/Public/public-fedsocweb/2013May/0058.html
> 
> The answer was: "impossiburu, we won't, not invented here, my 
> protocol is
> better than yours". So instead of trying to herd those cats, I am 
> grabbing the
> opportunity arising from the fact that we already have The 
> Federation. Let's
> expand it and build upon it, eh?

What is your plan with The Federation ? To build a project to help all 
theses project to talk each others and find a way to "standardize" the 
communications between them to be compatible with eachothers ?

Then you will define some basic schema of authentication/packet format 
(JSON/HTML/XML…)/global architecture…
In the end it will looks like this : https://xkcd.com/927/

If your aim is to ask theses project to have a public API to share 
stuffs between their different servers, well good luck.

> 
> Shouting "XMPP! XMPP!" is not helping.

No, but I prefer to contribute and improve a 15 years old protocol, 
with millions of users and hundred of implementations, managed by a 
strong Fundation that works with the IETF than on a 4 yo protocol 
implented by ~2 project where all the documentation you can find on it 
is here 
https://wiki.diasporafoundation.org/Federation_protocol_overview.

> 
> 
> --
> Pozdr
> rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 6477 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20141102/534e0b09/attachment-0001.txt>

More information about the cypherpunks mailing list