Toward federated services
Federation is not exactly a household word in free-software advocacy. However, a small but growing number of projects are using the term to describe de-centralized web applications based on open protocols. Such an approach, they maintain, is necessary to counter the lock-in created by centralized, proprietary sites such as Facebook and Instagram.
Although such centralized sites are sometimes applauded for running on top of free software, the challenges they create for free-software advocates are far from new. As early as 2008, Tim O'Reilly asked: "What good are free and open source licenses, all based on the act of software distribution, when software is no longer distributed but merely performed on the global network stage?
".
Yet the Free Software Foundation has continued its license-based approach, promoting the GNU Affero General Public License (AGPL) as a way to bring free software to cloud services. However, the fact that less than one percent of projects were using the AGPL in 2013 (according to Black Duck Software) indicates that the AGPL is too little-used to be influential, even assuming that it might actually provide an alternative.
The identification and popularization of the concept of federation is usually credited to Evan Prodromou of StatusNet and Identi.ca. In searching for an alternative to centralized web services, Prodromou and projects like GNU MediaGoblin looked back to services like email and IRC, in which anybody can run their own servers, and users can run the software of their choice while still being able to communicate with each other. By contrast, on centralized sites, users can do neither. The closest the users of centralized sites can come to federation is to use tools such as Friendi.ca to post to multiple sites simultaneously; even then, proprietary or constantly changing APIs are frequent problems.
The problem with centralized services
Although centralized sites are often convenient, the trouble is that they contradict the ideals of free software for both developers and end-users. As Kenton Varda of Sandstorm explained:
At best, the only changes will be ones that the centralized site finds convenient in the short-term.
For end-users, centralized services raise both technical and privacy concerns. Technically, centralized services create a series of walled gardens that connect poorly, if at all — if, for instance, you have a Flickr account, you are unable to share photos directly with Instagram. Moreover, as GNU MediaGoblin's fundraising video explains, centralized services also mean centralized control. Users communicate through the service, instead of directly with each other, and become subject to whatever terms of service the service enforces. For example, content may be limited, or, as happened in the early days of Google+, anonymity may be prohibited. Should the service develop technical problems, it becomes unavailable to everyone, while in a federated network, if one node goes down, only those working with that node are affected.
However, perhaps the most important concerns about centralized sites is that their users lose control of their data. According to Prodromou:
In these situations, the idea of federation is seen by its advocates as being just as important as the code quality. The nodes of federated networks, their advocates maintain, should, in theory, be more respectful of user choice and privacy. Moreover, should one federated node prove unduly bureaucratic, users can always migrate to another one to continue receiving service.
Putting the theory into practice
Federation is far from a new concept. Prodromou suggested that the blogging networks that sprung up just after the turn of the millennium could be considered the first deliberate efforts to create federated networks. One or two efforts at federation, such as Diaspora*, have even received widespread media attention. To date, however, no implementation of federation has come anywhere close to achieving the success of centralized sites like Google+ or Twitter.
Part of the problem is that breaking monopolies by direct competition is
difficult in any circumstances. Prodromou suggested that "it's a
chicken and egg problem
" to gain popular acceptance. Federated
services need a large user base, but they are unlikely to attract users
unless they already have a large base. Even dedicated free-software advocates are as likely to use Twitter as Identi.ca — not because they approve of Twitter's practices or privacy policies, but because their friends are using it.
Another problem is that projects that promote federation are not intended primarily for average users. Their main appeal is to the minority who want to run their own servers and perhaps fork the code. As Varda noted:
For example, MediaGoblin's project lead Chris Webber observed: "we have a
lot of people say that they want to deploy their own MediaGoblin server,
but they don't have the time
" for either the initial configuration
or the ongoing maintenance.
Moreover, user-friendly design is difficult to implement when a project is still in rapid development and is struggling to reach its first general release. As a result, efforts at federation have yet to reach their full potential. According to Prodromou:
Efforts to develop common protocols such as pump.io are being made, but attracting early adopters without full functionality is difficult. Although those working on common protocols include representatives from IBM and Mozilla, the majority are from smaller and more obscure projects, many of which are still in the early stages of development.
Yet even without these problems, federation is a a hard sell. The truth is, security and privacy are unappealing to many users. As Prodromou observed, promoting federation goes against the truism that, if developers want success, they need to:
All the same, those who are promoting federation remain optimistic. Because
federation encourages code innovation, they hope that federated networks
will eventually be able to offer features that centralized networks
cannot. "End-users aren't going to be attracted to federated networks
just because they're federated,
" Webber said, "but because
there's software available that isn't available elsewhere.
"
Prodromou agreed, suggesting that "the more we include games and rich
content and [have] lots of interesting things happening, the more people come back, and the more that they invite their friends.
"
Even the dryness of federation as a subject may be less of an obstacle than anticipated — after all, Webber noted, if a subject as arcane as the HTML5 standard can attract widespread interest, so, too, might federation some day.
Whether federation can gain acceptance, much less counter the ills of centralized services, is still anybody's guess. For now, however, its potential is becoming as much a concern in some free software projects as the code itself. Federation may, in fact, be the long-delayed answer to the challenges offered from web applications, but whether it can be implemented widely enough to make a difference remains uncertain.
| Index entries for this article | |
|---|---|
| GuestArticles | Byfield, Bruce |
Posted Sep 5, 2014 14:17 UTC (Fri)
by mjthayer (guest, #39183)
[Link] (9 responses)
My feeling is that an RFC with a reference implementation would fly better than just a FLOSS client.
Posted Sep 5, 2014 18:14 UTC (Fri)
by vmj (guest, #66908)
[Link] (7 responses)
Posted Sep 5, 2014 21:44 UTC (Fri)
by pizza (subscriber, #46)
[Link] (6 responses)
XMPP's failures weren't technical -- From an F/OSS perspective, XMPP has never been more popular. However, the big commercial players abandoned (or never adopted) it for political reasons.
Posted Sep 5, 2014 21:47 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link] (3 responses)
Yet no independent support for XMPP really materialized and all the third-party XMPP clients are shit. So Google after 10 years or so simply decided to drop XMPP.
Posted Sep 5, 2014 22:10 UTC (Fri)
by pizza (subscriber, #46)
[Link]
... and they abandoned it almost as soon as they released it, or at least the official google clients didn't actually use libjingle as released.
> Yet no independent support for XMPP really materialized and all the third-party XMPP clients are shit. So Google after 10 years or so simply decided to drop XMPP.
Google dropped XMPP because a federated IM system no longer fit their goals of building a walled garden (ie Google+) to compete with Apple and Facebook, and even before that they didn't actually care about adhering to the standards they themselves helped define. (ie libjingle) It was an entirely political decision; there was no technical basis for what they did.
As for "no independent support" -- by this you mean the other big IM players, that had a vested interest in maintaining their own walled gardens and lock-in? Especially when several of them (most notably facebook) actually used bog-standard XMPP on the client side.
Meanwhile, if by "all third-party clients are shit" you mean that said third-party clients not properly implementing (ie reverse-engineering) the nonstandard quirks of said first-party clients and services... and by non-standard I mean deliberately ignoring stuff that was already well-defined and rolling their own. (push notifications are the main thing that come to mind; Both Google and Facebook rolled their own that happened to map to their backends rather than shimming their backends to deal with the actual standard)
Posted Sep 5, 2014 22:39 UTC (Fri)
by wahern (subscriber, #37304)
[Link] (1 responses)
I run my own XMPP server, and I can interact with Google Business users who haven't been automatically "upgraded" to Hangouts. Tons of people and corporations still use XMPP.
I was never a fan of XMPP, even before it was standardized. But I've been running my own server Jabber/XMPP server for a long time, because not only is it widely supported by FOSS, it's the only non-proprietary game in town.
Perhaps you meant that neither Microsoft nor Apple adopted XMPP. Well, they're certainly not going to interoperate with Hangouts, either.
"third-party XMPP clients are shit"
Are you kidding me? You're saying proprietary, HTML-based chat clients are better than clients like Adium?
libjingle never took off because people, especially early adopters like developers, aren't particularly interested in voice and video with their IM. Skype and, to some extent, Facetime dominate the real-time AV space. And while Skype also has IM, have you noticed that it's nowhere near as ubiquitous as Microsoft's or Google's IM usage? For whatever reason, AV and IM are like water and oil at the moment. The fact that the tide has turned toward SMS suggests that this isn't going to change anytime soon.
Heck, even Google Voice is being abandoned as a separate product. Neither decision had anything to do with technical deficiencies. It's a product management decision. Google simply decided to double-down on their walled garden, hoping to leverage the success of Android and the ubiquity of GTalk to solidify their lead in the messaging (IM, voice, video) space, partly as a strategy to compete with Facebook. It is, after all, being done under the Google+ umbrella.
I'm not saying Google is evil. I love lots of Google products, especially Android, Chrome, and Chromebook. I just also enjoy my freedom, at least as much freedom as I can manage to defend. I've run my own web and mail servers for nearly 15 years now, and I'd be horrified of any world where I had no choice but to entrust those things to some third-party.
Loosely speaking, it's like the difference between renting and owning a home. Renting makes a lot of sense for many people, but there's more to the equation than money or convenience. For example, not only a sense of privacy and autonomy, but actual privacy and autonomy (even if it's less than it seems).
Posted Sep 7, 2014 10:06 UTC (Sun)
by Cyberax (✭ supporter ✭, #52523)
[Link]
But none of my contact list uses XMPP.
> Are you kidding me? You're saying proprietary, HTML-based chat clients are better than clients like Adium?
Let's start from the beginning:
2) XMPP has very poor discovery and search services.
3) No server-side message archiving and searching.
4) Group chat rooms are STILL unusable and unsupported in most of client software.
5) Death by a thousand XEPs - there are about 400 proposals for enhancement. Most of them are either completely unimplemented or implemented exactly once.
>Skype and, to some extent, Facetime dominate the real-time AV space. And while Skype also has IM, have you noticed that it's nowhere near as ubiquitous as Microsoft's or Google's IM usage?
Posted Sep 7, 2014 11:06 UTC (Sun)
by TRS-80 (guest, #1804)
[Link] (1 responses)
Posted Sep 7, 2014 11:47 UTC (Sun)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Posted Sep 6, 2014 5:45 UTC (Sat)
by ghane (guest, #1805)
[Link]
In my case, that may be "a bad thing". My LinkedIn profile is public, and I interact with people I meet professionally, at work or conferences. My Facebook profile is private, and my "friends" include only those who were me at University in the late 80's.
For all practical purposes, the two "me"s are different people.
Ditto for Google+: My circles are people I know socially today. Having separate profiles allows me to try a service, and experiment, without committing all my profile data.
You probably have multiple email accounts, as well.
Posted Sep 5, 2014 20:16 UTC (Fri)
by jhhaller (guest, #56103)
[Link]
Given these issues, centralized servers are the only solution (without deploying Google Fiber ubiquitously). But, end users are not willing to pay much, if anything, for privacy, so it's unclear how one pays for the centralized servers, their power, space, net bandwidth, and operations costs. Solving problems is difficult as an approach, because commercial services are likely to quickly implement any problem that an open source project solves.
Posted Sep 5, 2014 22:28 UTC (Fri)
by josh (subscriber, #17465)
[Link] (7 responses)
Posted Sep 21, 2014 14:18 UTC (Sun)
by zack (subscriber, #7062)
[Link]
Thanks for mentioning this, josh.
For people interested, here are the relevant links:
- slides: https://upsilon.cc/~zack/talks/2014/20140823-dc14-darkage...
Posted Sep 21, 2014 16:09 UTC (Sun)
by debacle (subscriber, #7114)
[Link] (5 responses)
Unfortunately, at Debian we live still in dark ages: People are working on all of them but Friendica (see Debian bugs #597093, #651944, #657405, #726486), but at the moment it is not easy to run one of the federated services on your own Debian machine. I'm sure, that federated services would attract more people, if actually running them were easy. As long as I have to use an unstrusted, 3rd party server, there is no big difference to centralised ones.
Posted Sep 22, 2014 9:48 UTC (Mon)
by pravi (guest, #43703)
[Link] (4 responses)
Posted Sep 22, 2014 12:30 UTC (Mon)
by mpr22 (subscriber, #60784)
[Link] (3 responses)
Posted Sep 22, 2014 22:23 UTC (Mon)
by debacle (subscriber, #7114)
[Link] (2 responses)
It looks like not much is missing to get MediaGoblin running on Debian, maybe 0.7 will make it into Jessie. Let's see...
(Installing by means of gem, npm, pip etc. is not an alternative: First, it does not integrate with the native package management. Second, it does not solve the underlying problems Debian faces when packaging stuff, i.e. license problems.)
Posted Sep 23, 2014 12:04 UTC (Tue)
by mpr22 (subscriber, #60784)
[Link]
Posted Sep 24, 2014 0:43 UTC (Wed)
by raven667 (subscriber, #5198)
[Link]
Either runtime-specific or system-wide package management is a valid way to manage applications but you cannot mix the two, whatever system you use needs to have a complete dependency graph so you can either have a separate runtime dedicated to your application or spend a lot of time building OS-specific packages for your dependancies. What would be interesting is to compare deb/rpm vs. cpan/gem/pip and see what special features one has that the other doesn't and see if there is any way to integrate the two universes, you can almost mechanically translate one package system into the other, for example cpan2rpm or python setuputils can make OS packages using the runtime-specific metadata.
Posted Sep 7, 2014 18:15 UTC (Sun)
by petur (guest, #73362)
[Link] (1 responses)
Just look at the success of whatsapp on mobile; create something that is easy to set up and connect, and users follow. Might need some interesting advantage to pull them over.
Posted Sep 22, 2014 9:53 UTC (Mon)
by pravi (guest, #43703)
[Link]
Posted Sep 11, 2014 8:23 UTC (Thu)
by callegar (guest, #16148)
[Link] (2 responses)
One of the biggest selling points of social networks is finding people. People use facebook to find old schoolmates, someone they got in contact during work the year before or the people they have just met at the party. "Standard" social networks give you a single universal pool of people to search (in the billion order of magnitude). "Standard" social networks also make searching people very easy and actually pro-actively suggest people to connect to by looking at connection graphs.
So far, the federated systems that I looked at could only search users within the local basin of the individual server. You will could not use them to find someone who you met the year before while on holiday even if such user was on a node of the federated system. Furthermore no individual server could have a view of the connection graph around you to be able to suggest connections. This is a big obstacle to the growth of large connection graphs and a userbase sufficient to reach a critical mass.
Has this changed recently or since I tested?
Posted Sep 11, 2014 12:22 UTC (Thu)
by spaetz (guest, #32870)
[Link] (1 responses)
Posted Sep 17, 2014 7:53 UTC (Wed)
by elanthis (guest, #6227)
[Link]
Which is terrible. Sometimes I remember someone's first name only. Searching Facebook prioritizes people with mutual contacts which we're likely to have and hence I can find the person. If I had to use an email or some arcane Grognard-y identifier, my contacts list on Facebook (or LinkedIn, Twitter, etc.) would be quite a bit smaller.
I've searched people by company they work for, first name spelled right, first name spelled wrongly, and various other qualities. That needs to work with any new federated system. Otherwise the federated system is a step down in social functionality compared to the current systems.
This doesn't mean that the federated system has to support this search feature but rather that there needs to be a search engine that collects data from any public federated server, same as how Google isn't the sole provider of the Internet but Google.com tends to be pretty key in actually using the Internet for many of us. I'm not sure how'd you would implement privacy features like "only friends and friends," though.
Posted Sep 21, 2014 16:00 UTC (Sun)
by BeS (guest, #43108)
[Link]
Personally I think the old identi.ca aka Status.Net had the chance to reach this critical number of users. Further it wasn't just a Twitter clone but added some extra value like groups. With the switch to pump.io the situation become much worse.
Toward federated services
Toward federated services
Toward federated services
Toward federated services
Toward federated services
Toward federated services
Toward federated services
Sure, I still run my own ejabberd server. One of my desktop products used XMPP for an in-app chat system.
Yes, they are. Try Slack Chat and then tell me if there's anything better.
1) XMPP is hard to use and implement (Incremental XML parsing? Really?). Pure HTTP tunneling was added very late in protocol's life, so there were tons of problems with fascist corporate firewalls.
Uhm, I hate to break it to you, but Microsoft's IM has finally died last week. Everybody had been moved to Skype, and I'm actually using it for ALL my IMs now outside of our company (we use Slack internally).
Oddly Cisco is pushing XMPP hard in their recent versions of their PBX (CUCM) - the device (PC/phone) client is even called "Cisco Jabber". I think however that this is more about traditional VoIP protocols like SIP/H.323 being too hard outside of a corporate LAN/WAN.
Toward federated services
Toward federated services
Toward federated services
Solving problems
Toward federated services
Toward federated services
- video: http://meetings-archive.debian.net/pub/debian-meetings/20...
Toward federated services
$ sudo apt-get install diaspora friendica mediagoblin pump.io
...
E: Unable to locate package diaspora
E: Unable to locate package friendica
E: Unable to locate package mediagoblin
E: Unable to locate package pump.io
Toward federated services
... and thus I conclude that no, I will probably not be installing diaspora on my systems, because someone trying to package it for Debian has just successfully painted it as very nearly a perfect stereotype of what's wrong with the ecosystems of dynamic languages and the projects that are written in them.
Toward federated services
Toward federated services
Might be cutting it a bit fine for Jessie; the freeze is scheduled for Gunpowder Night.
Toward federated services
Toward federated services
Toward federated services
Toward federated services
Toward federated services
Toward federated services
Toward federated services
Toward federated services