1160
submitted 1 year ago by Gork@lemm.ee to c/technology@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] gohixo9650@discuss.tchncs.de 30 points 1 year ago

and WireMin

sorry this is not open source. Who is behind it, what is their gain and how do I trust whatever they claim in their website?

[-] lemme_at_it@lemmy.world 9 points 1 year ago* (last edited 1 year ago)

According to their FAQ: https://wiremin.org/#/FAQ

"We will release the design and/or reference code to the public when the initial version is stabilized."

EDIT: After having fully read the FAQ, I must admit, their DHT (distributed hash table) protocol sounds very neat. Being something of a protocol geek, I'll be the 1st to admit that I may be biased, so if a 2nd pair of knowledgeable eyes could try burst my bubble, just in case I'm missing something. I'd appreciate it. Thanks.
According to them, albeit with no documentation, source plus a firstname.lastname@gmail address as a contact. The lead developer seems to be an O’Reilly publisher of MySQL books but I can’t confirm that until I hear back from the developer.
Basically, these are some features:

  • "Wiremin is a protocol, not a service" - so no Terms Of Service
  • No registration - the app cryptographically adds users by device, so no email, phone numbers or contact reading to recommend contacts.
  • No data privacy concerns as the app is incapable of storing or collecting data,
  • No ads by default; therefore none of all the related drag that comes with that.
  • No central storage or processing servers - all done 'on device', E2EE,
  • Community driven, (I've asked for elaboration of how this is achieved)
  • No metadata tracking or leakage,
  • PoW (Proof Of Work) to stop DDoS,
  • Mnemonic backup of account info,
  • opt-out diagnostics after crashes
  • Unsend within 5 minutes...
  • "Information we share" ... We don't have user information of any sort, so nothing will be shared." They go on to disclose needing to share with law enforcement info about third-party services you interact with though, like Google, Firebase or Apple push notification ids - which you can turn off

It really is quite impressive, technically & they seem to have coded themselves out of the equation as they can't even see your password or recovery passphrase.

Be that as it may - as you rightly point out, all we need now is the source, without which, I doubt I could back it.
I've reached out requesting info on whether it will be full or partial source, roadmaps, transparency, funding for devs etc before downloading & trying this but it sounds fantastic - too much so, when compared to, say Discord or X.

PS: My interest in this mostly academic intrigue, I don't work for them or know them, I just found out about this a few hours ago. Most of the wording here is copypasta. I once wrote commercial protocols in the IoT space that were loosely based around early XMPP - until Google killed it. Which is why I'm so happy about the fedi existing despite the best efforts of Google.
Anyway, this protocol seems to resemble the functionality of the FOSS app Syncthing, at least on the surface. Of course with the addition of other tech. I'd love to see one or two features like this in Lemmy or Mastodon, even if I had no interest in the code. The cost of infrastructure & the need to administer it, for example, would disappear overnight.

[-] CosmicCleric@lemmy.world 7 points 1 year ago

I feel like I just read a brochure for a product.

[-] lemme_at_it@lemmy.world 0 points 1 year ago* (last edited 1 year ago)

I was doing it more as a wishlist or an idea board to draw opinions from. However, as stated; as nice as it sounds, I'd rather admire the code than have the features without the code. Whoever did this though, was quite thoughtful about risks, including the - the 'bus factor'.
As a comparison, I really liked the "Connect For Lemmy" app when I first joined up.
It has some great features, some of which are still not on Jeboa. The dev even said he'd open the source if there was interest. I gave up on waiting, uninstalled & now use Jeboa on mobile exclusively because Connect is still closed, as far as I know.
I am FOSS or nothing, if I an help it - especially in communications apps. If the source fails to materialise then I will forget this too - even if I can indulge in speculating on the methods used. There is a fair amount of skill & thought required to pull this off. The best part though, I'm hoping, is that as a protocol, it would be a great chat accompaniment to & not a replacement to Lemmy or Mastodon. Again, without the source, I can only guess.
Regardless, the fedi is young enough to be influenced by good ideas early, before it becomes too costly in time, effort & complexity, to undo or implement changes later.

[-] CosmicCleric@lemmy.world -1 points 1 year ago* (last edited 1 year ago)

I am FOSS or nothing

even if I can indulge in speculating on the methods used

The only thing though is that you spend a whole lot of time/verbosity describing in detail all the good points about the product, and then just mention it's anti-FOSS nature at the very end of your long comment.

Usually someone very pro-FOSS will mention that negative up front.

[-] lemme_at_it@lemmy.world 0 points 1 year ago* (last edited 1 year ago)

Or seek to implement those features in a free & open way; but the features have to necessitate the effort & if the features are not clarified then no effort, especially a distributed one can even begin to replicate them. What do you suppose ought to be done first when building an app - the feature request or the code?

In any case, I wrote this right at the top of the post before getting to the good stuff, so you could have stopped there if you wanted to:

“We will release the design and/or reference code to the public when the initial version is stabilized.”

[-] LWD@lemm.ee 1 points 1 year ago* (last edited 11 months ago)
[-] gohixo9650@discuss.tchncs.de 1 points 1 year ago

as I see it, the problem in your statement is that while you mention you're pro-FOSS, you got overexcited by the claims of an unknown entity over technologies that you like and at the same time you have no source. Just promises. They could even be a startup that has just put all the buzzwords there while in fact on their code they don't do anything of that and they just use a centralized server with symetric encryption and have the symmetric key stored in the code. The app will look like it works till proven that it is not. As long as they don't want to publish their code, you getting overexcited (at least for me), is pointless.

There was an example with a startup that was doing something similar to that, not in that magnitude with a stored key, but something equally bullshit until they were exposed. Quite early in their journey. Cannot remember the name right now but there was a good analysis by a researcher. If I remember it, I will add it.

this post was submitted on 24 Oct 2023
1160 points (86.0% liked)

Technology

59590 readers
2886 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS