| ▲ | hackthemack 6 hours ago |
| I hang out with a small group of sysadmins who like to spin up the old internet stuff, like irc, gopher. And that got me to thinking about Usenet and how a ton of software (usually pirated) and images (usually pornography) were posted to it. And people often posted stupid stuff they said (usually because they were young and dare I say afflicted by a moment of dumb). I think one of the problems with p2p distributed systems is how do you handle "mistakes". Things you want deleted. What if someone accidentally posts their address and phone number? What if you post a communication system with encryption methods, but then the government passes a law that is criminal? Maybe in some regimes that puts you on a list for arrest? Look at what is happening with HAM radio operators and Belarus... https://www.niemanlab.org/reading/ham-radio-operators-in-bel... To me, none of this raises above the idea that distributed p2p content should not be used. It is just that it has some issues. Also, unrelated, but I think the plethora of "How does this compare to XYZ" type comments are not very helpful. It is too easy to write that kind of post, but much harder to answer. |
|
| ▲ | fc417fc802 5 hours ago | parent | next [-] |
| A large proportion of historic usenet posts are archived and remain freely available today. Didn't google end up with one of the larger commercial archives? So that "stupid stuff" is still around unless it got deleted at the time (and wasn't archived first). New uploads to github are constantly being scanned by both benevolent and malicious actors for secrets that were inadvertently checked in. It's far too late by the time you notice and delete it. This P2P system doesn't appear to introduce any new problems that aren't already widespread. |
|
| ▲ | pluralmonad 6 hours ago | parent | prev | next [-] |
| This just seems like acknowledging the reality. If you publish something publicly, it's very possibly forever. Maybe a reasonable solution would be for a user client to delay publishing for a time (like an email client that lets you cancel/recall a sent email for a time). |
|
| ▲ | endiangroup 6 hours ago | parent | prev | next [-] |
| AD: We're actively working on that issue right now, making the defaults safer. We're also discussing internally how to enable revocation of content at the network level. It won't be perfect, but neither is GitHub or the likes. |
| |
| ▲ | fc417fc802 5 hours ago | parent [-] | | > We're also discussing internally how to enable revocation of content at the network level. Isn't that a solved issue? Or rather unsolvable. With ActivityPub there's just a deletion notification that's obfuscated so that you can't identify the item unless you already have a copy of it. What else can you do? | | |
| ▲ | lorenzleutgeb 4 hours ago | parent [-] | | Right. Radicle nodes out of the standard distribution would be kind enough to delete. On the technological level you cannot do more (also not really less, funnily enough). But it would be possible to patch the code and remove deletion. Often times I just take the "information theory perspective": You fundamentally cannot make something "more private". Once it's out, it's out. You cannot "untell" a secret. That's just not how it works. But then other solutions also have this problem. Once I have `git fetch`ed from GitHub, or received that e-mail containing a patch on a mailing list, I have a copy on my filesystem. It's going to be pretty darn hard to remove it from there if I don't comply. Maybe you'd have to enforce some law. In that context, it seems that people were led to believe that "removal from the server(farm)" is the same as "removal from the universe", but that's just not true. Happy for any insight on how to approach this differently. | | |
| ▲ | hackthemack 4 hours ago | parent [-] | | I am just glad some thought is being put into it. Thanks for the efforts. I keep thinking about people putting secrets up in github. You can not really get rid of something that is out there, like you said. But people do make a request to github to remove it. And if no one has put in the effort to copy it and republish it, it is not as "out there" as if it were still on github. Thinking on old BBS boards on the internet. Most people will use Internet Archive to search for old dead sites. If it is not on there, it is not as "out there" as if it were on the Internet Archive. I am thinking it is not quite as black as white as it seems. There is some kind of entropy effect. Thinking on pre-internet newspapers. If you posted something in a fan zine in the 70s, it might have faded from existence due to lost copies, or it might be in some collector's stockpile. It might even be scanned into the Internet Archive. Or not. No great solutions come to mind. But there does seem to be some "small" value in being able to say, delete this as it was a mistake. Maybe, also, more education, or a warning about "beware, be extra careful, this is going to be around for all to see for a long time, possibly forever". | | |
| ▲ | lorenzleutgeb 2 hours ago | parent [-] | | > I keep thinking about people putting secrets up in github. You gave me an idea. For Radicle, we implemented a `git-remote-helper` (Git recognizes `rad://`-URIs and then wakes up the helper to handle the rest). This helper could well look at the blobs being pushed and detect secrets. Then error out and request a retry with `--force` if the user is sure. To implement something like this, we'd not want to reinvent the wheel, so we'd want to consume some description of patterns that we should look for. And obviously we're not going to ask GitHub or some web server. So, is there such library? In a format that is simple-ish to implement filtering for but also catches a good amount of secrets? | | |
| ▲ | fc417fc802 an hour ago | parent [-] | | Yes, several well established secret scanners exist. Integrating one into radicle as a first class citizen is an awesome idea. |
|
|
|
|
|
|
| ▲ | phoronixrly 6 hours ago | parent | prev | next [-] |
| You know, a centralized system is not immune to any of the issues you are listing here. Whether your mistakes can be deleted is up to the operator. They can even lead you to believe your content was deleted, while reporting it to the authorities. > What if you post a communication system with encryption methods, but then the government passes a law that is criminal Did you post it while it was legal to do so? Yes. Are you distributing it after it was deemed illegal? No. If you are in a country with a fair justice system, you wouldn't have to worry. If you are in a country without one, they will find a much easier way to get you anyway. |
| |
| ▲ | Dumbledumb 6 hours ago | parent [-] | | In legal and public opinion distributions and authorship might not be looked at with such a technical lens, especially in a country trying to ban encrypted communications. A muddying between the two could easily be constructed intentionally, or unintentionally by ignorance of executive and judicial powers. | | |
| ▲ | phoronixrly 6 hours ago | parent [-] | | As I mentioned, if you are inconvenient to your government in an authoritarian state, they will not bother with technicalities to get rid of you. Other people distributing code that you once authored will not stop by them getting rid of you. |
|
|
|
| ▲ | vlad-roundabout 6 hours ago | parent | prev | next [-] |
| Can't you just download content from centralised services as well? |
|
| ▲ | 6 hours ago | parent | prev [-] |
| [deleted] |
