Secure scuttlebutt in a browser

For roughly the last year I have been working on bringing secure scuttlebutt to the browser. The result of this is ssb-browser-core.

Secure scuttlebutt allows one to write an unforgeable append-only log of messages and to exchange these messages between nodes in a p2p network without a central authority. With this, one can build event sourcing systems.

The first secure scuttlebutt implementation (there are also Go and rust implementations now) is a normal node application and thus requires a lot of things that are not readily available in a browser such as a filesystem and crypto. Filesystem api is provides by random-access-web that for chrome uses the file system api which is quite fast. Crypto is provided by libsodium.js which uses wasm and is roughly 90% the speed of running it natively. The last part is network, he we rely on web sockets which gives us a long running connection to a server somewhere. With epidemic broadcast trees to exchange messages, one can get the latest messages for several hundred feeds (probably also thousands) in a reliable and low latency manor.

With this, one is able to run secure scuttlebutt in any environment where the browser works. This includes Chrome, Firefox, Safari and on android and iOS. By running as a progressive web app it is possible to side step the normal walled garden of the dominant mobile operating systems. Jacob also managed to get it running as a web extension.

The main application for showing what can be built on top of these primitives is a social network called scuttlebutt. In order to test the functionality of the core, I wrote a demo application with most of the basic functionality for having conversations. Other applications that has been built on top of the protocol includes gatherings, chess, git, books.

I did a walkthrough of how it works for a few people in the SSB community. You can watch the video below.

This weekend I’ll be at the University in Basel to discuss SSB and related p2p technologies.

Book review: Better work together

A few weeks ago I finished a really good technical book called Better work together. The book is written by people from enspiral about working together in non-hierarchical structures and the lessons learned from doing this within enspiral. I was lucky to meet a few of the authors at the network convergence retreat I attended last year.

The book is written as a bunch of essays and reflections by a range of authors, instead of a single author, very much inline with the books theme. This includes great stories, such as the ones from Susan and Kate, but also deep thoughts about growing distributed leadership by Alanna and musings on consensus by Richard. Also thoughts on how to value the commons and the things you can’t (and probably shouldn’t measure).

It was interesting to hear the ways in which enspiral has envolved over time. It is both a collection of great individuals, but also a collection of coops or livelyhood pods and companies. Enspiral as I see it, is a shared brand for these, and this is where I find a tension as that puts a lot of pressure to align, almost top-down a bit like a political party. Instead of doing it bottom up, where the individual companies are the main focus. Maybe it is just the way the story is presented, but that is both impression from talking to people and from reading the book.

That being said, it is probably the best book about running a non-hierarchical organization I have read since The Seven-Day Weekend by Ricardo Semler. Highly recommended.

Techfestival talk

I went to TechFestival in September and did a talk at the Algorithmic Sovereignty summit. The talk touches on how Scuttlebutt can be used to regain some sovereignty over how data is shared and bring transparancy to the algorithms that runs on the data. The whole summit was a wonderful experience with lots of interesting people and discussions. When talking about these issues most people talk about the negative aspects of current systems such as Facebook, but rarely about solutions so I was really happy to give a more solarpunk positive story. The problems are really hard as it intersects human nature and technology but are increasingly important in todays society.

Scuttlebutt development grant

Since January I have been working on a grant to add a benchmarking ci framework to scuttlebot to better understand the behaviour and make it easier to find regressions as the implementation matures and changes. Furthermore I have been spending time understanding and finding things that can be improved performance wise.

The grant is almost at an end so I’ll use this blog to summarize what has been achived.

  • Built a CI framework and visualization tool for the bench-ssb repo. I used the nci framework for this and have been quite happy with the result.
  • Found and fixed a memory leak that made level-post really slow over time.
  • Made several improvements to flume to improve performance. Some interesting links related to this: charwise  and json performance related to buffers in node.

I have kept a dev diary for the duration of the grant. It has been a very interesting to really get to understand a relatively large and real world distributed system.

This is why scuttlebutt is awesome

I wrote a small plugin for ssb that allows it to read through posts to discover dat links and seed them automatically.  The cool thing is that you can tell it to only seed for people you follow.  Besides the normal use case of a user only sharing friends links, this also makes it really easy to set up a pub that automatically seeds content shared by its member. This combined with something like beaker browser makes it easy to create content and share it in a totally distributed fashion.

The best part is that it is only 100 lines of JavaScript.

Chromebook for development

I got myself an early Christmas present: an Acer Chromebook 14. I wanted a dedicated linux development machine and always wanted to try out Chrome OS to see what it was like. So far the overall experience has been good. The laptop is excellent for the price, the screen is good, keyboard is fine and best of all, the battery life is really good.

I installed debian stable (jessie) in a chroot on the machine using crouton. There i can run node, scuttlebot and tor and use emacs graphically using xiwi  for editing. The best part about crouton is that you can do a full chroot backup and store that somewhere safe. You can even have multiple chroots running at the same time for testing. Crouton seems a little rough, like I ran into this wierd node bug. But overall I like the seperation. I might end up installing debian directly at some point, but for now this suits me fine.

Tor support in scuttlebot

For the past year I have spent some time on a distributed system called scuttlebot. Scuttlebot using gossipping to distribute message and is a true decentralized system. What is interesting is that the applications built on this platform shares the same decentralized thinking. There is a twitter/facebook clone and a github clone. In git-ssb-web you can do the normal fork/pull request workflow or you can use the web of trust built into scuttlebot to allow multiple people to write to the same repo, so you get the best of both subversion and git. I have built an entity database inspired by CQRS on top of scuttlebot, that handles writes and reads separately and  allows one to reason about concurrent writes to objects in a way that minimizes conflicts in 170 lines of javascript.

My latest contribution to the project is to add tor support. Meaning that the gossiping works in hostile network environments and you get location transparency for free. Tor seems like a perfect fit for scuttlebot and allows for censorship resistant distributed systems to be built. The following is a small guide for settings up a scuttlebot node (or pub in their terminology) on tor.

Configure tor to expose a hidden service on external port 8888 to
8008 locally (/etc/tor/torrc):

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 8888

Then setup sbot to use the onion address:

sbot server –host <YOURONIONADDR>.onion –port 8008

Thats it!

Please note that scuttlebot will make connections to non-tor nodes, so if you don’t want to expose your pubs ip and only have it communicate over tor, you need to pass it a –tor-only flag as well. The latest 9.4 is needed for this to work.

You can join my existing pub with the following invite code:

sbot invite.accept 355ij5sv346bpih2.onion:8888:@lbocEWqF2Fg6WMYLgmfYvqJlMfL7hiqVAV6ANjHWNw8=.ed25519~t7UhT15nIaDoWbdTZHVg4HJ1VHcmtl/FOplSyQfn03E=

On altruism part 2

In the spirit of holidays and sharing is caring, an update to my other post with some more interesting organizations to support:

1) Electronic Frontier Foundation. If you havn’t watched this then do it now. Then you’ll know why they are important, more now than ever.

2) Mozilla. I can’t think of another program I have spend so much time using over the last many years. Their support is important in order to remain independent and make the web a better place.

3) Randers regnskov  This is a Danish one, but a rather important one I think. They pay for school to an indian tribe in Ecuador, and in response the families will not sell their rain forest land to big international companies. What a great idea and really worth spreading.

On altruism

Some years ago I became an apostate by leaving the church and became a “real” atheist. In Denmark the church and the state are still quite heavily intertwined. Luckily the biggest portion of the money the church receives are from believers who pay about 1% of their annual salary through a special church tax. Many of these never go to church, except for Christmas, when they get married or when they get children and need to get them baptized. What would happen if they spend that money on charity instead?

I have been thinking about ways to spend some of the money I don’t have to pay the church for altruistic purposes. So far I have donated to three different causes that I think makes the world a better place.

1) Wikipedia

We need to nurture and make sure that information in the public domain stays there and are available to anyone with an internet connection free of charge.

2) Khan Academy

I have always been interested in how we can improve the education system and now being a father certainly helps me appreciate any progress being done in this area. Salman Khan tells their story in this TED talk much better than I can do.

3) Global Witness

There are a wealth of different organization trying to help the poor in need, but I always find them lacking in that they seem to focus on individuals rather than looking at the bigger picture. When I watched Charmian Gooch talk about global corruption I instantly felt that this was finally something worth supported and something I could see really make a difference in the long run.