Hosting on desktop computers

[waaaaargh]

Hosting infrastructure on a desktop computer is not a particularly good idea IMHO. Even though it is possible, it is connected with technical problems like disabling firewalls and opening ports, which - in my experience - is too difficult for non-technical users.

Additionally, DSL connections are really slow in the upload direction, which makes using modern web apps (Ajax, lots of images, lots of roundtrips) a pain.

Those disadvantages are purpose-defeating IMO. This is why I would like to discuss removing "desktop machines as a platform" from the concept.

[sternenseemann]

That's right. Additionally Tech-Persons would host it on a Desktop PC when it's practical for them. So you could remove it.

[mredd]

Maybe there's a way of identifying the router at home. If possible, someone (tm) needs to provide step-by-step instructions that can be displayed to the user. Do you know about the solution from protonet and others?

[bastianallgeier]

I just added it as an idea to think about. Someone approached me after my talk with this idea and it sounded nice at first. I think it's good to keep it as an idea and see where this goes in general. Maybe this can end rather in a complimentary desktop application that would integrate with your own server, hosted somewhere else. But let's just keep it as a "far-future maybe" part of the concept.

The most likely versions are definitely on managed shared hosting, a VPS or dedicated server. The next step would then be a device at home like Protonet or a more powerful Raspberry Pi.

[tobiastom]

I think it should not be removed. It is important to keep the concept as broad as possible. Connections to the internet will get better in the future. Hosting that thing at home is an important point to be independent from others. Shared hosting can (and will) be shut down if there is a legal demand for it, connections at home are more resistant to that.

Also, servers at service providers could still be stopped and the data would be accessible. We are talking about data protection here, so where would it be more protected then in my home?

I'm not talking about doing illegal stuff here, I'm emphasizing on the important point of being in-depended from 3rd party.

[waaaaargh]

@tobiastom While Data storage in the privacy of your home is a neat thing to have, there are better ways to do that than from your desktop machine, e.g. from a raspberry pi or even some old computer you might have sitting around in the attic.

[tobiastom]

I completely agree. My point was not only about desktop computers, more about not dismissing the concept of home hosted servers. Sorry if I misunderstood the topic of this issue.

[bastianallgeier]

I just posted it on the other thread about platforms. This is still a very early stage and what I love about this entire project is the possibility to phantasize about our future and about how the future for this project could be. I see this as a very creative process that we should all take part in. Don't let it become too realistic and technical too soon. I think this would stop us from coming up with some really good ideas. Maybe the ideas we come up are not realistic right now or even not in two years, but keeping things in mind that might be possible one day helps to see this as a more global approach than just coming up with a very quick solution.

A lot of technology has formed around the hype for central platforms and wouldn't exist without it. A lot of the things that are possible today on the web haven't been possible just a couple years ago. This is about a shift in a new direction and we should always keep on dreaming of a future where things are changing in a more distributed way and those changes will be followed by new technology and new ideas.

How cool would it be if it would be possible one day to run such a system on a future XBox, Apple TV, Refrigerator or whatever. I agree with Tobias that it should be there as part of the concept. Not possible yet, but maybe later.

[augustl]

I think it's important to not take too many large steps at a time. Perhaps one can assume that you still need a technical person in your family to help setting up the server and the home router if you want to host it at home. Then most people will perhaps use a hosted/paid service, since convenience is more important to them than privacy.

[bastianallgeier]

Yes, convenience will always be the number one reason why people use something or not use something.

Security or technical implementations are not a USP. They are a nice-to-have kind of thing. We always should keep that in mind.

[lukasbestle]

I'm closing this for now and will add a link to this issue to the Markdown file.

[bastianallgeier]

Sorry, but we should keep such discussions open until we have final decisions and we are far away from that point.

[mredd]

I don't agree with @bastianallgeier. Convenience is important and is one of the major key factors for application selling to end-customers. But security is for an application dealing with my personal data and relations not a USP or not, it's just a must have. If an application in this business would store my personal data on my web server but in a public available text document, that's a no go. And it doesn't matter, how convenient it is to install or use the application.

[tobiastom]

@mredd I think we all very much agree on that, but it's a technical detail. The idea is to make it as easy as possible for users, still with all the security features implemented but mostly not visible for them/us.

That's also why we push back technical details (like docker and co) for now, as we need to figure our a general concept (including a security concept) first.

[bastianallgeier]

Well, I maybe didn't make it clear enough. Security is a must-have, but it should be a default which users don't have to worry about or even don't have to know about. What I want to say is, even though it's a sad situation: the majority of people will choose the cheaper, more convenient or more wide-spread solution over one that is more secure but less polished or less common. Things like WhatsApp, Facebook and Co. proof this with millions of users, who know about possible security or privacy issues and take them as a acceptable risk if it makes it easier for them to use it or connect with their friends. It's very hard to accept this situation but it's also a chance to see this as a challenge to provide them with something that has all the security and privacy benefits but additionally is a real alternative to what they currently use. There's no such thing in the open-source world so far.

[mredd]

Ok, seems to me we are all on the same page. I'm fine with putting security on the concept backlog and not forgetting about. Let's build a better Facebook, WhatsApp, etc. The world proves us at the same time, that users will go with a more secure solution, if it's as easy to use as the old one.

By the way, there are already some secure alternatives out there in the open source world: Facebook chat, WhatsApp: XMPP (aka Jabber) - easy to use with most messenger tools, but mostly a pain to setup a server. Facebook relations: Diaspora - maybe a little bit to private, but also a hell to setup your server

Why not take some of these projects and build an easy to install Linux distribution around it? With a narrow API to access only the very basic things from inside an app and extend this API when apps need functionalities. This may come to a concept more like the Facebook apps instead of the Android/iPhone apps. Small apps extending the functionality in some corners, but not extending the whole system. In version two, the basic system may bring some new features like ownCloud, for example. And an extended API to access your ownCloud data from within the apps.

[bastianallgeier]

What we are currently actually facing IMHO is a huge puzzle of open-source alternatives that work great on a technical basis, but are not usable by people without a technical background. So the challenge is exactly – how you said – to bring those puzzle pieces together in a way that people will understand it and be able to use it.

[augustl]

As I've mentioned in another issue, I think it's important to try to solve as few problems as possible. The core problem that imo should be solved, is to enable users to provide their own server, which in turn enables developers to write applications without having to set up a business for hosting it, scaling it, etc.

It's of course a benefit if it's really easy to get started by running an installer on your home computer. But I don't think it's critical. Perhaps it's good enough that the first version has to be installed by someone that knows what they're doing.

Another thing we don't know yet is how people will prefer to use GDC. I hope that we'll end up with something heavily protocol based, so that there can be multiple implementations of GDC. Perhaps there will be an implementaiton that works as SAAS. Perhaps Google will provide GDC as part of a Google account, using their own GDC implementation. And perhaps this is what non-techie users will prefer. Then it's just the techies that installs it at home servers.

[lukasbestle]

I think it's a good idea to just create a protocol - but if Google starts to implement it, most users will use that and that's not what we want to achieve (Google is evil).

IMHO we should try to come up with a clearly defined idea about what GDS is and how it works on a high level (= very detailed).

[augustl]

I actually think the freedom to have your GDS on google is important. I don't think forcing people into self-hosting is a good approach, and if you have the ability to host yourself (something you don't have today) then we've made the world a better place. Imagine if your friend uses a Google GDS. You inform your friend about the privacy implications. You then help your friend to set up her own GDS, and migrate the data between them (since the data is available via APIs anyway). Much better than the lock-ins we have today :)i

[lukasbestle]

Jep, for sure! Google is not evil by hosting GDS (that would be totally cool!) but by creating their own different interpretation and protocols so the data would be locked again (take their XMPP shutdown, for example). These protocols have to be defined very clearly so every GDS is compatible.

[bastianallgeier]

I agree with @augustl here. It would be even extremely awesome if Google would one day offer free plans for GDS or something like that. That would mean that we succeeded. It would also mean that people would have choices, which they don't have yet. That's what it is about. The choice to move to a different provider. If you decide that a free hosted solution is more convenient for you and you take the privacy trade-off, that's ok.

[augustl]

@vis7mac yeah that's a big problem in general. Every mail client has bugs in they way IMAP is used, it seems. This will always be the case, and there's not a lot one can do about it.. The best thing we can hope for is that there won't be a Google monopoly for hosting GDS. If there is, Google can do whatever they want, of course.

As a sidenote, Pieter Hintjens says that you should GPL license your protocols. For example, the HTTP spec cannot be forked. If you fork HTTP you might get sued. Hopefully we can reuse protocols as much as possible in GDS, but the protocols that we do create should perhaps be GPL licensed for that reason, so that the specification work is truly a community effort.

[lukasbestle]

That's a nice idea!!