42 comments

[ 2.6 ms ] story [ 89.3 ms ] thread
Scuttlebutt is what you use until GnuNet goes stable. Just like Hurd.
GnuNet sounds really cool. I've been reading about it. Are there any alpha versions of app implementations? Anything that a user can try at all yet?
Gnunet has been in alpha for decades. You can install it from any OS package manager.
Any idea why there's no usable app running on top of it yet?

Even in alpha, it should be able to handle basic identity and message sending, right? Secushare still not a working app?

CADET, the end-to-end data transfer system for GNUnet, still needs to go through some API changes before seeing a stable release. Building an app on top of it as it stands right now may be wasted effort.

I'm keen to see it go stable.

The blog design is painful to read!
The blog looks well on mobile screen
How does it compare to Mastodon or Diaspora?
When I last looked at Diaspora (many years ago,) it came across as an open source social network that you could clone and run yourself, and then there was a network of networks.

So, you could run the Diaspora code on your own server and then your server was part of the network.

If someone has a better answer than me, please upvote them. It's been years...

In this case, one primary difference is that a lot of Scuttlebut logic runs in the client that you install on your computer. You just can't point a browser at someone's server running Scuttlebut

Edit: (The difference is kind of like downloading a file in a browser vs downloading a file with a Bittorrent client.)

Mastodon and Diaspora are federated softwares, which means there is still a server/client model, but many servers (a more well known example of federated decentralization is smtp).

ssb (common short for secure-scuttlebutt) is fully decentralized, which means that there is no server/client anymore, everyone is a node (like the initial idea of bitcoin).

I'm biased in favor of full decentralization, but here are the main differences I can think of :

* federation tends to lead to centralization again, because everyone use the same server (like gmail for smtp)

* full decentralization makes it easier to build custom software (you have access to the whole data, without being constrained by an api). But this is not true for ssb, because it's harder than it should to build software on top of it.

* it's easier to change software with full decentralization, because you don't have an "account" owned by a given server (think: it's hard to migrate from a mail address to an other)

* onboarding is more difficult with full decentralization, because you have no easy entrypoint like a server is

Dose every node need a full copy of data?
Sorry that the server crashed, it's back up now and that's talked about in the article :)
-Patchwork-

(Windows, MacOS, Linux)

Standalone, beginner-friendly social view of Scuttlebutt.

Recommended for first-timers.

-Patchbay-

(Windows, MacOS, Linux)

Bleeding-edge, tab-based interface with experimental features.

-Manyverse-

(Android)

Off-grid mobile app, currently in beta.

-Patchfox-

(Firefox Add-on)

A new way to access Scuttlebutt packaged as a Web Extension for Firefox. Needs you to run sbot, or have Patchwork/Patchbay running.

https://scuttlebutt.nz/get-started/

The is also Oasis, which is web-based and runs whereever nodejs runs. It has ssb-server builtin, so you needn't run sbot/ssb-server yourself.

https://github.com/fraction/oasis

Under heavy development, but works well and is easy to use.

I understand what scuttlebutt does. What I don't understand is why. What kind of information benefits from decentralization? The only answer I can think of is child porn.
You never benefited from a torrent? Never used popcorn time?
So, it's just for illegal stuff?
my gosh... yes, just like torrents are only good for illegal stuff...

my goodness...

Of course not. The point (for me) is that it's truly owned by it's users and it never goes down.
Anything you don't want to be at the whims of a central service shutting down/changing their policies/...?

Using a system centered around identity and immutable records for illegal things would be quite stupid.

I can already host my own blog and have it safe from the whims of a central service.

I'd like to hear more about how this is tied to identify, but the immutability is my main concern with regard to illegal activity. Once your daughters nudes are leaked on scuttlebutt how do you get them taken down?

> I can already host my own blog and have it safe from the whims of a central service.

Depends which central service. You aren't beholden to social media companies at that point, but you still have to:

* play by the rules of your ISP (If you're hosting on your home connection)

* trust that your hosting service won't arbitrarily turf you out

* make sure that your domain is safe from unauthorized transfers, sudden price increases, etc.

If the convenience and ease-of-use of current systems is worth those downsides (And for many, it is!) then fine. But it's not entirely accurate to say that you're safe from any central service.

To your second point, legality shouldn't be the final word. There are lots of governments with laws that are either actively or inadvertently used to silence dissenting opinions, or used to root out various undesirables. "You can do crime easier using it" isn't a great argument IMO.

That's great that you live in a free country that allows you to host your own blog.

If you lived in China and your blog was critical of the Chinese government you'd soon see how easy it is for your blog to be shut down.

Decentralization is the antidote to totalitarian creep. Sure it's only a few countries that are authoritarian today, what happens if most of the world goes that way? Will your blog still be safe then?

IRT leaked nudes - The feeds in scuttlebutt are immutable but blobs of data are not. If only you and your friends have a blob, and you request them to delete it and they do so, then no one else will be able to retrieve it or access it ever again because no one has a copy. This is the same as if the nudes were leaked any other way online.

Others will still see that you posted a blob because it's hash is in your immutable feed, but they won't be able to retrieve it.

(comment deleted)
Why use git when we could use SVN? Decentralization removes the need for synchronization with a central system (self-owned or otherwise). It allows for more methods of interaction and independence.
Wow, lots of scuttlebutt shilling going on lately. What's the status of "sameas" (multi-device identities) and off-chain feeds that allow for deletes/edits?

The former is a massive usability concern and the latter is (ironically) a privacy concern.

Also, why not use a ratchet system so a single leak doesn't make your whole archive of private messages go public?

I would also really love to learn what SSBers have to say about this, these were my primary concerns after reading the spec.
I'm personally working on both of these problems. Multiple feeds are implementated in an Oasis PR, and multiple feed types are implemented in the protocol and Go implementation, but the JS implementation is still being worked on. Once we fix that we should be able to hold any append-only feed as a Scuttlebutt feed (e.g. a Git branch).
To clarify, "multiple feed types" means immutable feeds and mutable feeds?

As a user, how can I know which type of feed I'm posting to? Will clients just adopt the mutable feeds by default? Or will they allow you choose the type of feed you want?

Yep, sorry for the brevity -- I was on mobile.

Right now the only valid message type is a JSON payload with both the content of the message and the signature embedded in the object. This has two problems:

- The embedded signature is annoying because you have to surgically remove it before validating.

- The embedded content is annoying because you can't delete a message without deleting the link from your signature chain.

If we build validators that accept different message encodings, then we can end up with different types of feeds. Fixing the above is pretty simple: make both the signature and the content of the message appear adjacent to the the on-chain message. The signature authenticates the message, and the message references the content of the message. If you want to delete the content of the message, you can, and it doesn't require deleting the on-chain reference to its hash.

Using different validators would also allow us to validate, say, Git commits, where any commit is valid as long as it contains a valid signature by the key we expect. Or maybe we validate Dat (hypercore) messages so that they're first-class citizens -- making SSB more of a meta-network for content signed with a trusted signature.

My hunch is that interface developers will probably converge on a single Good Enough feed type for the application. My guess is that social network interfaces like Patchwork/Oasis will use something like GabbyGrove (CBOR + adjacent signatures and content), but that applications like Git-SSB will probably just use signed Git commits. Hard to say!

What happen if I receive message N+1 but not message N (due to gossiping)?

Can I still read message N+1?

usually the gossip works in a way that you should receive each feed's messages in order. Essentially, your client will talk to a peer and say "I have everything up to message M from feed F, got news?" and then the peer will go "Oh, I'm caught up to message M!" and then your client will realize that N > M, and ask for the messages [M+1...N] in order.

Of course, there are ways to mess this up if you try really hard. :P

But to answer your question: Yes, you can read it. You won't be able to verify that it is part of an unbroken signature chain, but you will be able to verify that it was signed with the feed's private key.

Yep, and your database will record that it's missing message N.
The link is down I’m guessing it’s not the scuttle butt of the outdoor world. A Scuttle butt is the protective fabric put around a climbing harness when one is canyoneering and will be sliding down and scraping against abrasive material like sandstone.
OP of the article here. Sorry the server got hugged to death, I launched the site a few weeks ago and wasn't expecting it to end up on the HN front page. It's back up on a better server now (and will be seeded to Scuttlebutt soon).

Happy to answer any questions.

Other than the cryptography, how does Scuttlebutt really differ from UUCP?