• gohixo9650@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    28
    ·
    1 year ago

    and WireMin

    sorry this is not open source. Who is behind it, what is their gain and how do I trust whatever they claim in their website?

    • lemme_at_it@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      2
      ·
      edit-2
      1 year ago

      According to their FAQ: https://wiremin.org/#/FAQ

      “We will release the design and/or reference code to the public when the initial version is stabilized.”

      EDIT: After having fully read the FAQ, I must admit, their DHT (distributed hash table) protocol sounds very neat. Being something of a protocol geek, I’ll be the 1st to admit that I may be biased, so if a 2nd pair of knowledgeable eyes could try burst my bubble, just in case I’m missing something. I’d appreciate it. Thanks.
      According to them, albeit with no documentation, source plus a firstname.lastname@gmail address as a contact. The lead developer seems to be an O’Reilly publisher of MySQL books but I can’t confirm that until I hear back from the developer.
      Basically, these are some features:

      • “Wiremin is a protocol, not a service” - so no Terms Of Service
      • No registration - the app cryptographically adds users by device, so no email, phone numbers or contact reading to recommend contacts.
      • No data privacy concerns as the app is incapable of storing or collecting data,
      • No ads by default; therefore none of all the related drag that comes with that.
      • No central storage or processing servers - all done ‘on device’, E2EE,
      • Community driven, (I’ve asked for elaboration of how this is achieved)
      • No metadata tracking or leakage,
      • PoW (Proof Of Work) to stop DDoS,
      • Mnemonic backup of account info,
      • opt-out diagnostics after crashes
      • Unsend within 5 minutes…
      • “Information we share” … We don’t have user information of any sort, so nothing will be shared." They go on to disclose needing to share with law enforcement info about third-party services you interact with though, like Google, Firebase or Apple push notification ids - which you can turn off

      It really is quite impressive, technically & they seem to have coded themselves out of the equation as they can’t even see your password or recovery passphrase.

      Be that as it may - as you rightly point out, all we need now is the source, without which, I doubt I could back it.
      I’ve reached out requesting info on whether it will be full or partial source, roadmaps, transparency, funding for devs etc before downloading & trying this but it sounds fantastic - too much so, when compared to, say Discord or X.

      PS: My interest in this mostly academic intrigue, I don’t work for them or know them, I just found out about this a few hours ago. Most of the wording here is copypasta. I once wrote commercial protocols in the IoT space that were loosely based around early XMPP - until Google killed it. Which is why I’m so happy about the fedi existing despite the best efforts of Google.
      Anyway, this protocol seems to resemble the functionality of the FOSS app Syncthing, at least on the surface. Of course with the addition of other tech. I’d love to see one or two features like this in Lemmy or Mastodon, even if I had no interest in the code. The cost of infrastructure & the need to administer it, for example, would disappear overnight.

        • lemme_at_it@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          2
          ·
          edit-2
          1 year ago

          I was doing it more as a wishlist or an idea board to draw opinions from. However, as stated; as nice as it sounds, I’d rather admire the code than have the features without the code. Whoever did this though, was quite thoughtful about risks, including the - the ‘bus factor’.
          As a comparison, I really liked the “Connect For Lemmy” app when I first joined up.
          It has some great features, some of which are still not on Jeboa. The dev even said he’d open the source if there was interest. I gave up on waiting, uninstalled & now use Jeboa on mobile exclusively because Connect is still closed, as far as I know.
          I am FOSS or nothing, if I an help it - especially in communications apps. If the source fails to materialise then I will forget this too - even if I can indulge in speculating on the methods used. There is a fair amount of skill & thought required to pull this off. The best part though, I’m hoping, is that as a protocol, it would be a great chat accompaniment to & not a replacement to Lemmy or Mastodon. Again, without the source, I can only guess.
          Regardless, the fedi is young enough to be influenced by good ideas early, before it becomes too costly in time, effort & complexity, to undo or implement changes later.

          • Cosmic Cleric@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            3
            ·
            edit-2
            1 year ago

            I am FOSS or nothing

            even if I can indulge in speculating on the methods used

            The only thing though is that you spend a whole lot of time/verbosity describing in detail all the good points about the product, and then just mention it’s anti-FOSS nature at the very end of your long comment.

            Usually someone very pro-FOSS will mention that negative up front.

            • lemme_at_it@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              2
              ·
              edit-2
              1 year ago

              Or seek to implement those features in a free & open way; but the features have to necessitate the effort & if the features are not clarified then no effort, especially a distributed one can even begin to replicate them. What do you suppose ought to be done first when building an app - the feature request or the code?

              In any case, I wrote this right at the top of the post before getting to the good stuff, so you could have stopped there if you wanted to:

              “We will release the design and/or reference code to the public when the initial version is stabilized.”

              • gohixo9650@discuss.tchncs.de
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                1 year ago

                as I see it, the problem in your statement is that while you mention you’re pro-FOSS, you got overexcited by the claims of an unknown entity over technologies that you like and at the same time you have no source. Just promises. They could even be a startup that has just put all the buzzwords there while in fact on their code they don’t do anything of that and they just use a centralized server with symetric encryption and have the symmetric key stored in the code. The app will look like it works till proven that it is not. As long as they don’t want to publish their code, you getting overexcited (at least for me), is pointless.

                There was an example with a startup that was doing something similar to that, not in that magnitude with a stored key, but something equally bullshit until they were exposed. Quite early in their journey. Cannot remember the name right now but there was a good analysis by a researcher. If I remember it, I will add it.