[HN Gopher] Local-First Software:You Own Your Data, in Spite of ...
___________________________________________________________________
Local-First Software:You Own Your Data, in Spite of the Cloud
(2019) [pdf]
Author : JeanMarcS
Score : 95 points
Date : 2021-02-25 19:15 UTC (3 hours ago)
(HTM) web link (martin.kleppmann.com)
(TXT) w3m dump (martin.kleppmann.com)
| jasode wrote:
| The headline is about the _aspiration_ but not the
| _implementation_.
|
| Within the contents of the paper, it talks about CRDTs to
| _technically implement_ it.
|
| I'm not familiar with the technical tradeoffs but I bookmarked
| some past HN threads mentioning CRDT did not fare as well as OT
| (Operational Transform):
|
| https://news.ycombinator.com/item?id=19886883
|
| https://news.ycombinator.com/item?id=19847622
| josephg wrote:
| Modern CRDTs like Automerge and Yjs should be able to perform
| basically just as well as an OT based systems (like my own
| ShareDB) now. I ran some benchmarks using Kleppmann's approach
| a few months ago[1] and I think a well implemented crdt should
| easily be able to do millions of edits/second. The thing that's
| holding us back at the moment is the lack of good high
| performance native implementations of these systems. But that's
| being worked on.
|
| This has only really started being true in the last year or so.
|
| [1] https://josephg.com/blog/crdts-are-the-future/
| WhatIsDukkha wrote:
| I assume you are following
|
| https://github.com/automerge/automerge-rs
|
| I'm hoping this matures a bit more in the next months, seems
| really promising.
| tmotwu wrote:
| If javascript/non-native CRDT implementations are responsive
| enough compared to existing algorithms for collaborative
| editing like OT, what incentives or cases exist to demand
| high performance native implementations?
|
| To be clear, I think this is exciting stuff and your article
| is great. I'm just curious if there are any open research
| problems in this area that would make them more appealing in
| production.
| maxrev17 wrote:
| Even a lot of devs have turned to aws/azure/gcp.... Local first
| is too much responsibility for some.
| camnora wrote:
| Local-first software feels underrated especially in the UX realm.
| Peer-to-peer applications such as Manyverse load instantly due to
| not being blocked by network requests. My hope is that more apps
| are developed with a local-first mindset. CRDTs likely introduce
| additional complexity around data storage, so this would
| certainly be a drawback when considering local-first.
| dvt wrote:
| These kinds of ideas always get traction here on HN or similar
| places (slashdot), but I think that ship has long sailed. People,
| by and large, seem to be totally okay with storing data in the
| cloud -- from Dropbox, to Google Docs, to InVision. All things
| considered, data breaches are rare, and if they _do_ happen, they
| 're usually to be blamed on configuration blunders, not the
| services at large.
|
| Other than a few highly-specialized niches (InfoSec, government,
| military), the de-facto reality is that online-first
| collaboration pros seem to outweigh the cons.
| RedShift1 wrote:
| People use the cloud because they are being forced through the
| software user interfaces. Working with local files takes
| increasingly more steps compared to cloud based solutions. So I
| wouldn't exactly say that people are ok with it, it feels more
| like they choice is being made for them.
| jay_kyburz wrote:
| If web pages could be more easily given access to a directory
| on your filesystem, Google Docs could more easily show you
| you files in your Documents folder.
| zozbot234 wrote:
| 'Access to shared data' for proprietary, untrusted "apps"
| is an anti-pattern that even iOS and Android are now
| getting away from. If a JavaScript app needs to access some
| sort of complex directory structure, that can happen within
| current API's by locally "uploading" and "downloading" a
| standard archive format, e.g. a .ZIP file.
| southerntofu wrote:
| Running code from untrusted sources (Javascript/WASM in the
| browser) is an anti-pattern. It causes all sorts of
| problems and vulnerabilities.
| franklampard wrote:
| > pros seem to outweigh the cons.
|
| Exactly
| pdimitar wrote:
| You seem to underestimate the pressure from the market.
|
| At one point the younger generation does not even _remember_
| there was a local-first software.
|
| Sadly the relentless efforts of the corporations are paying
| off.
|
| That doesn't mean people are okay with it. It means their
| choice is made for them.
| mvzvm wrote:
| I disagree. I think HN is rabid about privacy and "owning
| your data", but by and large, most people just don't care.
| hinkley wrote:
| There's a whole thing with growing or making your own food
| as much as you can. We keep outsourcing food production. In
| affluent areas that's a boon, in others it's an active
| problem.
|
| Probably we will see the same play out here.
| codemac wrote:
| Most that I talk to do - but it's similar to how they care
| about the national debt.
|
| There's nothing they can do, they have no realistic
| expertise or control, and they vote with what - dollars
| once every phone purchase?
| mvzvm wrote:
| I think this is a good analogy, because the national debt
| is not a good measure of anything. People bring it up at
| all the wrong times, and takes grandstanding postures
| around it. Just like this, eh?
| deathanatos wrote:
| > _and they vote with what - dollars_
|
| More and more, I am seeing many companies that realize
| they can do both: take the user's money _and_ feed them
| ads. After all, that 's more profitable than _just_
| taking their money.
|
| As examples, T-mo, Verizon, my local gas station, various
| airlines all both take my money and give me ads. Some are
| even known to sell my data.
|
| So, _can_ I actually vote with my wallet?
| ibeckermayer wrote:
| Consider who taught them not to care.
| eternalban wrote:
| People have no clue as to how computers and networks work. In
| fact, you may have even interviewed people for software jobs
| who don't have a solid grasp on these matters.
|
| This is good news, as far as system architecture is concerned,
| as the opinion that matters is principally concerned with
| utility, convenience, usability, etc.
|
| Secondly, the ship may have sailed, but interestingly these
| ships apparently are generational. There used to be a ship
| called AOL. /g
|
| (There is a reason every ideological effort for authoritarian
| control heads straight for the school house and youth camps.
| The reason is the said 'ship' that sails, on schedule, every
| ~20 years.)
| eternalban wrote:
| To be constructive here, if you care about these matters and
| have technical know-how, invest in the future and mentor the
| younger generation on how to build decentralized systems.
| Give them knowledge, blue prints, and tools. They'll crack
| the generational social code on their end.
| southerntofu wrote:
| YES! Though why teach only the young? ;)
| gobengo wrote:
| > People, by and large, seem to be totally okay with storing
| data in the cloud
|
| It's simply not true, or if it is, it's only because of what
| you're choosing to looking at to build your view of how it
| 'seems'.
|
| https://mydata.org/
| https://en.wikipedia.org/wiki/General_Data_Protection_Regula...
| https://ethereum.org/en/ https://solid.mit.edu/
|
| Meeting every week: https://identity.foundation/working-
| groups/secure-data-stora...
|
| > All things considered, data breaches are rare, and if they do
| happen, they're usually to be blamed on configuration blunders,
| not the services at large.
|
| Did you work at Google? Do you know about PRISM?
| https://en.wikipedia.org/wiki/PRISM_(surveillance_program)#C...
|
| Can't tell if you're intentionally or accidentally misleading.
| dvt wrote:
| > Can't tell if you're intentionally or accidentally
| misleading.
|
| All I'm doing is looking at the market cap of companies like
| Facebook and Dropbox. I mean, hell, Facebook literally _sold
| personal data_ and sure, you occasionally see "boycott FB"
| movements, but they're all bark and no bite.
| adkadskhj wrote:
| This is sort of like saying people are okay with cancer
| because they buy certain plastics in mass. The reality is
| people are ignorant of what is good for them in a ton of
| applications, including this one.
|
| Only a handful really grasp the context of what is
| happening with their data _and most importantly_ how their
| data could affect them.
|
| People routinely do things against their own interest. It's
| up to the other people that care about this issue to make
| competing products that don't harm. There's simply no way
| to get everyone to _really care_ about an issue with nuance
| and /or niche knowledge.
| Spivak wrote:
| I don't think you're giving people enough credit. It's
| not exactly a mystery at this point that Facebook/IG make
| their money by selling access to your information to
| advertisers. People really just don't care which doesn't
| make them ignorant and doesn't mean they're wrong to not
| care. We're the privacy obsessed weirdos. I've been in
| conversations where people talk about products they
| "discovered" through IG ads.
|
| The mindset where we're the only ones that _really
| understand what 's going on_ and everyone else are just
| sheeple -- sheeple I tell you is gross. This issue really
| isn't all that nuanced. That's just the lie we tell
| ourselves because we don't want to admit that we're the
| nutters being like "they're watching you scroll through
| Facebook and they're gonna use that to lower your credit
| score. THE ALGORITHMS!!"
|
| I'm proud to be part of this weird club but let's not use
| it as an oppertunity to shit on our outgroup.
| southerntofu wrote:
| We may be interested in the deep details/debates the
| general public has no knowledge about. However i can
| assure you many people care about their privacy. They're
| not all ignorant, but they're usually powerless.
|
| Wanna keep in touch with friends? Gotta use facebook.
| Wanna watch cool videos? Gotta use Youtube. etc.
|
| But there's a very strong movement of non-tech persons
| for privacy, decentralization and free software/culture.
| In France, it's best exemplified by the Framasoft
| association which started from a network of teachers :
| https://framasoft.org/en/
| jkepler wrote:
| I'm in France, and have met some of the excellent folks
| who help framasoft with their project to degooglize the
| Internet.
|
| I know a number of people who dispair, thinking they
| can't protect their privacy. But gradually, those who
| know a geek may be moving towards better software, as
| privacy respecting options with decent UX get developed,
| and as their FOSS-geek friend or family member patiently
| points out tools they can actually use.
| bachmeier wrote:
| From a business perspective, it doesn't really matter. There's
| still a large market of people that do care about it. Look at
| the explosive growth of Obsidian in large part because it's a
| local-first solution.
|
| In addition, there's a difference between using those services
| and being "totally okay" with it. If you like Evernote, then
| sure, you'll be using the cloud. If you had a way to use
| Evernote without storing your data in someone else's cloud, a
| lot of people would be happy.
|
| Even non-technical people talk all the time about not trusting
| services because of data issues. Many will not use a new
| service because they're worried about their data if the service
| stops. It's a really big issue for businesses.
| hemloc_io wrote:
| I think you're mostly right.
|
| However I would've said the same thing about
| Telegram/Signal/Defi and other decentralized/privacy first
| technology not too long ago.
|
| I think there's a reasonable case for the idea that as the
| conversation around censorship and data ownership evolves,
| we'll see a restructuring of the market toward some level of
| personal data ownership. We're probably far from that today
| though.
| [deleted]
| Geee wrote:
| You can own your data if you use client-side encryption with
| cloud. When encrypted, you don't have to trust the cloud
| provider. This opens up new possibilities such as P2P networks
| with fair pricing, no provider lock-in, equal access and
| censorship resistance. I'm excited about Sia / Skynet which
| enables these kind of apps.
| saurik wrote:
| That works fine as long as you don't care that advances in
| computers and cryptography would one day (maybe after you are
| dead, and likely only with some notable effort) allow someone
| to read your data and (much more practically) you are extremely
| confident you can't lose control of your key somehow.
| Geee wrote:
| Managing and using private keys safely is still a huge
| unsolved problem in general.
| amadeuspagel wrote:
| PouchDB/CouchDB is great for this kind of software. Shameless
| self-promotion: I used it for thinktype[1], a note-taking app.
|
| [1]: https://thinktype.app
| pdimitar wrote:
| I am completely behind the idea and would work full time on it
| (if I had my time for myself) but all such documents or sites are
| all talk and no code and it's getting tiring.
|
| I get that they want to inspire, to show data backing up the idea
| that people are open to that software model, and in general to
| give hope and inform but... I am getting way too cynical and I
| can't help but wonder if actually writing a tool that builds the
| foundations of such a movement wouldn't have been a time better
| spent?
|
| I mean, at what point will _somebody_ do something about it? And
| does it have to be your average overworked programmer who is
| sacrificing their scarce free time? When will one of these
| organizations that periodically toot their own horn about much
| they care, will hire several hardcore programmers to do
| something?
| bhl wrote:
| Have you seen Kleppmann's automerge library?
| https://github.com/automerge/automerge
| pdimitar wrote:
| No. Checked quickly, looks good. Thanks for the link!
| iamwil wrote:
| James already has. https://actualbudget.com/
|
| It's personal budgeting software that's local-first.
| Jtsummers wrote:
| > I am getting way too cynical and I can't help but wonder if
| actually writing a tool that builds the foundations of such a
| movement wouldn't have been a time better spent by the authors?
|
| One of the authors wrote a book on this topic that gets high
| praise and frequent recommendations on this site. Several
| (all?) of the coauthors worked on prototypes on this topic that
| they discussed freely in order to enable others to follow their
| same path and explore it further. So yes, I'd say you're
| getting way too cynical.
| pdimitar wrote:
| I'll immediately agree I am getting too cynical. I just wish
| we had something more than inspirational articles about the
| issue.
|
| Didn't know about the prototypes. Good on the authors! I do
| wonder why not one has been seen to completion though, do you
| know?
| endisneigh wrote:
| I wish OneDrive, Dropbox, etc. had a notion of a Personal
| Database File System, PDFS. With PDFS if they all shared the same
| API then you could build a database ontop of the PDFS that syncs
| to popular file systems.
|
| If both of those things existed you would be able to build apps
| like LinkedIn such that LinkedIn could just access your PDFS so
| your profile is actually hosted directly on your PDFS - so if you
| delete your profile info on your PDFS it's gone from LinkedIn. Of
| course, this also depends on trusting LinkedIn to not just copy
| over the contents of your PDFS but that could be handled as well.
| southerntofu wrote:
| So if it's just about protocol to exchange files, SSH and
| webdav are the de-facto standards for that (FTP has declining
| popularity).
|
| If we're talking about the semantics of building desktop
| applications, then i think you're looking for freedesktop.org,
| although it quite POSIX-centered.
|
| Higher-level, federated alternatives include ActivityPub (HTTP
| signatures + JSON ActivityStreams), XMPP (XML stanzas), Solid
| (HTTP + Linked Data).
|
| All four of these standards could receive extension proposals
| for more semantics for specific use-cases. However, Microsoft
| (who owns linked in) and other evil tech-multinationals will
| never adopt a standard because that would allow competitors to
| walk on their turf. Remember when gmail.com chat was federated
| with Jabber/XMPP until Google pulled the plug?
| WrtCdEvrydy wrote:
| You have to remember that all of these companies are either
| part of a large company or a startup. Locking you in is the
| reason they can justify their stock, their IPO, their exit and
| their high developer salaries.
| qbasic_forever wrote:
| Microsoft was planning this 20 years ago with WinFS, to be
| shipped in what became Windows Vista. For many political and
| technical reasons it never came to pass. Some of the folks
| working on it went on to work on what became OneDrive though.
| jay_kyburz wrote:
| Isn't the API the filesystem?
|
| What happens if you set up OneDrive and Dropbox (and Google and
| Apple) to sync the same folder.
| qbasic_forever wrote:
| > What happens if you set up OneDrive and Dropbox (and Google
| and Apple) to sync the same folder.
|
| Chaos, potentially. Think about deletes... delete a file from
| the web UI of one service, its client deletes the file
| locally, but that same instant the _other_ service sees the
| missing file and happily restores it, the first client
| deletes, the second client restores, etc. etc. until you've
| blown gigabytes and gigabytes of network bandwidth.
| Jtsummers wrote:
| In other words, ultimate control needs to be on the client
| side. You delete from Dropbox, and the local machine marks
| the file as no longer being backed up by Dropbox but does
| not delete it. Some UI needs to present to the user: This
| file is backed up in these services, but not the other one.
| At that point, the user has the choice of fully removing
| the file, restoring it to Dropbox, or leaving it alone.
| They may even decide they don't want it backed up in _any_
| service, but want it to remain on the filesystem.
| snthd wrote:
| https://en.wikipedia.org/wiki/Solid_(web_decentralization_pr...
|
| >Solid (Social Linked Data) is a web decentralization project
| led by Tim Berners-Lee, the inventor of the World Wide Web,
| developed collaboratively at the Massachusetts Institute of
| Technology (MIT). The project "aims to radically change the way
| Web applications work today, resulting in true data ownership
| as well as improved privacy" by developing a platform for
| linked-data applications that are completely decentralized and
| fully under users' control rather than controlled by other
| entities. The ultimate goal of Solid is to allow users to have
| full control of their own data, including access control and
| storage location. To that end, Tim Berners-Lee formed a company
| called Inrupt to help build a commercial ecosystem to fuel
| Solid.
|
| https://solidproject.org/users/get-a-pod
|
| https://solidproject.org/developers/tutorials/getting-starte...
| sjbrown wrote:
| https://www.inkandswitch.com/local-first.html
|
| HTML version here
___________________________________________________________________
(page generated 2021-02-25 23:01 UTC)