[HN Gopher] My First Impressions of Web3 ___________________________________________________________________ My First Impressions of Web3 Author : natdempk Score : 376 points Date : 2022-01-07 21:41 UTC (1 hours ago) (HTM) web link (moxie.org) (TXT) w3m dump (moxie.org) | mrkramer wrote: | >A protocol moves much more slowly than a platform. After 30+ | years, email is still unencrypted | | Traffic between email clients and servers is encrypted so can be | emails themselves; PGP can be used for encryption of emails and | authentication between email senders. But another story is | majority of people do not use PGP because of its bad UX. | tshaddox wrote: | > For example, whether it's running on mobile or the web, a dApp | like Autonomous Art or First Derivative needs to interact with | the blockchain somehow - in order to modify or render state (the | collectively produced work of art, the edit history for it, the | NFT derivatives, etc). That's not really possible to do from the | client, though, since the blockchain can't live on your mobile | device (or in your desktop browser realistically). So the only | alternative is to interact with the blockchain via a node that's | running remotely on a server somewhere. | | > As it happens, companies have emerged that sell API access to | an ethereum node they run as a service, along with providing | analytics, enhanced APIs they've built on top of the default | ethereum APIs, and access to historical transactions. | | > Almost all dApps use either Infura or Alchemy in order to | interact with the blockchain. In fact, even when you connect a | wallet like MetaMask to a dApp, and the dApp interacts with the | blockchain via your wallet, MetaMask is just making calls to | Infura! | | > Imagine if every time you interacted with a website in Chrome, | your request first went to Google before being routed to the | destination and back. That's the situation with ethereum today. | | This is a very common complaint about anything that claims to be | decentralized. It was also surprising to me years ago when I | first read about Bitcoin and realized that it's not practical to | maintain the whole blockchain on most clients. However, how do | ISPs fit into this analogy with "web 1"? Since we're assuming | that the original world wide web _was_ worthy of being called | "decentralized," doesn't this same criticism apply to ISPs? Even | if you ran your own web server from your own facility, presumably | the ISP was a third party that you had to (in some sense) trust. | dthul wrote: | The views on centralized services such as Infura really resonate | with me. A few months ago I looked into how Ethereum and smart | contracts work and got excited that there is basically this | shared "virtual machine" with persistent, public state that can | only be altered by interacting with those smart contracts. | | But soon after it became clear that it is not really possible for | me (or any regular "client" as the article calls it) to look at | the state of the virtual machine and evaluate view functions | myself. The block chain is so large already that we need to rely | on big servers which are operated by other people to do this. | sva_ wrote: | I think you can use _geth --syncmode snap_ to get a snapshot | quickly with which you can interact with the Blockchain. | ssss11 wrote: | But there are other L1 blockchains already that aren't like | that (eg. Mina) and who knows in future what will come.. | dthul wrote: | Good to know! I don't know much about the blockchain space | and have only looked more closely at Ethereum so far. | msgilligan wrote: | He's focused on Ethereum and NFTs, which is certainly the most | popular/obvious place to research. I think his analysis is | excellent and the article is worth reading. | | But he does say: | | > I have only dipped my toe in the waters of web3 | | Notably he doesn't even mention IPFS (which uses the pre-image of | an JPG to form the URL. Nor does he mention Bitcoin, which | provides a shared state layer as well as a currency and makes it | much easier to run a full node than Ethereum, which by most | measures makes the network more decentralized. | | I prefer to use the term "Decentralized Web" or "Decentralized | Internet" and I agree with Moxie that it will take a long time. | | I think Ethereum is fascinating and an amazing innovation and | (who knows) maybe eventually the off-chain pieces of its | ecosystem will become more decentralized. | | Keep building, folks! | spenczar5 wrote: | This is the first enlightening article I have read about Web3. | Maybe that says more about how little I have read than about how | good the article is. | | Anyway, Moxie seems very focused on the decentralization aspect - | that Web3 doesn't decentralize as much as we would like. | | An alternative aspect is the "global ledger of ownership and | transferrence" though. Yes, interacting with blockchains is hard | so it is some through APIs... but there does still seem to be | something important about the idea that my ownership of something | on a blockchain is permanent, and exists outside of any corporate | notion of ownership, in a deep mathematical way. That's | fundamentally appealing! | | But is it appealing enough to overcome market forces? I think | Moxie is right to spend a lot of time on the "nobody wants to run | servers" thing because it shows that most users are powerfully | motivated by convenience; if the mathematically-beautiful | blockchain ownership records remain inconvenient then they are | likely to be a niche attraction (like running your own mail | server). | golf1052 wrote: | This is a really interesting breakdown of web3 (or as he calls it | later on web2x2). I haven't dove into the world of web3 yet but | it does seem incredibly ironic that there's already seemingly a | large amount of consolidation around platforms to make web3 more | accessible to people. This is good for early adopters and artists | who are generating wealth during the gold rush but I don't think | it's good for "web3 the idea" as a distributed protocol. | ssss11 wrote: | It feels like there's alot of get rich quick types involved (is | a gold rush as you say) but over time the decentralised | principles will play out | newfonewhodis wrote: | dang wrote: | Please don't degenerate into flamewar. | | https://news.ycombinator.com/newsguidelines.html | newfonewhodis wrote: | How is that a flamewar? Literally talking about the content | of the article. | dang wrote: | You started from the article and headed straight for a | highly repetitive flamewar trope. That's just what we're | trying to avoid. | | Would you mind reviewing | https://news.ycombinator.com/newsguidelines.html and taking | the intended spirit of this site more to heart? You | unfortunately have a history of violating it, and we're | trying for at least a slightly better quality of discussion | here. | hammyhavoc wrote: | It isn't. | | Re Dang: straight from your link, "Please don't post | shallow dismissals, especially of other people's work. A | good critical comment teaches us something." | | Personally, I found the comment insightful. I don't have | all the time in the world to sit and pick something apart. | Make no mistake, the smart tl;dr of HN are what gives HN | any kind of value. Without that, may as well just use RSS | and Reddit. I'm already subscribed to Moxie, came to HN to | see what intelligent people have to say about it given that | I am no longer a Signal user, and am anti-cryptocurrency in | its current iteration, but pro-decentralization, which | makes Moxie quite an interesting choice for me to want to | actively follow the thoughts of as we feel differently | about many important topics. | | There is no binary black or white to be established with | abstract, complex topics like these. | | If it was any kind of bait, it was bait to discuss further. | That the whole USP of Web3 is supposedly ownership and | anti-censorship, and what's happening appears to be | opposite is definitely something we should be discussing. | | What's the point of comments on HN if we can't use them to | discuss? It's a commentary on somebody's opinion--with | opinions. | | Perhaps if you don't like opinion pieces then you should | simply ban them via these rules? I think HN's content might | end up a little thin on the ground in that scenario though. | | Worth noting is what "guidelines" actually are, they're not | rules. If you would like them to be enforced as rules, and | expect people to treat them as such, start calling them | rules or ToS. But in that case, expect far less interest in | HN if you aren't going to permit open discussion. | | Have a good weekend, Dang. Hope you and yours are healthy | and happy. | verdverm wrote: | If you read why indeed, it is because metamask calls the | OpenSea API. | | All one has to do is call a different API for the same | information. It's not like it was actually gone | PaulDavisThe1st wrote: | > People don't want to run their own servers, and never will | | That's one believably accurate summary. But here's another: | rather than focus on trying to make it easy, cheap and simple for | everyone to run their own servers, the tech world spent | 1996-today instead focused on offering to take care of this for | everybody else, for a price. | | Everybody concluded in the late 90s that the "nobody wants to run | their own servers" claim was self-evidently true, and so all the | tech development went into extending server capabilities, | extending browser capabilities, building hosting services and | infrastructure, and almost no effort went into making running a | web server as easy as, oh, I don't know, running Excel. | | Imagine a version of things where the server was almost a toy- | like appliance. Hard to do? Yeah, I know, it's hard. But then | again, in 1996 browsers with Web USB, Web Workers, Web Assembly | and the like would have seemed impossibly hard and yet here we | are. | | We don't have it because we chose not to build it. | PragmaticPulp wrote: | The personal server space is littered with failed startups. | | Not because it's difficult to make turnkey personal servers. | Embedded Linux hardware is unbelievably cheap. | | They fail because they don't bring any benefit against real- | world threats, but they come with significant downside risks. | | If your house floods or your home server is burgled, your data | is just gone. So your home server ends up backed up to the | cloud anyway, and now you're maintaining a home server and a | cloud server when you could have just used the cloud service | for everything without the headache. | ericjang wrote: | I have immense respect for Moxie, who has spent time building | experiments and tinkering with a new technology, and as a result | has a take on it that highlights very different issues than what | most of the predictable web3 flamewar centers around. It makes | you really think about who is really qualified to discuss said | technology. | jwlake wrote: | Some of his points are out of date (given state of the art is | old), like royalties and immutable data. See ipfs, eip-2981, etc. | | Other parts are very on point, specifically everyone using | opensea as authoritative for NFTs, which is crazy town. Opensea | has a dog in the fight, and they are very opinionated about | what's allowed in the tent and not. Things like etherscan and | infura are less scary. I can't imagine building a wallet and | depending on opensea for anything though, because your users are | not going to appreciate that choice. | codeptualize wrote: | Really great article, it's so nice to read a nuanced article on | such a flame war topic. | isItpossible8 wrote: | Uptrenda wrote: | Thin clients that verify transactions are possible though. For | something like Bitcoin you have SPV-proofs that prove chains of | headers. You can prove that a transaction was included in the | longest chain without having to run a node yourself just by | checking proof-of-work merkle trees; Even if the vast majority of | users end up running clients that don't verify the whole chain -- | cryptographic trust would still be ensured by checking headers. | This requires no centralization. | | Satoshi wrote about this architecture early on in scaling the | blockchain. Ethereum also allows light clients and I think it | even has checkpoints that make downloading headers faster. | Cryptographic protocols that verify smart contract results could | be included in Metamask. I feel like not mentioning this in the | essay shows a lack of familiarity with the literature even if he | was extremely opened minded (enough to create dapps himself.) | | He did make valid observations about third-party trust: OpenSeas | and Infura. But in both cases: these protocols can be implemented | without centralized architecture. A decentralized alternative to | Infura (that provides reliable results to users and easy-to-check | attestations) is possible to build. One should also note that in | blockchain land the lack of incentives to run a full node is a | problem people are working to address. It's actually a perfect | illustration of how the blockchain can lead to emergent systems. | Some ledgers already have rewards for running full nodes. So yes | -- people do want to run full nodes -- they just want to be paid | for it. | reducesuffering wrote: | I do not look forward to immense backlash against "techies" when | normal people have been grifted out of what they thought were | their "savings" in crypto and NFT's. | milofeynman wrote: | > The project can't start as a web2 platform because of the | market dynamics, but the same market dynamics and the fundamental | forces of centralization will likely drive it to end up there. | | Great insight. | | I didn't realize for maybe 8 months that NFTs were not actually | storing the art on the Blockchain. I appreciate Moxie pointing | out the problems with this in an eloquent way. | intrasight wrote: | The first article on Web3 that I've read that drills into the | details and was written by someone who's not only kicked the | tires but taken the thing for a spin. And the conclusion: It's | mostly the bad stuff of Web2 combined with the bad stuff of | Crypto. | arcticbull wrote: | I'll be honest I had no idea that access to Ethereum is | effectively gate-kept by two centralized entities (Infura, | Alchemy). I knew there were only one or two true Ethereum full- | nodes, but the impact of that never quite clicked. | | [edit] By "full node" I meant "archival node." | Scott_Sanderson wrote: | You're not wrong, but it can be a fantastic experience if you | do have your own self-hosted node. I run the geth node on a | linux server and can connect to it to send blockchain | transactions or retrieve information from the chain. Example: | my tax prep software took my wallet addresses and found all | my uniswap trades by querying the local node. | tshaddox wrote: | In what sense is it "gate-kept"? Isn't the complaint that _in | practice_ most people probably use those two services? As far | as I know those two services don 't do anything to try to | force you to use them, and people just use them out of | convenience because "People don't want to run their own | servers, and never will." | | The potential for single points of failure (or even | intentional abuse) does exist because of this de facto | dominance of two service providers, but as far as I can tell | there's nothing stopping anyone from running their own node | and connecting their various cryptocurrency wallets to them | other than the money and inconvenience of running your own | server. | arcticbull wrote: | > As far as I know those two services don't do anything to | try to force you to use them, and people just use them out | of convenience because "People don't want to run their own | servers, and never will." | | Indeed, but one could make the same claim re any Web 2 | juggernauts like Google and Facebook. You don't _need_ to | use them, sure. You can start your own social network. | hrhrhrhrhr wrote: | go_to_moon wrote: | only one or two true Ethereum full-nodes | | source? | arcticbull wrote: | I should have said archival nodes, the ones that keep state | back to the genesis block. I don't know if that number is | even tracked anywhere. I've read estimates ranging from 2 | to 5. I'm trying to find where I read that, happy to be | wrong - or right, if anyone has data. | | [edit] Here. [1] And here. [2] After | examining every which way we could think of to add the Trie | state to our Ethereum state, we asked Vitalik for | assistance. His first comment to us was "oh you're one of | the few running one of those big, scary nodes." We asked | him if he knew of anyone else running a "big, scary node" | to see if we could possibly sync with them. He knew of no | one, not even the Ethereum Foundation keeps a full archival | copy of the Ethereum chain. [2]. | | [1] https://librehash.org/ethereum-archival-node-review/ | | [2] https://blog.blockcypher.com/ethereum-woes-d9b2af62da67 | exdsq wrote: | There's no real reason for this to be honest. The Web3 | projects I've worked on tends to fall for centralized | services like Infura because of development needs at first | and then it's just easier to use it for production. I've made | a decent living for the last two years setting up test | infrastructure for Web3 projects due to its complex nature. | This is true across all blockchains, not just Ethereum. It's | an area ripe for new DX products. | spenczar5 wrote: | New products? Would those be more centralized platforms, or | is it feasible for me to connect to the blockchain, verify | stuff, and so on if I am running my own server? | | It still seems that _my_ users on phones and browsers would | need to trust _me_ in that case, right? | exdsq wrote: | Oh it's totally doable to run your own node on your own | server! And thanks to the protocols consensus rules your | users can trust that for a transaction to go through your | node and be accepted onto main net your node is a good | actor. | | So one example I'd give - every team I've worked on has | had to build a local development environment with several | nodes to easily spin up with a clean slate for | deterministic testing. Teams get sucked into tools like | Infura to set these up and then it's so easy to do the | same for deployment they do just that. I think there's | tons of room for Blockchain-as-a-Service tools to improve | development and testing processes without forcing | centralization on main net deployments. | spenczar5 wrote: | Okay. Why doesn't everyone do that, then? Why use Infura? | | As is hopefully obvious, I am totally naive here; my | questions are genuine. Thanks! | jeroenhd wrote: | Bit that it'd be very practical, but the data itself is | shared so in theory every company could set up their own API | to render the blockchain into a readable, quick to access | format. Even the vanished poop emoji NFT would reappear once | someone else renders their view on the blockchain in the | right way. | | The problem with this is that running servers that store and | process one or even multiple blockchains in a searchable way | is terribly costly and inefficient. In theory the public | ledgers are all safe against locking away data, like Google | or Microsoft could do with your accounts in the real web, but | in practice nobody wants to be the guy making a loss on | serving blockchain views. | | If web3 ever gets off the ground, it needs more of these | access provider companies. Perhaps even a prebuilt system you | can throw onto your own server to participate, like IPFS and | other existing decentralised systems provide. | | I'm still not clear on the actual benefit of the | cryptocurrency web other than the concept of "owning things | without legal protection or oversight" which I (and I believe | most people) have very little interest in if it comes at the | premium it comes at today. From a technical standpoint all of | this blockchain stuff is awesome, but it's an awesome | solution in search of a problem. | [deleted] | joe_the_user wrote: | A deep dive into this stuff is certainly useful. The question | is, of the people who were offended by shallowness of people | saying "this is obviously garbage though I can't be bothered to | investigate it", how many will say "ah, so here's a thorough, | technical and soft-spoken explanation why this is all garbage, | thanks". | SubiculumCode wrote: | I think you are over-simplifying the conclusions of the | article. The article presents a much more nuanced view, and | while it points to certain limitations and deficiencies of Web | 3.0 (and that on the Eth part of it), it also points to several | strengths of the growing ecosystems, and mostly comes across as | humble to not knowing how its all going to turn out. | serverholic wrote: | I find these articles to be a lot like criticizing tcp/ip | because Facebook exists. | Guest42 wrote: | Exactly,and it's also intentionally misnamed as web3 as if it's | an inevitable extension of current internet practices, rather | than a scifi buzzword fantasy of a small pocket of investors | (or small to moderate hedge of larger investors). | NotyoBiz wrote: | With regard to the last paragraph: Take a look at what Agoric is | doing. Basically making programming smart contracts less | difficult with JavaScript. Very interesting, worth a look. | superfrank wrote: | > People don't want to run their own servers, and never will | | This kind of gets at the reason why I think a lot of tech | articles/blogs about what the future will be like are just | terrible. The wants of someone who is driven enough read and | write about the bleeding edge of technology are very, very | different from the general population. Like this author says, | most people don't want to run their own web server, but I'd go | even farther and say, most people don't really care about | decentralization or even data privacy. Getting most people to | care about privacy and decentralization is like getting a kid to | eat vegetables. They know they should, but the alternative has | more short term benefits. I think most people care about ease of | use over almost everything else. | | People who write these articles need to be thinking about the | middle aged woman who still calls every video game system "a | Nintendo". There will always be some users for technologies like | web3, but until you can clearly demonstrate to that woman that | this new technology has value and is easier to use than the | status quo, you're never going to get mass adoption. | | Connecting this back to web3, we're clearly not there yet. Almost | anything being done on web3 is slower, more expensive, and more | complicated than its web2 alternative. We may or may not get | there one day, but until we do, I don't see web3 being anything | more than a niche product. | jd007 wrote: | IMO this diagnosis is still one level away from a more | fundamental truism, which is that people don't want to pay | anything for digital goods. Running servers can and has been | massively simplified over the last couple decades, and I don't | see any inherent technical barrier preventing it from being as | simple as registering for an account on FB (i.e. anyone can do | it). The deeper problem is the lack of willingness to pay | (directly) for anything online. | | The reason for this is complex, with lots of unclear cause and | effect dynamics (e.g. did our unwillingness to pay push the | ecosystem to gravitate towards ad-based revenue models, or the | other way around?). The inevitable race to the bottom between | competitors, under the massive incentive for platforms to | centralize/consolidate (if you charged any amount for your | service I can always under-price and out-compete you) is likely | a major contributor. We do not exhibit such reservations | against payment for anything physical, probably because of the | innate sense we have that anything in physical reality should | have a cost, yet not so in the digital world. | PragmaticPulp wrote: | It's refreshing to read an article that admits this: | | > > Even nerds do not want to run their own servers at this | point. | | I actually enjoy build and running servers, but only for hobby | purposes. When it comes down to anything business related or | critical, I have zero desire to run and maintain it on my own. | And I especially don't want to have to handle security for | large amounts of money that could disappear in an instant if I | make one wrong misstep. | xboxnolifes wrote: | > Like this author says, most people don't want to run their | own web server... | | I know I certainly don't. I want to write my software and I | want to be able to deploy it somewhere and manage the things I | may care about for that specific software. As much as possible | I don't want to have to care about hardware, or routing, or | server administration, or user permissions, etc. Learning it | once? Sure. Dealing with it every time I have a new project? No | thanks. | | So, I totally agree. decentralization and privacy _on their | own_ are difficult to market, as they aren 't nearly as in | demand as convenience. | guerrilla wrote: | > The wants of someone who is driven enough read and write | about the bleeding edge of technology are very, very different | from the general population. | | This is very insightful. I wonder what else it applies to. I | bet there are tons of media sectors writing to irrelevant but | interested audiences. | | > People who write these articles need to be thinking about the | middle aged woman who still calls every video game system "a | Nintendo". There will always be some users for technologies | like web3, but until you can clearly demonstrate to that woman | that this new technology has value and is easier to use than | the status quo, you're never going to get mass adoption. | | I don't get it. I thought this used to be common knowledge. I | mean it's basically a TV trope, so why and how do industries | "forget" this? | nathanyz wrote: | Concise, well thought out analysis by a cryptographer on Web3. If | you believe in Web3, then you shouldn't dismiss this out of hand | as a hater. He truly tried to understand how it works by actually | building dApps. And the holes seem glaringly obvious. | | What you should do if you believe in Web3, is take this as | constructive criticism and improve so that they holes are no | longer there. | karaterobot wrote: | I wanted to say that I appreciate his approach to stating why he | isn't sold on Web3: thoughtful, succinct, diplomatic, and based | on the results of an open-minded experiment. This is so much more | of an article I'm ready to engage with than the the "crypto is a | pyramid scheme, don't you get it you morons!?" articles. | lekevicius wrote: | While it's refreshing to hear critique from someone who actually | built something on web3, there are a couple of points where I'd | dare to disagree, somewhat. | | Particularly, regarding "early days". It really is, still, early | days, because there is a lot of complexity in getting all the | pieces built. It took years to get overall blockchain going. | Then, to understand the need of programmability (smart | contracts). Other pieces too: more efficient consensus mechanisms | and clever ways to express commitments, decentralized storage, | etc. And the space is so far from being done. | | Particulary, about servers being clients. This is true today, but | it would be wrong to say that nobody cares about it. Ethereum | developers spend considerable effort on pushing the idea of light | clients, going as far as re-architecturing the way whole | blockchain state is stored, so that browsers could actually | become fully valid clients, and services such as Infura would | become a lot less necessary. This requires cryptographic | innovations (verkle trees), client implementations, consensus | between participants, etc. It is likely to require 2+ years to | get there. Early days. | | Another moment I would critique is the clever NFT, that displays | different things. Yes, ERC-721 allows any URL as metadata file, | so you can put traditional DNS-resolved URL there. But I would | struggle to find any "respected" NFT collection that actually | does that. Almost every high quality NFT project (Art Blocks, | BAYC, so on) has IPFS as metadata URL, and goes as far as to | freeze metadata, so it couldn't ever be changed. | | Lastly, his discussion about value of decentralization is very | valid. Yes, Ethereum developers spend a lot of effort on light | clients. Will anyone care to use them? Yes, best NFT collections | freeze metadata pointed to IPFT... does anyone care? Success of | OpenSea and Binance Smart Chain shows that for many, idealistic | goals are irrelevant, as long as money can be made. That's fine. | But there are some of us who actually care. Majority has | uninteresting goals (money). There are still amazing gems to be | found. | spenczar5 wrote: | My understanding of IPFS is that there is some DNS-and-HTTP | translation step that resolves content to IPFS locations. Is | that correct, and is it immutable? How does that work? | devadvance wrote: | This is a really well-thought-out, nuanced take. I really | appreciate mixture of "but there are still servers", not being | able to stop a gold rush, and (refreshingly) the technical take | on the implementation details. | | It stands in such stark contrast to other content. For example, a | web3 chat app announcement I saw yesterday [1]. I even joined the | Discord to learn more and just found...hype. | | I found this parenthetical to be amusing: | | > (visualizing this financial structure would resemble something | similar to a pyramid shape) | | Pyramid-shaped financial setups indeed :). | | [1] | https://twitter.com/MessagePartyApp/status/14791510011813765... | justinator wrote: | I was under the impression that crypto currency was thought of | as nothing but yet another pyramid scheme. | elliotbnvl wrote: | This article seems like it neatly encapsulates and explains why | I've subconsciously held off from jumping into the Web3 space. | | It might be confirmation bias speaking, but I don't think I've | seen anyone lampoon Web3 so thoroughly, and it's nice to have | some well-reasoned explanations for why I feel the way I do. | | EDIT: A further thought: this article is the first I've read on | Web3 that feels like it's actually important and I'm looking | forward to the discussion. Are there any real counterpoints to be | made against his reasoning? | titzer wrote: | > We'd all have our own web server with our own web site, our own | mail server for our own email, our own finger sever for our own | status messages, our own chargen server for our own character | generation. However - and I don't think this can be emphasized | enough - that is not what people want. People do not want to run | their own servers. | | I must be stuck in the past. | | It's true. No one wants to run an arcane, buggy, insecure, wonky | POS that needs constant patching. This is really a failure of | software and shoving all that up a level into the cloud is not | fixing anything. At least with your own hardware you can nuke it | and start over from scratch. With your own hardware (and disks), | you at least know where your data resides. | | We live in a time where you can get a 4 TB NAS for essentially | nothing. You can drop a 8 core, 32GB RAM server on top of that | for less than $1k. I don't know what other people's scaling needs | are--who knows, maybe they need to serve 100 PB?--but it's a mind | blowing amount of computation. Most people can probably serve | their silly websites off that. If you can't handle your own email | load on a server like that, I honestly have no idea what you're | up to. | | I kind of _do_ want to run my own ones of those things...but I | know (with today 's software) I'd hate it. Because even after all | these years, it kind of terrifies me, the metric shitton of stuff | I have had no clue how to do, and I know is way over | complicated...because _everything_ is way overcomplicated. | vorpalhex wrote: | I run a homelab, and also run a shared server for a few folks. | | The hardware is easy. The software can be easy (if you let it). | The things that are tricky: | | 1. Getting different software to all play nicely from the users | perspective. I can't even give my users SSO because most | software doesn't accept reverse proxy authentication! | | 2. The gap in average computer skills. Some of my users are | engineers, most of them are not. My average user needs help | with password resets, remembering URLs and very basic tasks. | "Upload a file" is a _difficult_ task for the average user. | | 3. Feature requests and keeping maintenance reasonable. A lot | of my technical users will ask me for feature after feature.. | but not put in any time or effort to set things up or maintain. | I'm one person and I set a hard cap of how much maintenance | I'll do in a week, and that is a big limiter of stuff. | | I have toyed with just charging my users a bit per month and | hiring someone as a basic tech, and honestly more of my users | would rather pay a monthly fee than actually work on the | servers themselves. | eatonphil wrote: | > 1. Getting different software to all play nicely from the | users perspective. I can't even give my users SSO because | most software doesn't accept reverse proxy authentication! | | It sounds like you're referring to something specific here | but I'm not understanding. What kind of software doesn't play | well with SSO? And what is reverse proxy authentication? Do | you mean give users SSO as in give them an account on an SSO | system like Google/Okta/LDAP or do you mean use SSO as | authentication for a web app you're running? Even if in the | latter case I still don't understand what you mean by reverse | proxy authentication or what that has to do with SSO. (I've | set up SSO on my apps before and I've run SSO auth servers.) | vorpalhex wrote: | SSO is short for single sign on. It means users have only a | single login across all the parts of the system. That can | be something like "Login with Google" or it can be they | just have a single local user account that works | everywhere. | | A really efficient way to make SSO work is to allow a | reverse proxy to do all the work. A reverse proxy is a | webserver (such as nginx or traefik) which receives all | incoming requests and then hands them off to the correct | bit of software, such as Plex or Heimdall. | | Reverse proxies do lots of things but they help glue | different pieces of software together. It allows you to | have "http://plex.example.com" and | "http://heimdall.example.com" on the same server as a for | instance. | | You can also have the reverse proxy handle authentication. | Users get redirected to sign in if they don't have the | right cookie and when the proxy forwards their request it | includes headers that give the username, email, etc to the | underlying software. | | This way instead of both Plex and Heimdall having to | support a bunch of different sign in options, user | management, password resets, etc all that is done by the | reverse proxy. Your software just has to trust the reverse | proxy and get it's data from the headers. | alx__ wrote: | His point is that a majority of people don't want to bother | with the cognitive overload of running a server. Just like you | _could_ build your own car, very few want to. Often they don 't | even care what kind of car they have. As long as it can get | them from home to work and back again without killing them. | titzer wrote: | I mean, I get that. I have a mailbox on my house. Letters | come to it. I don't think about it too much. Bits come to my | house all the time but somehow those trillions of | computations keep flubbing this basic functionality. | bobobob420 wrote: | Are you talking about physical On-prem systems or just buying a | basic ec2 type server and renting some storage space? Because | wouldn't the first one require a specific business line to an | ISP for networking, which would require an office space and | other associated costs? Or are you referring to renting a | vanilla server and rolling everything yourself vs using some | automated deployment and build pack system? | chasd00 wrote: | I just did a speed test and got 175mbs up. That is | ridiculously fast and i don't have an out of the ordinary | home internet connection. Entire data centers use to run on | internet connections slower than that. | | A mac mini, ups, and that connection is plenty to run any | kind of server for personal/family use. | diegocg wrote: | I don't want to maintain my own mail server, but I definitely | want to run my own server. | | The irony is that modern internet infrastructure makes | decentralisation _more_ feasible, but software lags behind. Why | can't I buy some device for 200EUR or so where I store all my | data and I receive email? (with the cloud being used only for | optional encrypted backups). One can even imagine a | decentralised social network running in these devices, with my | friends getting updates by polling it periodically (or my | device sending updates to their devices). The device would be | powered 24h/365d, and if it breaks you just replace it. When | I'm out of home, my phone apps would just query the device to | get new mail and updates. | | We shouldn't really _need_ the cloud for many things yet we use | it for everything. | elliotbnvl wrote: | This smells like the classic "you can build your own Dropbox | easily" comment. Just because it's technologically feasible | doesn't mean people want to do so. | titzer wrote: | Note, I didn't claim that. I'd love to put a box in my house | next to the cable modem that did all that stuff in a | manageable, understandable way, that wasn't some underhanded | subscription service that is going to try to squeeze me in | the future or whoops my data amongst its constant, silent | upgrading itself. But alas, no such box exists, and the | software components that would go in that box seem to need | constant babysitting and arcane configuration. Worse, it | seems like all those overcomplicated things keep having | critically bad security vulnerabilities and I'm just | wondering what the actual fuck is wrong with having a damn | thing on my computer that receives my email and serves a | webpage. | Pxtl wrote: | Yes. Just because it's possible doesn't mean it's easy. | | I'd love to see appliance-level servers become standard, but | you'd need Google or Apple to throw their weight behind such | a thing to make it usable, since decades of server | software/hardware development has failed to produce things | that require less-than-professional-level users. | | I'd love to buy an off-the-shelf box for my network, have it | act as a back-end for all my Google cloud-based apps and | email and serve my blog and my photos and automatically | encrypt and back it all up to a cloud storage system. But | none of the big players are interested in that kind of thing, | and the small players can't create replacements for the | entire Google or Apple or Microsoft server/client | architecture. | ssss11 wrote: | I think they key is: despite regular people not wanting to RUN | their own server, they do want to CONTROL their own server. | Current incumbents treat your data like tier asset, not like | custody. | | This is because you pay nothing. The beginning of regular | people having empowerment begins by paying some fee to own the | product. | dang wrote: | All: this is quite an interesting article. It deserves much | better than the tedious flamewar that this topic has routinely | been converging to, so let's give it a go. | | If you're going to comment, please focus on specific, interesting | things in the article that you're curious about. | | Please _don 't_ post generic, shallow, obvious, indignant, and/or | dismissive comments--those are repetitive and predictable, we've | had more than enough of them, they're tedious, not what this site | is for, and we don't need more. | | https://news.ycombinator.com/newsguidelines.html | murat124 wrote: | I don't like that when an actually good successor to web2 comes | along it won't be called web3 because of this bullshit that they | call web3. | exdsq wrote: | What a uniquely insightful view, I had not read anything | similar on HN in the past. I particularly liked the second part | of your well-reasoned argument on the flaws of these | technologies. | pseudosavant wrote: | If you only read one thing on "crypto", this should be it. | ineptech wrote: | > People don't want to run their own servers, and never will. | | Not really much related to web3/crypto topics, but I think this | is an indictment of servers, not people. If managing a server | were easy and secure, lots of people would do it - for blogs, a | minecraft server for the kids, to back up their pictures, and | yes, to store their bitcoins or other digital secrets - they just | don't want to manage a unix or windows server. | | It used to be hard to install a webcam, now it isn't. No reason | server software can't do the same thing - all we need is for some | gigantic corporation to sink 100k developer-hours into it (which | sounds like a joke, until you remember that there are several | gigantic corporations who have very profitable side-hustles | hosting servers, and who would be creating a whole new class of | customer if they did this). | ericd wrote: | Yeah, I think the success of Synology's NASes speaks to this - | they're largely used as little home servers. And it could be | even easier if someone built a box that functioned as a router | and a server with dynamic DNS as an easy part of the setup. The | UI would have to be really, really polished, but I think it | could be done. | | Symmetric home ISP connections would make these more useful, | too. Sadly, that's not the norm right now, but perhaps that's | because most people don't demand it. | pjsg wrote: | What is the _benefit_ to the average user of running their own | server? Most people (maybe even on HN) just want things to | work. We buy connectivity services for our phones and our | homes. I certainly don 't want to run my own Wireless ISP to | connect up my neighbourhood even if it was marginally cheaper | (until I account for my time). | | We buy storage services (for lots of reasons) from Amazon, | Google, <your favorite backup provider>, etc. I don't want to | run a large NAS and keep it running and backed up. | | We buy messaging services (voice, SMS, email, IM etc). I don't | want to run my own Asterisk VOIP PBX, my own OpenBTS node, my | own postfix instance, my own IRC server. | | I buy power services (electricity and oil). I don't want to run | my own oil well, refinery, nuclear power plant etc. I do | actually run some solar panels, but the amount of cognitive | load that they cost me is very small. It is probably under 3 | hours per year of having to fiddle with them. | | In short, the _cost_ in terms of time and energy from me makes | it far cheaper to outsource all of these services to someone | else. This doesn 't prevent you from running any/all of these | services, but I would suggest that you are in a very small | minority. | | Having said all of that, if I lived on an island with no | services, I might be tempted to run some of them myself. | smm11 wrote: | As long as I can stream stuff moving forward, I don't care what | Web version we're "on." | dddw wrote: | I enjoyed reading this article. The closer you look towards | cryptocurrencies and smart contract projects like nfts, the less | likely without a significant (state) player supporting these | experiments I doubt we'll talk let alone use these speculative | industries in a quarter century. Anyone can make an currency, | only a strong arm can force you to pay. | justinator wrote: | Does it look like I know what an NFT is? All I want is a JPG of a | gawd dang hot dog. | jdnordy wrote: | This is the best article I've found to help me understand what | Web3 is and how it actually works. Thanks op! | stavros wrote: | As much as I hate cryptocurrency as-it-exists, I'm very much into | its potential. Untraceable (eg Monero) digital cash that settles | instantly? That has the potential to disrupt societies. | | The problem is that most societies don't have a particular need | of being disrupted, so people are perfectly content paying with | their credit cards, and why shouldn't they be? The UX is better | and the banks are fine as long as they don't piss off a too-large | portion of the population. | | Still, I would love it if I could use, say, Nano (as it has very | limited PoW) to pay for things instantly and securely. I'm hoping | a miracle happens, but I don't think it will, or it would already | have happened. | wstrange wrote: | Untraceable digital cash facilitates crime, money laundering | and tax evasion. | | None of these things are good for a stable democracy. | stavros wrote: | And perfect law enforcement means a stagnating society. Think | where we would be now if gay people were discovered and | punished instantly as soon as they kissed a person of the | same sex, or interracial couples were punished as soon as | they started dating, etc. | xboxnolifes wrote: | Pretty much any additional freedom facilitates crime. | clarle wrote: | As an engineer, I feel like this single post helped me better | understand Web3 and how it worked under the hood better than any | of the heavily hyped Discord and Twitter announcements of new | projects over the past year. | | It's interesting how tightly coupled Metamask is to all of the | other big crypto / NFT marketplaces. Feels like the "distributed | web" portion of it has just been an over-exaggeration all along. | jagger27 wrote: | > [...] NFTs instead contain a URL that points to the data. What | surprised me about the standards was that there's no hash | commitment for the data located at the URL. Looking at many of | the NFTs on popular marketplaces being sold for tens, hundreds, | or millions of dollars, that URL often just points to some VPS | running Apache somewhere. Anyone with access to that machine, | anyone who buys that domain name in the future, or anyone who | compromises that machine can change the image, title, | description, etc for the NFT to whatever they'd like at any time | (regardless of whether or not they "own" the token). There's | nothing in the NFT spec that tells you what the image "should" | be, or even allows you to confirm whether something is the | "correct" image. | | How did we go from trapdoor functions being the foundation of | everything in the space to forgetting to hash a link? Is the | rational that these links should only ever be IPFS links? That's | fine I guess, at least those are hashed. Why does the protocol | allow for this to happen? | endisneigh wrote: | If you care about the environment even a little bit (like turning | off lights in rooms you're not occupying) then you will reject | Web3. Even the most efficient blockchains use more energy than | the status quo unnecessarily. | | This is also to say nothing of the fact that it's more expensive | per USD/KB transferred, slower and more complicated. | | I think what Web3 should be is a way to use your laptop or any | commodity computer as infrastructure for your data, and there | should be APIs for websites such that it uses your computer as | the source as opposed to their own servers. | | For example this comment could be saved on my computer, but | accessible to everyone viewing even if my computer is off via | caching, but ultimately I could invalidate and delete. | verdverm wrote: | This is not what I expected from Moxie. A writes very good | account of his experience trying to do some dapp / NFT stuff. He | eloquently draws attention to the problems that are based in | human behavior. | | Definitely worth the read. Both sides of the debate could elevate | their arguments if they ponder what Moxie has written. | olah_1 wrote: | > Both sides of the debate could elevate their arguments if | they ponder what Moxie has written. | | I appreciate that he fairly tried these different things out | and reported his experience. But I don't think he has noticed | anything particularly interesting or novel. | | It's common knowledge that the plentitude of blockchains out | there now make compatibility between them almost impossible. | This is how Bitcoin "maximalists" came to be in the first | place. If reputation and trust is the game, it defeats the | purpose to have a million different blockchains. | [deleted] | durakot wrote: | I've known Moxie to often be right. And I think he happens to be | right about this. | verdverm wrote: | I'm perplexed with him writing this piece and, at the same | time, adding crypto based payments to Signal... | | Has he written anything on Signal and payments? | durakot wrote: | I don't think there's necessarily any contradiction. This is | a critique of the Web3 paradigm (crypto all the things) and | not cryptocurrency itself for say, payments. | floren wrote: | > at the same time, adding crypto based payments to Signal... | | Damn, and just when I'd been thinking how much I like Signal. | | The goldrush when Keybase added crypto completely ruined what | had been a pretty good tool. | danielovichdk wrote: | I want to run my own servers. | | Honestly. | | It has always been a somewhat easy task if you pick an OS that is | secure and stable. | | And today with all the Foss/oss there are plenty of reasons why I | would do it. | | More Decentralised Please. | CameronNemo wrote: | Same. I'd like to make this experience better rather than give | up and give in to centralization. I know others have different | priorities, but I don't need them to use my servers. I just | need them to interoperate minimally. | dane-pgp wrote: | > rather than give up and give in to centralization | | As for why Marlinspike might have abandoned the goal of | decentralization, I think Upton Sinclair might have some | insight. | fabian2k wrote: | At the risk of displaying my ignorance and lack of knowledge | about this area, one part I found very familiar in this article | is that the action interactions in his apps didn't actually | interact with the blockchain, but essentially with two | centralized services. | | My very limited understanding is that for blockchains essentially | the way to distribute them is that every node has a full copy. | This sounds awfully expensive in the long run. My intuition would | be that once running a node is expensive enough, this would not | be truly decentralized. If I can't get the fundamental | information out of a blockchain myself on hardware I can afford, | the actual properties of the blockchain don't matter anymore as I | cannot access them myself. | | The moment you need to rely on third parties, you lose any unique | properties a blockchain might have. I don't know how this would | work if blockchains inherently are inefficient enough that you | always need a way around querying them directly. I find the idea | of a distributed trust-less database interesting, but if it is so | inefficient that I can't actually access it myself that idea | doesn't seem that interesting anymore. | simias wrote: | >When you think about it, OpenSea would actually be much "better" | in the immediate sense if all the web3 parts were gone. It would | be faster, cheaper for everyone, and easier to use. | | That sums up the situation for me. Having a marketplace for | purely digital goods _might_ be a concept with a future. Having | standard ways to interoperate between different platforms and | query and update these goods _might_ make sense (although I still | think it goes opposite to the general trend of walled gardens vs. | decentralized web, I don 't see why the IP owners would play ball | and accept the loss of control). | | The thing is that in most case those NFTs wouldn't be trustless. | I see people putting forward that a use case would be an NFT that | proves that your Rolex is real, or for Fortnite skins, or for the | ownership of your house. But in all these situations, there's a | very clear authority (Rolex, Epic Games and the municipal | authorities, respectively). These authorities will be allowed to | mint new NFTs at will (because who else?) and as such have to be | trusted. That opens up interesting questions btw, like "who is | Rolex exactly?" which creates a chain of custody of trusted | authority involving trademark management among other things. But | I digress. | | But then as soon as an authority is identified, why bother with | the extreme overhead (it terms of resources and costs) of | blockchain tech? Couldn't Rolex issue a PGP signed CSV of all | valid Rolex serial numbers once a month on IPFS and you'd get the | exact same security and trust profile without having to involve | any "web3" feature? | | Like cryptocurrencies, the subset of problems that can only be | solved using NFTs is incredibly tiny and speculators rush to make | up use cases that, if you think about it for five minutes, | clearly make no sense and could be better solved using good old | centralized tech. | pshc wrote: | > Couldn't Rolex issue a PGP signed CSV of all valid Rolex | serial numbers once a month on IPFS and you'd get the exact | same security and trust profile without having to involve any | "web3" feature? | | A serial number can be copied and engraved onto a forged watch, | so not really. | | A more analogous scenario would be if Rolex embedded an NFC | hardware chip with a private key inside the watch, such that | anyone could wave their phone over their watch and verify that | the chip's cert was indeed signed by Rolex. | voldacar wrote: | > NFC hardware chip with a private key inside the watch, such | that anyone could wave their phone over their watch and | verify that the chip's cert was indeed signed by Rolex. | | This is an excellent idea and I am now wondering why luxury | brands haven't started doing this. It would be super hot. One | would do it and suddenly they would all be doing it. Watches, | handbags, shoes, whatever | jfb wrote: | Could it be that people aren't really interested in undoing the | mistakes of Web2, but rather just kicking off a new round of | consolidation, where they could be the gatekeepers/platform | owners? | scotty79 wrote: | People happily run their servers when it's valuable for them. A | lot of people have torrent program running in the background. | Uptrenda wrote: | What he says about NFTs is embarrassing, lmao. I've personally | never bought them myself but I am enthusiastic about blockchain | tech. Is there really no commitment saved for an art work? You | would think this was basic shit. Maybe there is more than one NFT | protocol? | | He also has a good point about centralization in 'blockchain | oracle' services. In major wallets I've often seen them just make | calls to blockchain / TX lookup services -- no cryptographic | proofs there (though in theory easy to add with 'spv proofs'?) I | also like that he went as far as to make two dapps before | critiquing it. This is one of the better criticisms of 'web3' out | there. | | I don't think what he says about OpenSea being better as a | 'centralized' service is valid. Most of his critiques for the | downside of blockchain-tech seem to be Ethereum-specific. For | example, Solana transactions are blazingly fast, low-cost, and | there are nice stable coins on there. OpenSea seems like it would | be 'better' if it were an actual cryptographic protocol. Maybe | link it with IPFS + Filecoin. | CameronNemo wrote: | I like Moxie's work and writings, and this article has some great | points, but I can't get behind this: | | _We should accept the premise that people will not run their own | servers by designing systems that can distribute trust without | having to distribute infrastructure._ | | I'm not ready to give in. I am happy to leave "normal" (tech | illiterate and politically apathetic) people behind to reach my | decentralization goals. | | I think instead of building centralized infrastructure that does | not require trust, we can make it easier to host decentralized | infrastructure. Including allowing a "server" to be offline for | months at a time, come online for a minute or two, then disappear | again. P2P networking is also an area we can improve on, IMO. Too | much information is going across the internet instead of point to | point. Bluetooth is a terrible protocol, but airdrop (and reverse | engineered implementations) seems to be promising. | vasco wrote: | > I am happy to leave "normal" (tech illiterate and politically | apathetic) people behind to reach my decentralization goals. | | You realize this approximates to roughly "everyone that isn't | you"? | spenczar5 wrote: | What does it mean to leave normal people behind? Surely you | need to interact with them. | | For example, you can run your own mail server, but you will | need to play by Google's rules if you want anyone on Gmail to | get your emails. | | So, it's hard for me to picture what it means to _personally_ | decentralize without caring what the bulk of people do. | dama0 wrote: | > I'm not ready to give in. I am happy to leave "normal" (tech | illiterate and politically apathetic) people behind to reach my | decentralization goals. | | Which should be already possible with with the current | offerings around selfhosting applications and p2p technologies. | | But as the same time you need to accept that the "normal" | people would probably be happy to, in turn leave you behind to | reach their goal of being able to use all service available | without needing to concern themself with running their own | server. | somishere wrote: | Great article. Would love to read an equally solid rebuttle. Can | I suggest Web2^0? | boulos wrote: | Some of this echoes Matt Levine's take on crypto and DeFi | generally: you will repeatedly see the re-learning the lessons of | hundreds/thousands of years of traditional finance. | | I'm not sure that the "mobile device can't act as a node" is | fundamental (it's more a quirk of the _current_ systems), but | "nobody wants to run their own server" => "centralization" is a | great reminder: | | > I think this is very similar to the situation with email. I can | run my own mail server, but it doesn't functionally matter for | privacy, censorship resistance, or control - because GMail is | going to be on the other end of every email that I send or | receive anyway. Once a distributed ecosystem centralizes around a | platform for convenience, it becomes the worst of both worlds: | centralized control, but still distributed enough to become mired | in time. | purplesnowflake wrote: | Moxie is no fan of decentralization. And he made why very clear | with concise and incisive arguments. | newfonewhodis wrote: | At least wrt Signal, I think he prefers the trust be in the | protocol and not the organization or business model. | slibhb wrote: | His argument here is that web3, as it exists today, isn't | actually decentralized. Also: | | > These technologies immediately tended towards centralization | through platforms in order for them to be realized, that this | has ~zero negatively felt effect on the velocity of the | ecosystem, and that most participants don't even know or care | it's happening. This might suggest that decentralization itself | is not actually of immediate practical or pressing importance | to the majority of people downstream, that the only amount of | decentralization people want is the minimum amount required for | something to exist, and that if not very consciously accounted | for, these forces will push us further from rather than closer | to the ideal outcome as the days become less early. | | Per the post, he's in favor of decentralization that "uses | cryptography (rather than infrastructure) to distribute trust," | he's just skeptical that web3 will head in this direction. | Andrew_nenakhov wrote: | And his arguments in favour of centralization are flawed. Sure, | regular people do not want to run their own (email, chat, etc) | servers. But they DO want to be able to chose from a handful of | available servers the one they like best (or the one they trust | most), without losing connectivity with their contacts. Tired | of Google's shenanigans, move from Gmail to Protonmail, tell | your contacts your new email, set up an autoresponder, all is | fine. When you move away from a centralized silo like Signal, | you'll have to move all your chat buddies with you to a new | platform. | ianbicking wrote: | If you read the section "Recreating this world" it addresses | this pretty directly | Andrew_nenakhov wrote: | Directly, and not convincingly at all. He presents just one | use case, which, coincidentally, is the only one that casts | the service he runs in a really good light. There are other | use cases, like several email users leaving Gmail | altogether, escaping from what he calls "the worst of both | worlds". And his alternative? Using the centralized service | (preferrably, the one he runs), because, he promises, _this | one will be totally different_ , aha. | skybrian wrote: | Some people say they want this, but in practice, why you | should trust someone you've never heard of? | | Network effects aside, consider the difficulty of deciding | that the people behind a fork of Chrome or Signal are | trustworthy. The average person doesn't have the knowledge to | do due diligence, and many of us who could (in theory) don't | want to bother. | | How do you get to the point where people think your team of | software developers is legitimate? Decisions like this are | based on what everyone else is using. | | One reason that app stores serving sandboxed apps are popular | is that you don't have to evaluate each software developer's | organization just to play their games. | zaik wrote: | You might be interested in the refutation of some of those | arguments by Daniel Gultsch: https://gultsch.de/objection.html ___________________________________________________________________ (page generated 2022-01-07 23:00 UTC)