Show HN: s@: decentralized social networking over static sites

Posted by remywang 20 hours ago

Show HN: s@: decentralized social networking over static sites(satproto.org)

393 points | 196 commentspage 5

deafpolygon 7 hours ago|

i would prefer to see widespread hosting become cheap and easy to use… as simple as signing up for an account

then allow people to blog/post in a standardized format using rss. any other site can then subscribe to that site.

krapp 7 hours ago|

>I would prefer to see widespread hosting become cheap and easy to use… as simple as signing up for an account

It is and has been for years. You can literally just sign up for a shared hosting account on hundreds, possibly thousands of services and put whatever you want online (within legal limits of course.) You can even still use SFTP if you want.

People just don't do it anymore, but it's never been less expensive or more accessible.

deafpolygon 1 hour ago||

i think one of the biggest reason is discoverability… so a solution on this front would need to help solve that to a certain extent beyond just “heres the ftp, here you go”

Uptrenda 16 hours ago||

The client fetches the pub key off the server which is decentralized? There's no part in the protocol that authenticates whether or not a pub key is legit. If its replaced by an attacker and someone subsequently goes to fetch a key they can read those messages. I mean, pub key infrastructure is meant to solve that. With SSL and such... that's why you its a federated chain of certificates with providers vouching that names = pub keys.

This is a very common problem. There is potential to possibly make this more decentralized with smart card technology. Like imagine a smart phone with access to pub keys in the hardware tied to an account cryptographically. Then you can say something like phone number = subscriber = pub key. Encrypted messaging apps seem to bootstrap off of ownership for numbers in the mobile system (mobile system security is very bad so there are dragons here.) The other apps like pidgin with OTR plugins they have unique phrases that help with the issue.

When you start looking at decentralized pub key infrastructure tied to human-meaningful names you start to run into zookos triangle:

https://en.wikipedia.org/wiki/Zooko%27s_triangle

human-meaningful, decentralized, secure -- pick two

superkuh 19 hours ago||

satproto's implementation involves complex cryptographic signing and that makes it very not static. One needs to run a program of some sort to use satproto. The only static part is that the json that's operated upon.

This is not true of indieweb's web mention: https://indieweb.org/Webmention

It just uses HTTP POST (like pingback/trackback/etc, except it has a second step verifying the page sending the webmention actually has a link to a URL on the website). You can them them with a browser or cURL or some complex backend script. Receiving them is as easy as logging POSTs to a specific URL endpoint or even using someone else's community backend your site interfaces with via javascript (ie, https://webmention.io/ - not static since it uses JS). Or anything in between.

Totally decentralized and very simple. I implemented a simple nginx POST logging format in the config to receive on my static site. And HTML forms on my static site can send. http://superkuh.com/blog/2019-12-11-3.html

isodev 18 hours ago|||

Webmention is cool indeed. Also one of few techniques that’s currently free of some corp’s greedy roadmap

nunobrito 12 hours ago||

Is spam a thing on webmention? Have the impression it is easy for spammers to generate webmentions to get attention.

koolala 17 hours ago||

I wonder what the signing is for if you already have a domain name to verify your authorship.

Retr0id 17 hours ago||

It doesn't use signing, aside from the signing that exists within TLS

notpushkin 17 hours ago||

I think they mean in s@.

...which doesn’t do signing, but does do E2E encryption? So it’s more like DMs-over-HTTPS.

irenetusuq 4 hours ago||

[dead]

sriramgonella 6 hours ago||

Static hosting and CDN distribution solves a lot of the traditional scaling issues, but moderation and identity usually become the hard parts in decentralized systems. Curious how you’re thinking about, identity portability, spam resistance and content discovery without centralized ranking

lilnigga 5 hours ago||

[dead]

vexnull 18 hours ago||

[dead]

iamnothere 18 hours ago||

Does the polling need to be fast? I think back to mailing lists and the huge delays involved in those conversations. Yet they were/are often very productive. Somewhere between Twitter/X speed and mailing list speed might be acceptable.

Maybe this would be better with a LiveJournal style interface. Medium length posts with threaded comments/replies are an underrated format.

8organicbits 17 hours ago|||

That should scale pretty well. The HTTP fetch of posts/index.json could use conditional get requests to avoid downloading the body when there are no changes. Static files are dirt cheap to serve.

bandrami 17 hours ago||

Maybe that's a feature rather than a bug

5o1ecist 14 hours ago||

[dead]

builderhq_io 12 hours ago||

[dead]

lilnigga 5 hours ago|

[flagged]