[Freedombox-discuss] Freedombox's pursuit of perfection undermines its goals

Joshua Spodek joshuaspodek at yahoo.com
Mon Oct 24 19:21:23 UTC 2011


Thank you to those who responded to my previous post here. I'm glad
nobody mistook what I wrote for unproductive negativity. Some responses
made me think a lot, and I thank you for that too.

Bob Mottram wrote:

> I agree.  Especially at the current time when there really are
> "people in the street seeking freedom" as Eben Moglen said, what you
> want is anything which is at least minimally functional, and to
> release early and often.

Exactly.

We do have to be sensitive to the risks like non-anonymity, so I think
we should publicize the problems as much as possible. Anyone for whom
the risks are too great can choose not to use them.

Or, more importantly, they can fix them or tell people what they need.
To me, that's the spirit of Free Software -- sharing code, scratching
your itches, distributing, modifying, and redistributing.

Not distributing in the first place makes the next steps impossible.




Robert Martinez wrote:

> I can not see how you're not just saying "Hurry up!".

To clarify, I don't intend just to hurry people. I'm suggesting not to
compare code against perfect solutions (which don't exist anyway), but
against current alternatives, mainly Facebook and Twitter.

> I also think that there is a worst case scenario you are missing:
> what happens if there is a premature release that reaches many people
> that REALLY rely on it and it fails them?

That's what's happening now with Facebook and Twitter. That risk is
already there. Not releasing anything, no matter how poor, means they
have no alternative and must face that risk now. Or do nothing. They
find work-arounds for those services. They can do so for Freedombox too.

I understand your worst case scenario, but since no one can predict all
possible uses or points of failure, avoiding it would mean never
releasing any code ever.

On the other hand, I contend releasing code, publicizing its problems
and giving users the ability to modify it is the best way to solve those
future hypothetical problems when they manifest. No one today could
anticipate all those problems. People using the code can solve them.



Bjarni R?nar Einarsson wrote:

I'd have to quote his whole response, which clarified a lot of my
sentiment and improved on several points.

Mainly that Facebook and Twitter work well for so many people. We don't
have to be perfect, just better than them for some people's purposes. We
don't know everyone's purpose, but if at least a few people out there
would benefit, releasing early will help them. And they will help us by
using it. If they modify and redistribute it, all the better.

> A whole bunch of tools are *already* out there. The FreedomBox is
> barely about creating new tools at all, it is mostly supposed to
> compile existing tools and make them more easy to use (in a safe way).

I can't disagree with this point. I would just change the threshold for
"in a safe way" from its present point to no worse than Facebook and
Twitter, along with publicly stating whatever problems we know of.





Weaver wrote:

> I think we need to avoid tailoring a product to a specific market.
> Just produce a product that enables secure, private, decentralised
> communication.

I agree. If my original post implied tailoring to a specific market, I
appreciate your clarification. I intended to mention Iran purely
illustratively, not to suggest we should tailor something for them
specifically (although if that motivates someone, I wouldn't discourage
them from working it).

> I should respectfully suggest we concentrate on producing what we are
> aiming at and allow the end user to decide on usage.

I concur. I believe we all benefit from everyone solving his or her own
problem and sharing those solutions for others to apply to their
problems.

> Many people on this list are concerned about the fact that centralized
> SSL CA's aren't trustworthy, or how to prevent DNS hijacking, or how
> to exchange PGP keys. It's not a waste of time to talk about these
> things, because they are problems with the security models of all the
> things FreedomBox needs.  But the solutions to all these things aren't
> readily available to be dropped right on a server.
> 
> If the minimal goal of FreedomBox is to stave off government/business
> siphoning of nearly everybody's data on tools like Gmail, Google talk,
> etc. then just getting the server in someone's house is pretty good
> for that. But much(most?) of the conversation on the list seems to be
> about the stronger security stuff that doesn't exist yet. If someone
> needs "real" security right now, the tools are already available and
> they are just going to have to learn how to set up a secure box and
> use it. This is all the more reason for FreedomBox to ignore this
> "market" for the time being. Easy to use FreedomFighterBox is out of
> reach right now; easy to use FreedomBox to get people's crap out of
> the cloud IS within reach right now. Stuff necessary for a shipped
> FreedomFighterBox is also necessary for FreedomBox in the long term,
> but it's hardly necessary in the short term to just get out of the
> cloud as much as possible. 

Exactly!

Let's continue discussing trustworthiness, DNS hijacking, etc, but not
let that discussion keep us from releasing "good enough" solutions for
some people. Let's enable people for whom that "good enough" doesn't
suffice help us.




More information about the Freedombox-discuss mailing list