"Decentralized" systems are susceptible to catastrophic failure if every node runs the same software created by a single entity. Open Source doesn't change this. *Social* decentralization and diverse implementations for a protocol provide better resilience and distributed agency.
@delta There can also be a problem if too many of the open source systems are funded by the same organization, and then that organization later withdraws.
@delta and then you get the current activitypub landscape, which is so draining to read and understand, and so confusing all over, that it's hell to develop anything that supports it
This is the Achilles heel of the Fediverse; I've already seen Activitypub misconfigurations hose timelines across multiple instances more than once, also Mastodon software (or parts of it) can randomly eat resources and the server has to be restarted or the timelines stall.
Luckily the large number of admins, instances and multiple timezones limit the damage; but cascading failures across the Fediverse *do* happen every so often..
@vfrmedia @Scarlet @delta When I tried to implement part of the Mastodon API which lists known accounts that did cause some sort of strange cascading failure. I think it got fixed, but other things like that could be lurking and fuzz testing would help.
In Epicyon I try to validate the inputs as much as possible, partly because it's just good practice but also because I've seen examples of admins trying to do questionable things with the protocol.
@delta while free software makes it easier to run different software, getting a consortium at healthy equilibrium is still damn hard
@delta ive only just realised this is the same principle as farming and ecology. Growing large mono crops, especially if they are clones, makes the area easily susceptible to disease, drought, floods... While growing a diversity of plants, all with different genetics, means that the odds of something wiping out everything is quite slim.
Diversity is required for resilience
@sunflower_avenue Indeed, that's an interesting similarity. Also James Scott in his seminal anthropological work "The art of not being governed" describes a 2000 year history of nomadic ways of growing plants that was more resilient overall than what the wet rice farming city states did (often wiped out by pandemics and climatic changes, too much water or heat etc.).
@delta I also think that for this to be feasible, protocol specifications need to be made as simple as possible. If your protocol is extremely difficult to implement (see: basically anything involving E2EE at the moment), then that makes the barrier to entry for additional implementations too high and you end up with either everyone giving up and resorting to the one original/reference implementation, or multiple implementations that are just different skins on the same SDK, which isn't much better.
@miramira Indeed, simple protocols are much easier to have different implementations for. The case of html and browsers, however, also shows a way how things can evolve to still reduce diversity. In any case, Delta chat uses https://autocrypt.org for end-to-end encryption successfully implemented in different email apps and with different encryption engines. Concretely, we use a pure Rust PGP implementation that was successfully security audited with just minor flaws.
@delta Maybe. Diverse implementations of a protocol and infrastructure fragmentation will of course make a system as a whole more resilient, but not if you consider "offering the same level of service to all users _all the time_" a valid requirement and if you don't care about maintenance effort and permanent threats and issues arising from different understandings and implementations of protocols that cause all sorts of funny problems. 😉
@delta opensource does change this. If you don't like what the entity is doing, just fork, and you now have two entites.
@fla If you consider this for the case of Signal, for example, then it's not that easy. You also need to fork the server deployment, somehow get a modified/extended app into the stores, and would still end up with an incompatible island. Protocols are missing that would make the two islands interoperable. Also, if WA would use open protocols, there would be many clients from different entities even though the implementation is closed source. Many angles to consider and look from :)
@delta Even then, that model is only resilient if you are thinking about the system overall and not the needs of any given user. Systems like the Fedi are a collection of fiefdoms where any given user can lose service at a whim without warning.
chaos.social – a Fediverse instance for & by the Chaos community