A couple thoughts from an early backer who really, really wants Urbit to succeed (and fears it won't):
1. What is Urbit?
I'm not involved with it and don't speak for the devs, but this always comes up, so I'll just explain in plain terms what I think Urbit is, or what I hope it will grow up to be. Urbit is the server-app-container thing that would make my non-techy Mom want to pay $5/mo for a hosted server instance.
Imagine if every man, woman and child had their own server. Nothing fancy, just a cheap ECC instance or DigitalOcean droplet or something. What would they do with them? Well, host a webserver I suppose, maybe a mail server, maybe a Minecraft server, stuff like that, right? But, these would have to be accessible to non-sysadmin types, so all of these server applications would have to be easy-as-an-iphone to set up and administer. Right now, such apps don't exist, because there's no market for them. But if the market were there, millions of people with hosted servers just sitting around, you can imagine how quickly they'd get made.
What about a social media? At a high level, every social media app is essentially the same app - they let you upload a file to the cloud and they let your friends access it and they show you ads. The differences between Twitter and FB and Instagram and Snapchat are nothing more than differences in how those three features are implemented. So why do they all use the cloud? Because there aren't a million people with server space just sitting around on which to host their IG pictures and FB arguments and Twitter profundities. But if there were, a good self-hosted social media app would make a lot of sense to build.
Urbit is intended to shortcut this chicken-and-egg problem by making a container in which it is easy to build those things. My Mom can afford a hosted server, but she has nothing to run there. If there were great things to run there, like a Facebook with no ads and a webserver with no hassles, she might rent one. Urbit is intended to be the thing in which those great apps are easy to build.
2. Why I want it
Those are all abstract reasons why something like urbit might succeed. As we all know, the mark of a good startup is not whether you can explain why it might succeed, it's whether there are users who want to use it right now. Well, I do want to use it, but it's hard to explain why. I'll take a stab at it.
If you're over 40, you may remember getting your first shell account. Wasn't that the shit? You want to host some files for colleagues? Just make a directory, chmod it to world-readable. You want to run a web server? Go ahead, and don't worry about security, the only people that can see this are inside your college/company. Want to see what Bill Smith is up to? finger bsmith. Want to argue about politics? talk.politics. God, how simple things were! Playing with Urbit feels like those days to me. It makes a handful of things, like identifying users and sharing files between them, trivial. You could probably write a Twitter clone in less than 1K LOC.
Or at least you could, if Urbit does everything it says it does. That's a big if. Which brings me to...
3. Isn't it really weird and fucked up?
Yes. Oh yes. It is incredibly eclectic, the fevered result of an insane genius toiling away in obscurity on his dream project when he wasn't busy writing interminable political screeds. It is an attempt to combine a bunch of things (a ground-up OS, two new languages, and a novel networking architecture) that might be too much for such a small team. The Hoon language is weirder than you've heard. Some people swear it's great once you get used to it, but the docs are sparse and I haven't invested the effort. And if you do invest the effort, it could well be that it has non-obvious architectural flaws that will doom it to be a buggy mess for all eternity. And on top of that, the founder is primarily known for political rantings that are... well, not racist per se, but close enough to get Urbit boycotted by the sorts of people who boycott obscure open source projects due to things in the founder's blog.
But if it fails, I really hope someone builds something less weird that accomplishes the same thing, because at the end of the day, I want it. I want a cheapo server with a cheapo self-hosted Twitter clone and a cheapo self-hosted FB clone, and I want to share pictures of my kids with my Mom without running them through some enormous corporation's billion-dollar machine-learning advertising algorithm, and I want to host my own website and server apps without taking on "sysadmin" as a night job. And it seems like, right now, Urbit is the fastest way from here to there.
Thank you for the comment. It is nice to be able to talk to someone who believes in Urbit ideal. I have a question for you: there are many advantages of running things on huge scale. How do you see Urbit will solve it? For example:
- webserver: I used to run a personal web server, and then I noticed that I have to throttle the speed to avoid ending up with a huge bill, and when the colo is down, the server is down. I keep all my data in the cloud now, and due to economy of scale, I do not have to worry about availability, ping times, or bandwidth limits. How can personal server compete with CDNs?
- I also used to run my own mailserver, and it was always a pain to keep spam away. This is a complex process which includes tuning spam filters, deciding which DNS blacklists to use (oh controversy!), deciding if I want to use DCC and at which stage. And I had to re-tune periodically, otherwise it would eat my automated messages... At the same time, Google (for example) has it easy -- at their scale, they have all the information they need to decide if the mail is spam or not.
- Social media: no, I have not run my social media server :) But I cannot understand how do you get started. The main point is network effects, and even Disapora, which has been around for a long while, is not that popular. Plus spam and viruses, of course -- how do you prevent that? If my friend gets a trojan on her machine, will her account be able to spam entire network?
Thanks for responding! Sadly the signal:noise ratio on HN really plummets when urbit gets mentioned. Zaphar's response is good but I'll go in to more detail (as I see it):
- bandwidth : there's nothing in Urbit itself to address this, but one presumes that if you host an urbit on EC2, you'd also be putting cloudflare in front of its webserver. More generally, if Urbit got even moderate adoption, the hosted-server companies would fall over themselves supporting it, because it's a new customer base for them.
- mail : Agreed, I would never want to run a mail server, on urbit or anywhere else, due to how convoluted it is. However, Urbit uses a federated addressing system that would make spam unprofitable. Read their page on identities if you want details, but the short version is that full-fledged identities on the Urbit network cost a couple of bucks, and it is assumed that anyone who spammed from one would get blackholed before they recouped the investment.
- social : From a user's perspective, I think the big difference between Diaspora and the-yet-to-be-made-facebook-clone-on-urbit is that the latter is not the only thing you can put on an urbit. It's unlikely that Urbitbook would be so popular that anyone would run out to host an EC2 just to join it. But Urbit is supposed to be useful in and of itself. And if it does take off on its own merits, it seems very likely that a self-hosted social media clone would be one of the popular apps.
- viruses : Urbit is designed to be essentially impervious to malware. (Which is not the same as saying it is impervious - kind of depends on whether the people who architected it are as good as they think they are. I'm not qualified to weigh in on that.) In a worst-case scenario (say, your whole urbit got bitlocker'd), recovering would require you to a) get your hosting provider to restore from a backup, and b) notify your "galaxy" (your parent in the distributed network architecture) that you have lost continuity, and convince them that you are your urbit's rightful owner. That last bit would be nontrivial (because this is exactly how someone would go about stealing your identity) so it is assumed that the most galaxies would have stringent requirements, or if Urbit is as stable and unhackable as its supposed to be, not allow it at all.
I don't think the acerbic swipe at HN here was merited; as threads about programming environments go, this one seems pretty high-signal, with less flamage than any of the recent large threads about Go or Rust.
If your expectation about threads for Urbit is that they center on its real-world applications or potential, the project itself has done you no favors. It doesn't so much beg as howl madly for the kind of meta discussion that dominates this thread.
That's a fair point, I was complaining about past Urbit threads, which sometimes spend a lot more time on the founder's weird-but-irrelevant politics than on the technical merits of the project. I expect and welcome flaming about why it's built the way it's built! I would so love a big deep thread between the urbit devs and some really smart people who have deep misgivings about its architecture, because the outcome of that would help me decide whether it's worth investing time learning hoon.
You say his politics are irrelevant. I disagree: the only person in the world who probably has a complete picture of what this system is meant to be is Yarvin, and there are troubling indications that his political principles influence the design. See, for instance:
But that's neither here nor there, because this thread hasn't really centered on his odious politics, but rather on the dubiousness of its design and the steps the team has taken to conceal the basic details of the design behind a wall of obfuscation. We generally don't like distributed systems that go out of their way to make themselves harder to reason about.
I'd further add that a lot of basic support Urbit receives on places like HN seems premised on the idea that there's something intrinsically novel about it. But that's not so: overlay networks are a relatively well-trodden topic in CS, including overlays based on what we used to call "mobile code", including functional mobile code overlay networks.
I'd like to see more discussion of decentralized overlay networks, including compute overlays, on HN. I find it unfortunate that all those discussions for the past year or so have more or less been captured by this goofy system.
shrug As you like. If whoever wrote Jira revealed that the reason "stories" and "bugs" and "epics" all have the same default fields was because he thinks capitalism is better than socialism or what have you, I would entirely ignore it, and I don't think I'd be any poorer for it.
I would also wish for more projects in this vein. If something came down the pike with similar aims but minus the spooky political baggage and the eccentric syntax, believe me, I'd subscribe to their newsletter. But AFAIK there is nothing in the offing even remotely similar to urbit other than urbit.
That's because Jira is just a bug tracker. None of us need any assistance understanding the implications of a bug tracker, even one as sprawling as Jira.
> - bandwidth : ... More generally, if Urbit got even moderate adoption, the hosted-server companies would fall over themselves supporting it.
I am highly skeptical -- the Wordpress has pretty high adoption, and it is useful for "non-techy Mom", but there are very few companies which support wordpress integration, and if they do, it is at a much higher price (bluehost: $3/mo regular hosting, $20/mo wordpress hosting)
> - mail : ... full-fledged identities on the Urbit network cost a couple of bucks, and it is assumed that anyone who spammed from one would get blackholed before they recouped the investment.
This blackhole mechanism is very much like spam problem, so it has all the usual questions: Is it going to be managed by someone? Does identity get un-blackholed after some time with no spam? Can you pay $$$ to make this process faster? Can someone blackhole whole galaxy? What if your computer gets malware which spams other users on your behalf?
I am not asking for immediate answers to these questions, I just wanted to point that having "federated identity" will not fully solve spam problem.
> - viruses : Urbit is designed to be essentially impervious to malware. ... In a worst-case scenario (say, your whole urbit got bitlocker'd), recovering would require you to a) get your hosting provider to restore from a backup, ...
That's not the worst case scenario. The worst-case scenario is bitlocker reaches in your urbit (via whatever mechanism you use) and encrypts all the your data there, slowly over time (so your backup is corrupted, too) and starting with least-recently accessed files first, to minimize chance of early detection.
Looks like in this situation, your only hope is that your hosting provider kept your backups, and this is not guaranteed at all. So basically not much better than existing self-hosting systems.
Note: I have not actually checked, but I suspect that Urbit may keep all the previous versions of the files around. This will help against bitlockers, but:
(1) Is there a mechanism to permanently remove data, say because you accidentally uploaded 25GB blue-ray movie? If yes, this is what bitlocker will use.
(2) Are you sure that every user will have different urbit credentials and admin credentials to the hosting provider? Because if not, then bitlocker will ssh into your hosted machine and damage the files directly.
(3) There are other things other than bitlockers. Malware will use your account to send SPAM, use your webserver to sell illegal drugs, use your CPU to mine bitcoins, and generally make a botnet out of your urbit.
> Wordpress has pretty high adoption, but there are very few companies which support wordpress integration, and if they do, it is at a much higher price (bluehost: $3/mo regular hosting, $20/mo wordpress hosting)
What's stopping you from getting the $3/mo package and installing wordpress yourself? The pain of learning how to administer and secure and update it, right? Urbit is (or claims to be) painless enough that you would install it yourself and not need to do any maintenance afterward.
> This blackhole mechanism is very much like spam problem, so it has all the usual questions: Is it going to be managed by someone? Does identity get un-blackholed after some time with no spam? Can you pay $$$ to make this process faster? Can someone blackhole whole galaxy? What if your computer gets malware which spams other users on your behalf?
This is all up to apps and users to handle. If you did write an app that defaulted to "accept messages from anyone" then you'd need to include some sort of "report spam" feature in it I suppose, but I think it's assumed that most apps would just ignore unsolicited messages. You could also do more nuanced rules, like "Ignore messages from accounts that are less than a week old; if the account is older than that, you can show me one message, but ignore any subsequent ones unless I respond to the first one." Up to the developer of the app.
> Looks like in this situation, your only hope is that your hosting provider kept your backups, and this is not guaranteed at all. So basically not much better than existing self-hosting systems.
"Your hosting provider might not do a good job of managing backups" is a) well outside of urbit's purview, and b) something I thought was pretty much a non-issue these days.
> Are you sure that every user will have different urbit credentials and admin credentials to the hosting provider?
At the end of th day, urbit is just an executable. You log in to your shell, you run ./urbit, and you tell it what to do. Anyone who can log in to your shell can run your urbit and tell it to do something you don't like. So of course you need to keep your login and password safe, and the host OS needs to be secure, and so forth.
But, if the claims of the people who made it are true, it should be impossible for J. Random Cracker to send a message to an urbit over the network that makes it do something bad. Not "we think we found all the buffer overflows" impossible, I mean "mathematically proven to be impossible" impossible. That's why they rewrote the thing from the ground up in such a hokey way. Whether they succeeded in, or whether that claim is laughably deluded, is something I'm hoping someone much smarter than me will definitively determine someday...
> Urbit is the server-app-container thing that would make my non-techy Mom want to pay $5/mo for a hosted server instance.
> Want to see what Bill Smith is up to? finger bsmith. Want to argue about politics? talk.politics. God, how simple things were!
> Urbit is designed to be essentially impervious to malware.
... and we ended up with:
> but one presumes that if you host an urbit on EC2, you'd also be putting cloudflare in front of its webserver
> If you did write an app that defaulted to "accept messages from anyone" then you'd need to include some sort of "report spam" feature in it I suppose,
> "Your hosting provider might not do a good job of managing backups" is a) well outside of urbit's purview,
> So of course you need to keep your login and password safe, and the host OS needs to be secure, and so forth.
So what are then advantages of urbit over, say, wordpress install with some plugins? So far I have heard:
- Universal identity system for other urbit users
- Automatic application update
- Some subset of security bugs has been eliminated
- Simple application installation
Wordpress (with plugins):
- Has OAUTH and facebook/g+ auth plugins
- Has auto-update functionality
- Written in PHP, which entirely eliminated at least buffer overflow bugs and concurrency bugs from the user-written code.
- I can find EC2 images with wordpress already installed -- just create a machine based on them and you are all set! And wordpress provides somewhat easy interface to install new plugins!
And apparently neither Urbit nor wordpress take care of the hard stuff:
- How to set up backups and make sure they will not fail 6 month in (and no, most hosting providers will not do this automatically for you)
- How to prevent malware on your personal computer from destroying all your digital life
- How to prevent SPAM while still allowing messages from people you did not know before
- How to monitor the server and fix it (restart?) when it fails
- How to select the hosting plans to optimize cost for the resources you want to use
Now, you may say that urbit does [will do] much more that wordpress, but so far you have not mentioned anything like that. Your original comment mentioned: mail server, minecraft server, and apps that "let you upload a file to the cloud and they let your friends access it". Wordpress does the last one, and from I understand, urbit will not be that great for the first two ones.
So it does not make sysadmin's life much easier, nor does it give you some killer features you cannot find anywhere. What's the point then?
Dude, it's an os, a container, a thing you write and run apps in. You want it to select a hosting plan for you and help you if you forget the password to the box it runs on?
Look, if you're a hacker, and you've got some time to kill, just download it and run it and spend an evening with the "Getting started" doc and writing a little bit of hoon. You'll figure out what it is and what it might be a lot faster than by asking questions on a forum. And if you're not, ignore it, it is nowhere near being useful for end users yet.
urbit won't necessarily solve the personal web server costs too much to run piece of this although with the right specialized for urbit hosting provider it is solvable.
urbit does help solve some of the mailserver woes though. Since identity is a first class citizen spam is theoretically more controllable. No one can spoof an address in urbit because your address is cryptographically verifiable. If your urbit get's blacklisted you lose a real investment so it's in your economic interest to not be a bad citizen.
urbit in theory will make distributed true peer2peer social networks possible in a way that the traditional attempts have not. Mostly because they move identity ownership out of the application and into the networking stack itself. In urbit you own both your identity and your data and can run any application you want against them without having to give up your control over either of them. No one can pretend to be you. No one can remove your ability to login or access your data. The most anyone can do is refuse to accept networking traffic that comes from you. They can ignore you and that's it.
In urbit a social network can have automatically sharded data by user since allowing each urbit ship to store that data but still use the same social networking application to operate on it really is trivial.
Keeping the software updated on your urbit is automatic and done without interrupting service. Maintenance is almost non-existent.
No more scary than when you use apt on a debian machine to keep things up to date. However this time you have the added benefit of being able to rollback to a previous version of the software with the same ease and also of being able to trace the source of your software to a cryptographically verifiable entity.
1. Has a limited subset of people who can upload packages. Becoming one of these people is hard.
2. Has strict rules about package quality. A detected attempt to upload malicious package will cause uploader's privileges to be removed.
3. There a is trusted group of people who have the authority over all packages and who can remove the bad ones. Anyone can contact them and point out that the change is malicious, and they will listen.
4. There are enough people who look at the package changes who will detect malicious packages.
None of them are true for Chrome extensions / urbit code (unless there is something I have not noticed):
1. Anyone with (google account | urbit identity) can upload packages.
2. There are no rules about package quality (until recently, google support did not care about ad injectors for example).
3. There is no trusted third party to deal with bad packages (again, until recently google support did not care except for most obvious cases)
4. Since number of packages is so high, and it is for "everyone", most package changes will never be looked at.
All of your points in favor of debian's system really only apply if only use Debian's official package repositories. Something that you can absolutely do in Urbit as well. Nothing says you have to pull packages from every possible location out there. Urbit can absolutely have it's share of official repositories of applications with the same quality and safety guarantees that Debian has. And indeed many of the apps you get already come from a default official source. The star or galaxy you got your ship from.
It wouldn't, it'd use them. My urbit will keep my blog content in a database, and on my command, compile me a bunch of html pages and send them to surge.sh.
Re: getting started with social media. The first step is to continue to use Twitter and Facebook using their APIs, from inside my urbit. Scooping up posts from my inbound feed, and/or using the POSSE model:
Interesting, I appreciate this explanation from an "outsider". This actually sounds very similar to what I recently posted[0] on the sandstorm thread. Also, something I picked up from that thread, but haven't looked into much myself is Cloudron[1].
They're certainly less, um, ambitious than urbit, but sound like they might be on the same continent. At any rate, I really agree with the vision: "Imagine if every man, woman and child had their own server. Nothing fancy, just a cheap ECC instance or DigitalOcean droplet or something."
> ...all of these server applications would have to be easy-as-an-iphone to set up and administer. Right now, such apps don't exist, because there's no market for them. But if the market were there, millions of people with hosted servers just sitting around, you can imagine how quickly they'd get made.
I don't know about this. People have phones and computers, too, but we still have gmail instead of personal mail servers, and we still have reddit instead of usenet. As a developer I definitely prefer serving web pages to shipping iphone apps (never mind physical CDs) because the deployment and maintenance stories are so much simpler. In other words, even if millions of personal servers existed already, why would a developer prefer to write Self-Hosted!Instagram instead of just Instagram?
> why would a developer prefer to write Self-Hosted!Instagram instead of just Instagram?
Because urbit is designed to make that an easy thing to do. Say you've got a webserver, and you want to put a picture of your kid on it, but you only want the server to serve that picture to your Mom. On unix, that's really complicated, you need to do a lot of things to make that happen - not just implement a web app that includes authentication and give your Mom a new login and password to memorize, but also configure the web server properly and make sure your server is locked down and stuff like that.
On Urbit, that would be really easy, the equivalent of "mkdir mom; chmod +r mom; mv pic.png mom", because it abstracts away things like cryptographically verifying identities in the same way that unix abstracts away sending a file to a printer.
One thing I really want to know is what data can apps access. Is it like most phone apps where my data in one app is secure if some random game would like to read it?
Do the apps or the users manage security choices like these?
They want the ease of use and security of a phone OS and app store, but they also don't want the data stuck in separate silos. I'm not sure if the idea is to have isolation between apps like iOS has or what.
1. What is Urbit?
I'm not involved with it and don't speak for the devs, but this always comes up, so I'll just explain in plain terms what I think Urbit is, or what I hope it will grow up to be. Urbit is the server-app-container thing that would make my non-techy Mom want to pay $5/mo for a hosted server instance.
Imagine if every man, woman and child had their own server. Nothing fancy, just a cheap ECC instance or DigitalOcean droplet or something. What would they do with them? Well, host a webserver I suppose, maybe a mail server, maybe a Minecraft server, stuff like that, right? But, these would have to be accessible to non-sysadmin types, so all of these server applications would have to be easy-as-an-iphone to set up and administer. Right now, such apps don't exist, because there's no market for them. But if the market were there, millions of people with hosted servers just sitting around, you can imagine how quickly they'd get made.
What about a social media? At a high level, every social media app is essentially the same app - they let you upload a file to the cloud and they let your friends access it and they show you ads. The differences between Twitter and FB and Instagram and Snapchat are nothing more than differences in how those three features are implemented. So why do they all use the cloud? Because there aren't a million people with server space just sitting around on which to host their IG pictures and FB arguments and Twitter profundities. But if there were, a good self-hosted social media app would make a lot of sense to build.
Urbit is intended to shortcut this chicken-and-egg problem by making a container in which it is easy to build those things. My Mom can afford a hosted server, but she has nothing to run there. If there were great things to run there, like a Facebook with no ads and a webserver with no hassles, she might rent one. Urbit is intended to be the thing in which those great apps are easy to build.
2. Why I want it
Those are all abstract reasons why something like urbit might succeed. As we all know, the mark of a good startup is not whether you can explain why it might succeed, it's whether there are users who want to use it right now. Well, I do want to use it, but it's hard to explain why. I'll take a stab at it.
If you're over 40, you may remember getting your first shell account. Wasn't that the shit? You want to host some files for colleagues? Just make a directory, chmod it to world-readable. You want to run a web server? Go ahead, and don't worry about security, the only people that can see this are inside your college/company. Want to see what Bill Smith is up to? finger bsmith. Want to argue about politics? talk.politics. God, how simple things were! Playing with Urbit feels like those days to me. It makes a handful of things, like identifying users and sharing files between them, trivial. You could probably write a Twitter clone in less than 1K LOC.
Or at least you could, if Urbit does everything it says it does. That's a big if. Which brings me to...
3. Isn't it really weird and fucked up?
Yes. Oh yes. It is incredibly eclectic, the fevered result of an insane genius toiling away in obscurity on his dream project when he wasn't busy writing interminable political screeds. It is an attempt to combine a bunch of things (a ground-up OS, two new languages, and a novel networking architecture) that might be too much for such a small team. The Hoon language is weirder than you've heard. Some people swear it's great once you get used to it, but the docs are sparse and I haven't invested the effort. And if you do invest the effort, it could well be that it has non-obvious architectural flaws that will doom it to be a buggy mess for all eternity. And on top of that, the founder is primarily known for political rantings that are... well, not racist per se, but close enough to get Urbit boycotted by the sorts of people who boycott obscure open source projects due to things in the founder's blog.
But if it fails, I really hope someone builds something less weird that accomplishes the same thing, because at the end of the day, I want it. I want a cheapo server with a cheapo self-hosted Twitter clone and a cheapo self-hosted FB clone, and I want to share pictures of my kids with my Mom without running them through some enormous corporation's billion-dollar machine-learning advertising algorithm, and I want to host my own website and server apps without taking on "sysadmin" as a night job. And it seems like, right now, Urbit is the fastest way from here to there.