General Scalability

21st · May 8, 2018, 4:20pm

Hey,

I have a couple questions regarding scalability.

How feasible would it be I every user would run his/her own pod?

Is it possible that one user has, let’s say 5 million followers? If yes, how to calculate the resource requirements?

Cheers

grumpy-podmin · May 8, 2018, 5:20pm

It’s similar to having every email user run their own email server. The level of complexity and resources doesn’t make sense. It’s not so much the “one person with 5 million followers” problem, it’s the “5 million people with 20 or 30 followers” who all have individual servers. 5 million interconnected servers doesn’t make nearly as much sense as 5 million people distributed across, say 1000 or 2000 servers.

I don’t want to discourage thinking big, but the amount of stuff that goes into running a pod doesn’t scale to one pod per user. Super tech-savvy people can run a single-user pod, but not mainstream users.

It’s probably interesting to hear what you think the benefit of this system would be, or what risks you think are mitigated this way.

21st · May 8, 2018, 9:31pm

I have a couple of concerns.

privacy
identity theft
which pods to trust
persistence
costs

Well as far as I understand all the data you share with a pod is visible to the person that controls it.

I didn’t have a look into the architecture yet, but I guess it would even be possible for a pod owner to impersonate your identity, is that correct?

These two concerns lead to the issue which pods to trust. Lets say there are currently 100 pods running, somebody could just spin up 900 more, which don´t even need to be 900 physical servers but just a little networking magic, if a new user randomly picks a pod there would be a 90% chance to end up on a malicious one, if I am not mistaken.

My next concern is persistence. Given a pod is run by a random person, what guarantees do I have that the pod will still be available in the future.

My last concern are costs. As far as I understand there is no way for a pod hoster to monetize or charge for the use of the pod. I pretty sure a lot of people initially like the idea of hosting a pod, but I don’t see a long term incentive of running a pod.

What is the issue of running a single user pod other than setting it up and maintaining it? Lets say every single user pod would have a dns name, couldn’t you just add friend via their dns and query their pod every once in a while or connect to a socket?

goob · May 9, 2018, 5:24am

Many pods solicit donations – there is even a donate button in the core code that podmins can activate. And one pod, Diaspora Europe, has even started requiring payment from people when they sign up: https://diasp.eu/users/sign_up So that certainly is possible.

None that I’m aware of, except the problem of a lack of data when you first set up a pod. You have to put in some effort to make connections with accounts on a variety of other pods before your new pod will pick up data from them.

But not everyone (me, for instance) feels comfortable with the technical demands or commitment of running a pod. And so some kind people have made the pods they have set up available for others to use. That enables a lot of people to use Diaspora who otherwise wouldn’t be able to.

But setting up a pod is open to everyone willing to put in the work. So anyone who isn’t willing to trust any of the people who run open pods with their data can get up their own pod.

The key word there is ‘if’. And that’s a big if. If someone did this, it’s likely to be picked up pretty quickly by some of the more astute podmins. And that knowledge would get spread around. If this malicious spam-podmin had registered all their pods with Pod Uptime of the Federations stats site, I’m sure the owners of those two sites would remove them all so that people coming to sign up to Diaspora wouldn’t be presented with the malicious pods at all. And it’s pretty likely, if it’s clear someone was attempting to do something malicious, that a majority of podmins would block those pods from communicating at all with theirs, so the malicious pods wouldn’t be able to pick up data that way, even though the data a remote pod that doesn’t have any ‘sharing with someone on my pod’ accounts can pick up is public posts, which are available to the who internet in any case.

None. There can be no guarantee. What is freely offered can be taken away. The best guide to future performance is past performance. A pod that has been run successfully without breaks for several years is likely to continue.

grumpy-podmin · May 12, 2018, 11:25am

Let’s take them in turn.

Privacy: Your data is as private as whatever person or company runs the servers. If you pick a server off a random list off the internet, you are picking a random person to trust. Diaspora is for things you want to share. So the main issue you’re hoping for is that only the right people see it and the wrong people don’t. Your podmin will always have access to everything you share. Will they bother to look? Who knows. Will they violate your trust and share your data with someone you didn’t intend? Possibly. A podmin might share your data for lots of reasons:

They might screw up. Running a diaspora pod is a complex operation, and podmins are just people. They might accidentally misconfigure something so that items become public when they weren’t meant to be. It’s not super easy to do, but it’s not impossible, either.
They might be approached by law enforcement. If your pod is run by an individual, they probably don’t have the motivation, lawyers, time and money to fight a law enforcement request. So if law enforcement come request data, they are likely to turn over the data that law enforcement is requesting.
They might be tricked. If your name is John Doe and your email is john.doe@example.com, someone might go get a very similar looking email like john.doe@yahoo.com and email the podmin saying “hi, it’s John. I’m locked out of my account, can you reset the password to Fluffy123 for me?” and the podmin might do it, granting access to your stuff to the wrong person.
The podmin might be malicious or indifferent. Maybe they like snooping amongst their users’ things. You don’t know.

Identity theft: Diaspora is not really robust against identity theft. If you are john.doe@example.com, there’s nothing stopping someone from going to the example.org pod and getting a john.doe@example.org account there. There’s nothing stopping them from stealing public pictures from your john.doe@example.com account and posting them and pretending to be you. This is just like email. You might be john.doe@gmail.com, but there’s nothing stopping someone from registering email addresses john.doe@yahoo.com or john.doe@icloud.com or whatever and pretending to be you. In this sense, Diaspora is no worse and no better than any other system.

Which pods to trust: This is just like email, web sites, and everything else: how do you know who to trust? Simple answer is: you don’t know. You take your best guess. Facebook has industrialised the extraction and sale of private details. Diaspora is tiny and insignificant by comparison. Your average podmin can’t do what Facebook does. BUT they could. The limiting factor is desire, technology, and time. There’s nothing about Diaspora that stops a malicious podmin from mining the data that people post. Nor is there anything that stops someone from creating a pod that has Facebook-style terms and conditions. Again, because most diaspora pods are run by volunteers, not companies, the security and maintenance of the servers themselves will be hit-or-miss. So a badly-run server could get hacked, and maybe it starts trying to install malware on your PC when you connect to it. There’s no real way to know in advance.

Availability: You have no more expectation that the pod will be here tomorrow than you have of anything else. You have to get to know the podmin and figure out whether they (like me) run their pod as a best effort with no guarantees, or whether (like some others) you’re paying them and you have some expectation of a service in return for your payment.

Costs: Most are free or nearly so. But caveat emptor (buyer beware). Make sure you know who and what you’re paying for.

Part of the attraction of Diaspora is that you’re not dependent on nameless, faceless companies who have no interest in helping you. The fact that pods are small and you can get to know the proprietor of that pod actually helps you establish trust that impossible with MegaCorp®, Inc. The flip side of the organic, artisinally managed servers is that they’re not all the same, and they’re not managed with perhaps the same industrial efficiency as the mega corporations. There will be bumps and hiccups and idiosyncracies.

21st · May 15, 2018, 8:21am

Hey,

thanks for your extensive feedback! All my questions are answered.

Have a good time

WilliUebelherr · May 27, 2018, 7:54pm

Dear Paco, i think, you don’t connect to the ideas of 21st. But also he create a false connection, because he args with followers.

If every user have his own server, for diaspora, blog or email, only his posts and data is there. The data of the followers are on there own servers. Only the links to the data-pools of the followers, and reverse, are on our server pool.

This is not a question of quantity. It is more a question of symetrical transfer capacity in the connection of the telecommunication,

The question to scalability in general and specific is very important, because it is directed to our future. It is the perspective of strong decentralisation also in the space of telecommunication.