-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open source the server components of Keybase #24105
Comments
Please! Very much please! |
This seems like an important step in Zoom retaining the value that they paid for in the Keybase acquisition. (admittedly, only Zoom know's what is best for Zoom's value) |
facts bro |
2020 strikes again, I’m really bummed because I have integrated keybase into my workflow heavily over the years. Back to rolling my own again. This one hurts. |
There should be "nothing to hide" regarding the server(s) implementation. I'd imagine the worry is that once technical users (probably the majority of the userbase) can self-host their own infrastructure, there's no need for a company to exist. That being said, I'd still happily pay a small monthly fee for a hosted server even under the circumstances of the acquisition. I'm still preparing to move my documents to another place though. And have been since Keybase became a day to day tool for me, since their business model, and thus any promise of sustainability, was always nonexistent. |
There would still be a demand for one central company that is the go-to place for those who don't want to set up their own server. Typically, one of the biggest drivers of demand for a "we host it for you" company like that is when organizations set it up themselves and then decide, after a period of time, that self-hosting isn't worth the trouble anymore. They become more likely to become customers when they know that they could, in principle, go to another vendor or host it themselves if absolutely necessary -- but if they're getting good service, they won't ever leave. So, +1. I hope Zoom makes the decision to open source the server code. I'm not privy to all the factors that went into their Keybase decision, but from what I can see from the outside, it would make a lot of business sense. |
A "feeling" in the keybase community is Zoom purchased keybase for all the smart crypto-nerds who wrote the platform to help them improve the security of the Zoom application + platform. This is all pure speculation though. (and somewhat based on the language at the end of the keybase blog post) Lets keep +1'ing this issue to show there is a lot of support in the keybase community for open sourcing the server components. If Zoom has good intentions, and are only interested in the skilled developers who wrote it... there is a chance they might agree to opening the server components. |
Zoom could achieve a big win here. |
ghost.org exists keybase server could exist too while still open sourcing the code |
I agree, many other open source businesses exist too. But I can imagine the angle would be that Keybase is a tech product for technical users. Still, I don't like the hassle of self-hosting and I'm sure many share the same sentiment and would prefer to pay for sustainability. |
A thought occurs: are there any unknowns that would prevent one from implementing their own backend by reverse engineering the API calls from the client? Seems doable, if Keybase itself don't disclose the source. |
@Southclaws Possibly, but why not just contribute to Matrix / Riot instead at that point? |
You're probably right there. I didn't consider that because I never used the chat features of Keybase, just the encrypted Git and filesystem integration. |
Because it is your next VC funded disappointment waiting to happen? |
This. I believe this is the most difficult thing to replicate, and I think it's what most people want to be open-sourced. The chat is a sad loss, but there are a lot of good alternatives out there for that. |
For one, it's entirely open source. But why do you say it's VC funded? From their site:
|
Because it is. Matrix is developed by a startup called New Vector which has already taken multiple rounds of VC money. The Matrix.org foundation is only for the development of the standard, the development on Riot and other software is done by the VC-backed New Vector. The way that Matrix is positioning itself as the 'meta-protocol', bridging other protocols, slowly gobbling different services and communities sure feels like EEE to me. |
+1!!!! If the server source is available, this will allow for a federated group of keybase servers to come up. I personally want to use this as the foundation for a community hosted cloud services project. The community already use keybase as the primary source of community chat and shared files with the foundation of provable ID for members. We would love to self-host this as a service in full for the group and help others do the same in a simple, easy to maintain way. |
If someone knowledgeable and private can please contact me that would like
to help and/or make a difference with this project I can help you help me
fix it I hope. I cannot find a good friend that believes me, in that, I
have a lot of control via a computer genius and his files. Sadly, he is no
longer with me, but was an important role in the future of ai...
On Thu, May 7, 2020 at 17:30 Dan Shields ***@***.***> wrote:
+1!!!!
If the server source is available, this will allow for a federated group
of keybase servers to come up. I personally want to use this as the
foundation for a community hosted cloud services project
<https://github.com/Cryptorado-Community/Cryptorado-Node>.
The community already use keybase as the primary source of community chat
and shared files with the foundation of provable ID for members. We would
love to self-host this as a service in full for the group and help others
do the same in a simple, easy to maintain way.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#24105 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AKVHKYQRQLKW5VJ5EYYN3X3RQMY7VANCNFSM4M3SFNEQ>
.
--
TAMARA NUTTER
|
Not true. All the server side software, and more generally any project under the matrix-org organisation on GitHub, is owned by the foundation, which isn't directed by New Vector. In fact, all the work New Vector employees do on these projects is donated to the foundation. Only Riot and Modular.im belong to New Vector. And even then, Riot's open source, anyone can host it outside of the riot.im domain, fork it, hack it. If New Vector was to take a wrong turn at some point in the future, it wouldn't mean people wouldn't have access to a Riot that didn't. |
FWIW some folks in the Matrix community are experimenting with Git over Matrix, which makes sense since the structure of a Matrix room (a DAG) isn't unlike the one of a Git repo 😛 |
Gitlab opens their backend and still has a stable business with steady revenue from support contracts. They offer private hosting solutions OR support for self-hosted solutions. Bitwarden also open sourced the backend, and uses signed certs to open up certain features to paying customers. "Front and Back open but still making money" is totally viable. Our company would totally do a support contract with a proxy for the CCP. But anything more than a support contract is a no go... This really hurts a lot. I personally liked this app, would have paid for it. Our company would have paid for it. It didn't have to be like this. Another example of governance ruining a good project. |
There's a possibility (and this is purely speculation by an outsider here) that Zoom is looking at the potential to add a potential Slack competitor to their portfolio to provide an all-encompassing solution for remote work... you get the team organization and chat, along with video conference. |
I don't have much to say that hasn't already been said. I totally understand why you all sold the company. I don't hold any ill-will for that. That said, I think the community would've been really appreciative if we'd gotten some assurance that Keybase as we know it is not going to go away. I hope this acquisition ends up like Microsoft's purchase of Github. Lots of outrage at the beginning; 6 months later, all is bliss. We love Keybase. Many of us would be willing to pay for it. Please do not kill it off. |
I just want a private end-to-end encrypted git |
@kallisti5 Take a look of www.Maskbook.com www.github.com/DimensionDev/Maskbook and our approach to do it in a much more server less way. |
Have to say I was very disappointed and deleted my families keybase accounts already. I hope they do open source this, but really can't see it happening. |
Open source or mass exodus. |
Heh. You're obviously right! I was just attempting to whitewash Microsoft a little: in the sense that Microsoft is less evil today, compared to what it was, during, say, the early 1990s (before they restyled themselves as 'the Internet company' and gave up on MSN Network). |
Well... not really dead, to be fully honest. I have been reading a few past threads attempting to 'prove' that all work at Keybase stopped since 2020. Personally, I'm not quite convinced of its 'dead' status. The Keybase team only ever had three user accounts on GitHub, AFAIK. Probably there weren't more people working at Keybase. Who knows? 🤷♀️ If there were, they either were here incognito, or possibly didn't even use GitHub at all (but just a Keybase-enabled internal Git repository!). While it's true that most of the work going on are small patches and fixes here and there, made by community members who happen to have the right permissions for that, it's not that different from other open-source projects I've seen. There are a handful of commits per day — all minor things, sure, but it's not as if 'development stopped completely'. This, IMHO, would be enough of a pretext to go ahead with a reverse-engineered version of the Keybase Server — assuming, of course, that nobody is able to persuade Zoom to do exactly that. |
I wasn't going to read it eaither, but it was worth my time. I think the bottom line is, there is precedent to the idea that if the community starts working on reverse engineering the server, we may be successful in getting something that works - we may even be sucessful in getting Zoom to release some/all of the code if they see a fait accompli and/or if they identify a way to make the system profitable even with an open sourced version. |
This issue is like the youtube comments section of an old video. We still gather around once in a while to think about the good ol' days. Joking aside, I hope we have a solution/approach to this soon. |
While it doesn’t have all the features of Keybase (e.g. doesn’t have web hosting), I’ve migrated to Keyoxide which allows you to verify your online identities. |
@cherryblossom000 Note that this github issue is now long enough that you have to explicitly ask to see all the comments, including this one which has some more helpful insights on Keyoxide, i.e. that it "is an absolute mess of a UX", in stark contrast to keybase: #24105 (comment) It also has this advice, which mirrors several other comments here:
At the same time, I'll note that the recent anouncement of the shutting down of Keybase.pub (a web mirror of public KBFS files), as noted above by @kallisti5, actually underscores that the team is (contrary to many guesses in this thread) continuing to support Keybase in a relatively responsible way nearly 3 years after getting new high-profile work. So I for one continue to hope they eventually get back to either improving it or handing it over to a team that can and will. Since there still really isn't anything else as amazing as Keybase. |
There you go. I hope that powerful AIs are better at condensing my own words and still capturing the essence of it — because I certainly am not good at that! |
Hahah thanks for the AI-assisted summary @GwynethLlewelyn ! |
Glad you liked it, @huyz :) Still, I hope that the nay-sayers have seen the flurry of recent activity on the Keybase client in the past month or so. 4 pages of fresh commits! Like in the good old days, I'd guess? Oh, sure, some are merely routine chores, just updating things here and there, but others are not — bugs are getting fixed, compatibility issues are being dealt with. The developers might be silently committing old things and possibly not starting to do an insanely big change overall, but... they're back. Not asleep. I suppose the intense development they had been forced to do at Zoom has paid off; Zoom is now more secure, and they've been allowed to return to their 40-hour weeks (as opposed to the 120-hour weeks on the past few years!). Which is more than fair enough! I'm crossing my fingers, but I surely hope to see a few more things coming up soon. |
... well, open issues from 2017 have been fixed and are being closed now (just got some notifications). That's progress :-) |
I want to take a quick moment to look back at this statement from Dec, 2022:
It's almost like I have a crystal ball 😆 Rip keybase.pub |
Hey que pasa por que ocurrió?Open Go.2023 03 |
Do anybody have screenshots from keybase.pub? Can you describe how it was working? |
@nikow Archive.org has some of the pages archived. See e.g. https://web.archive.org/web/20221205121448/https://keybase.pub/ https://web.archive.org/web/20230208160820/https://chris.keybase.pub/ The announcement of it going away was on the web page which is no longer there. It said:
And indeed, the kbfs files are still there, so it is not a particularly significant loss.
|
Thank you @nealmcb. I was wondering if i can use kebase client/service and some Python to recreate service. If i success, maybe i will be able to get redirection to my domain from Their one? We will see. |
@nikow No need for Python even – should be totally possible by just configuring a webserver to read content from |
+1 to them open sourcing the server software. It would be beneficial to us, and them. |
This idea may be getting a lot easier (published 2020): Published 2023: Fun discussion |
--> "Please open source the server components to keybase." |
Adding my comments here before "they" close this thread. Please open source the server!!! If it is not open sourced, the community will eventually build their own server or alternative and move away from this project. |
@pushkin @nikow here's a thought: an interesting Gist that uses nginx to redirect all Markdown files through a static HTML page, which, in turn, will pull So, from the perspective of nginx, it's just serving a small, static HTML file as the "rendering engine", which will only need be sent but once, let the browser cache it, and then the rest can follow — all static files, mind you. Granted, that's something everyone can do for their own files, mounted on a low-end server (possibly just a VPS or even a cloud container or worker), which should handle everything nicely, under your own domain name. As a service to the community — even if it's a small one! — obviously all the traffic from the static files adds up. For nginx, it shouldn't be a problem though, and it scales well. But... traffic is traffic! So, here's a thought. We could apply to one of those very nice CDN giants out there who already host static files for gazillions of open-source projects. We might catch the interest of one that is a) already doing that kind of service for free for other services; b) is very security-conscious (because that's what Keybase is all about, after all), c) already uses nginx for their own backends, and d) already offers some sort of VPS/containers/workers so this would be an opportunity for them to show off their technology. Why, one comes immediately to my mind — Cloudflare :-) It's the kind of service that seems to be designed for them to offer! And by "offer" I mean exactly that — make it free. In 99% of the cases, in the Keybase community, whatever we're hosting will not be insanely traffic-intensive. Or, putting it in other words: individually, there will be little traffic per instance/container/worker. It's just when one adds all that together that the traffic may become more challenging. But that's exactly what Cloudflare is good at. And they've eagerly placed IPFS and Tor exit nodes on their infrastructure, too. Just, well, "because they can", not necessarily because either of those services is in desperate demand among Cloudflare's customers. All right, as a disclaimer, I should say that I'm an enthusiastic fan of Cloudflare (at least, at this stage, where they, as a corporation, are Still Doing No Evil; but we all know what happened to Google... and I was a fan of Google too, 20 years ago, and even more naïve than today), and thus can recommend their services — especially the absolutely free ones! — to anybody, with a clear conscience :) However, these days, among cloud services, there are lots of options to request such a service from. One notable example is the Cloud Native Computing Foundation (CNCF), part of the Linux Foundation. They could be a source of continuous funding of whatever infrastructure is needed for hosting not only keybase.pub — but possibly the whole of Keybase as well, if Zoom is willing to release the server components as open source and to allow their Keybase developers to work with the CNCF in order to migrate their infrastructure. Part of the Merkle tree is managed via the Stellar blockchain, anyway; that means that at least one major component doesn't require any new infrastructure to maintain. The Stellar Foundation is a non-profit that manages the (decentralized) Stellar blockchain using funds from donations — not necessarily from getting mining fees or by actively engaging in cryptocurrency day trading — which means that our collective history will remain there for anyone to see, even if Keybase stops providing any services in the future. This has some interesting consequences for whatever future lies in store for Keybase (both as a company and a service) — after all, you might be able to recover all that (encrypted) history without requiring everybody to relinquish their personal accounts and start from scratch with new ones on a different service... |
Perhaps all this energy should be redirected toward the Signal project? |
I use Signal, but these are not at all interchangable. |
I loved keybase mostly because of the cool file gateway thing via keybase.pub. Now that keybase.pub is shut down, honestly signal is a pretty good alternative if you're not into matrix. Signal's client + server are open sourced too. (though, the server is java 🥴 🤮 ) I've personally abandoned any hope that Zoom will open-source the server component at this point. |
Teams, fileshare, github, identity. No, Signal is not an alternative. |
No one is saying it's an alternative today. Think potential |
Is there any alternative to keybase with server part opensourced ? Indeed I want to use this software for private cloud use. |
Replacing Keybase with Signal is, mmmh, how should I put it... essentially restricting Keybase to one of its many useful features, namely, 'encrypted advanced chat/messaging'. While that is certainly one of Keybase's many uses, and possibly the most popular feature in the client (and the one that still gets many regular updates here on GitHub!), it's not the only thing that Keybase does well. While I have Keybase chat always open (one of the few chat apps that I'm willing to have 'always on'), and certainly love it, I think that reducing Keybase's usefulness and interest just to 'yet another chat' is, well, unfair. Also, it's highly likely that the core server components are all written in Go. Signal is written in Rust — a completely different programming language, conceptually alien to Go's simplicity, and which would require a profound amount of work to backport. Granted, the client application is Electron/JavaScript, and that could certainly be integrated into Signal, but I would think that Signal already has pretty good client applications and doesn't need another one. This, of course, is just my humble opinion. There are a few tricks and technologies which are similarly employed by Signal and Keybase, namely, the Double Ratchet algorithm for keeping track of cryptographic signatures. The implementations, however, are quite different, and very likely incompatible. Notably, Keybase's backups are stored on the Stellar blockchain (formerly on Bitcoin's!), but it's conceivable that it could be stored on any blockchain supported by Go. Signal implements its own representation of a Merkle tree. Strictly from a conceptual point of view, Keybase's environment is more advanced and allows many more use cases than Signal ever does (or will do). Granted, it's arguable that what Signal does, it does very well, and possibly in a more robust and efficient way than Keybase (which was not designed to support hundreds of thousands of simultaneous users in text chat) — I don't know, I never did any benchmarking, I'm just assuming this to be the case. |
All fair points. Signal does 5% of what Keybase did. There are no real alternatives (unless someone improves the UX of keyoxide.org), which makes this whole bug cut deeper. |
There's an uproar in keybase chat about the purchase of Keybase by Zoom.
Statements like this "Ultimately Keybase's future is in Zoom's hands, and we'll see where that takes us." scare the keybase community and will drive away the more technically minded user-base.
Please open source the server components to keybase.
While the Keybase client is open source, and handles all of the encryption + decryption, the server component that streams chats, file transfers, etc between users is not. Keybase will not function if Zoom shuts down the (currently closed source) server component.
This act will help ensure the long term stability of the keybase platform in-case keybase's future is bleak at Zoom.
The text was updated successfully, but these errors were encountered: