Hi HN. I am the co-founder of the project. If you are interested in how the protocol works under the hood, start here: https://docs.radicle.xyz/ Docs are still WIP though.
I read the documentation and this stands out to me:
> Radicle repositories, which can be either public or private, can accommodate diverse content including source code, documentation, and arbitrary data sets.
If this is, basically, a peer-to-peer file sharing application, what part of the protocol handles dealing with abuse?
Otherwise, how is this different from the previous generation of file sharing applications (BitTorrent, winny, etc) where people just share arbitrary copyrighted content like movies, songs, software, etc?
I feel like a few bad actors will ruin this?
Can you partition your “personal” network somehow, so you can use it with absolute confidence your not participating in anything illegal?
One of the key ideas is that each user chooses what repositories they host via pretty fine-grained policies. This means you can easily block content you're not interested in seeding, or simply configure your node to only host content you explicitly allow.
You can also choose which public nodes to connect to if you'd rather not connect to random nodes on the network; though I don't expect most users to go this route, as you are more likely to miss content you're interested in.
Though Git (and thus Radicle) can replicate arbitrary content, it's not particularly good with large binary files (movies, albums etc.), so I expect that type of content to still be shared on BitTorrent, even if Radicle were to be popular.
You can already use it with git-annex to store binaries using the git-annex-remote-git-aafs[1] special remote.
Although I would be careful and make sure you understand what it is doing to your branch namespace. Even though in the worst case it would not save any space over directly committing binaries, they are in orphan branches that can be pruned without rewriting history.
But even so, you can just use any number of git-annex special remotes to bypass using git for sharing files.
They may eventually add first-party support for git-annex. But nothing is stopping you from using it now.
Did it not? I would consider Bittorrent traffic to have a very high risk of being blocked or viewed as suspicious, and as a result almost never gets embedded in other use cases. Even the simple use case of using torrents to have peer-to-peer delivery of software updates has flopped.
It looks like there’s still an Arch Linux BitTorrent tracker; maybe I’m out of touch but I think this is not a very uncommon way of distributing distros (?).
Granted, you've found the one (and only?) notable exception to the "no legitimate torrent use cases" rule that I can think of. :)
And this has a legacy roughly as long as BitTorrent itself. The fact that BT never established a footing in other use cases (even those where you would think it would be a great solution) is telling.
I had forgotten about this, this is an interesting exception.
Windows Update also allows the user to opt in to use a non-bittorrent protocol for peer-to-peer delivery of updates to other Windows users. But of course, it's not true Bittorrent.
That’s fair, I never got into torrenting for illegal purposes but even I had the feeling that we were acting as the thinnest veneer of legitimacy when torrenting distros, haha.
so it's the same as cloning a repo locally, auto updating it, and exposing a mirror to the world?
how will this not devolve into freeNet fiasco when popular repos start to go wild on content?
edit: i see from the finance thread you will likely take on maven/npm/etc with crowd hosting+funding so I'm now more curious how cheap it will be for bad actors to push intentional malicious content, since now it's mostly about cost of having consensus over the mirrors
Fascinating project!
I'm curious what's the business model? it's listed on Crunchbase that you raised 12M$ so I'm assuming you do have plans to make money?
Curious as well. Searching around I found this documentation on their ecosystem [0], which may shed some light on the organization structure. It may be they are organized as a DAO? From the intro:
> Radworks is a community dedicated to cultivating internet freedom.
They do not shy away from cryptocurrency technology, though AFAICS that is not directly applied to the Radicle project. Another project of Radworks is Drips [1], to help fund open source.
Hi. While not actively looking for replacement to proprietary services s.a. Github or GitLab, from time to time I'm asked about an alternative.
I'm all for a distributed self-hosting solution, so Radicle is definitely hitting the mark here, however:
> Linux or Unix based operating system.
For the kind of project I have to assist with, this would be a deal-breaker. Since the code seems to be in Rust: do you intend to make it available to MS Windows? (I took it for granted that Mac OS is included in the Unix family, right?)
If not straight-up support for MS Windows, then maybe an MSYS2 port?
----
To give some background: I'm not in charge of decisions like service vendor selection, and we are talking about a quasi-government organization with substantial open-source code base that is currently hosted on Github. I.e. sometimes I might have a chance to pitch a particular idea, but it's not up to me if the idea is accepted. They are quite motivated to make their work as resilient to private vendor policies as possible as well as try to "do good" in other ways (i.e. sustainability, breadth of the outreach etc. -- a typical European gov. org :) So, Github is... obviously in conflict with such policies.
While there are other gov. agencies tasked with archiving or networking support, they seem to be woefully incompetent and / or outdated, as well as often falling for the vendor-laid traps (eg. the archiving service went all-in after DataBricks not even realizing it's a commercial closed-source product). So, I wouldn't have high hopes for the org. to be able to leverage a self-hosted solution. That's why a distributed solution looks great.
However, they wouldn't be able to use a tool that doesn't work on major popular PC systems.
Hey there. Yes, Windows support is something we'd like to have, but focusing on less OSes is helping us ship faster. In principle, there shouldn't be any issue in porting to Windows, but since no one on the team runs Windows it would have been hard to ensure things are working smoothly. If there is demand though, we will certainly start allocating time towards it.
It's just a somewhat better integrated VM with all the shortcomings that entails...
Having to deal with individual users of various software I'd sometimes resort to using WSL, but this isn't an always acceptable way.
To shed more light: some of the users of the system I'm talking about are hospital researchers. These people are very limited in terms of choices they can make about their computers. While it could be possible sometimes to convince hospital's IT to install / enable WSL, this won't work all the time esp. because it, essentially, allows too much control for the otherwise very restricted user over their workstation. MSYS2 here has an advantage that everything can be packaged as a single program (Git is distributed in this way for example), which makes it easier on the org. IT. In principle, WSL can be used that way too (iirc. Docker does something like it), but you'd still need a bunch of Windows-native wrapping for things to work (i.e. I understand that there needs to be at least one service process that does the peering).
WSL is great so long as everything you need to do runs inside its VM. If you need to access things on the main Windows filesystem, you're basically accessing a networked file system at that point, with all that entails for perf.
I won't reveal anything about our finances, but the current code base is a little under 2 years old. We've worked on the general problem for over 4 years in total though. The team is around 12 people, split between protocol, cli, tui, web and content.
The product is set to launch this month, so we're just starting to onboard users, but many people in the community are already using it, and we've been using it internally for about a year.
My question wasn't about your "current codebase". It was about Radicle. It was launched 6 years ago, and for some reason it's always about to onboard the first users when crypto is on hype :)
An idea doesn't take off -- totally normal, but how on earth can you fund Radicle for such a long time with no users? You can even throw it away and rewrite it! What's the source of funding for Radicle ?
Asking because you seem to be best at getting the idea funded, not really actualizing it.
I might take your comment more seriously if you a) put your name behind it and b) dropped the “just asking questions bro” shtick when you obviously have some sort of axe to grind with this project.
Sorry, this is sketchy. If you're not clear about your revenue generation and finances, how do I know your project isn't just about harvesting as much user data as possible?
Open-source projects obviously need to pay the bills, but if you're not clear on how you are achieving this or hoping to achieve this then there's really zero trust in using this.
It's peer to peer, anyone using the protocol is entitled to share and collect as much data as the protocol permits, and the founders have no more power than any other user.
It's way less sketchy than anybody operating a server and asking you to trust that they're doing so responsibly--which is pretty much everybody.
I don't think that everything can or should be made zero-trust. But if this can, then that's a win.
The alternative isn’t just some random person hosting a random server.
It’s dealing with a company where you agree to a policy that describes how they can use your data. That means you have legal recourse if they violate that agreement.
It also means you know who actually has your data which isn’t the case with these federated networks. Every entity that has your data on their server is another entity can use it in a way you don’t agree with
On top of that, the alternative solutions are pretty clear how they make money.
If you're powerful enough to have a lawyer for such things, then I guess that's a significant difference. But for most of us, your description of the alternative is indeed tantamount to "some random person hosting a random server". And you're right that federated designs are susceptible to bad behavior on the part of the server admin. I assume that's why the radicle protocol guide (https://docs.radicle.xyz/guides/protocol) has a section differentiating P2P from federated.
I don't know these people, maybe they are indeed up to something nefarious, but their design is inherently more trustworthy than federated or hosted solutions. If I must chose between transparency into finances and a nonhierarchical design which presents no high value targets for corruption to focus on, I'll take the better design over the financial transparency every time.
If they turn out to be actually shady I can just configure my node not to talk to them or their friends and keep on using it, which is a lot more than can be said for most of the alternatives.
Besides, it's a publishing platform. What is this "your data" you're talking about? The whole point is to spread it far and wide and to collect contributions from far and wide.
i really like the website and application design, bc so many oss projects often completely falter w/ visual design, and while this is a superficial thing, beautiful design makes me want to interact w/ a project more :)
also, i'm curious, what kind of adoption were you anticipating (some time ago and now) and did the result align with it?
I do remember Mango! I didn't actually try it out, but we had experimented with Ethereum and IPFS in the past, and it wasn't a great fit for a code collab platform due to performance and cost.
It would be neat to define the radicle repo as an input to the flake for a project which used radicle, that way you could add it to the devshell and you'd have pinned the version of radicle to your project such that running "nix flake update" updates that project's version of radicle along with updating its other dependencies (this, among other things, is what having a flake.nix at your repo root makes possible).
A workflow of this sort doesn't need nixpkgs at all, but it does require that the nix flake input handler knows how to fetch from radicle repos. I'll try it a bit later today, but I'm guessing that this will require a change to nix before it works.
Although maybe this approach is cheating because it's relying on https and not some kind of hash-linked P2P magic (which would definitely require modifying nix to make work). I guess there's something similar to the IPFS gateway going on: somebody is hosting a bridge into radicle space. It would be interesting to get this working without dependency on that bridge.
Anyhow, modify your project's flake accordingly and your version of `rad` will track with that radicle repo. No curl-to-bash required.
Yeah, Nix's fetchGit just calls out to git; which is great for seamlessly handling weird SSH setups and the like.
Nix itself has a plugin mechanism, but its rarely used (since it can harm reproducibility; and TBH that seems to be the only reason to use it, for those very rare situations that it's desirable)
I'm interested in this, but I noticed a base58 hash on the page. I'm not really interested in crypto. How much could I use this product without adopting crypto? Is this attached to some digital currency like ipfs or is it independent?
There are lots of potential intellectually stimulating research projects. Why code repositories instead of like, a video game? Why not harness the same manic energy into something that already existed? Like the kind of person who can be sincerely passionate about source code repositories, why can't that kind of person then be passionate about literally anything?
Let's say you had $12m, with the requirement that it be spent on an "interesting problem." What would you spend it on?
These guys picked "distributed source code repositories, with a client idiosyncratically written in Rust and idiosyncratically built with a cryptocurrency idea." Why?
I agree it's intellectually stimulating. But besides that, is there a reason they are particularly passionate about distributed source code repositories?
Thing is, building UIs to clone GitHub is a huge grind. It's not anything anyone asked for, and there aren't any innovations there. Then building all this infrastructure and documentation is also a grind. Then this is a grind, and that is a grind, and you add up all this stuff that is kind of a grind. So you have this original... radical of an interesting idea, that is intellectually stimulating, but then you have to do all this work that is a grind, and it's like, why?
So in my experience there's someone back there who has a certain manic energy, an ability to focus on doing this grind. There's no audience, so there are no bug reports, so it can sort of be all work channeled into product development just for the psychic satisfaction of pumping out GitHub UI clones, documentation, install scripts, infrastructure, documenting and evangelizing a "protocol" etc. I mean that's 90% of the work right? So why not harness that manic energy elsewhere?
I'm not making a judgement, but I'm trying to figure out where the sincere excitement lies. Like if you are willing to put up with this grind, you can also contribute 1 feature to Git, which already exists, and that could get 1,000,000x the adoption and be 1,000,000x more impactful. I don't know. So it's not about that. It's not about growth growth growth, or whatever.
If you have the manic energy to do any mundane task, like if the authors don't really care about which grind it is or how much it is, why not channel it into something else that maybe they are more passionate about? Like who is sincerely passionate about distributed source control, but hasn't already found their proverbial tribe in the many, many places where you can be excited about something like that?
I bring up "video games" because it's stereotypically the thing the quiet kid who suddenly becomes very wealthy doing something meaningless (sorry, that's true about distributed source control) and then now, he has the money to do whatever he wants, so he funds a Diablo clone or whatever. It's only a half joke. But it's like, why? Why this?
Of course one answer is that, for many people, they see $12m as Finally My Payday. They'll say or do anything to make that happen. If it happens to be that their lane is Authoring Idiosyncratic Computer Science Research Projects, that's what will be related to getting the payday. If that happens to be their lane because they look like a guy who plays Diablo and drinks energy drinks and is good at math and has manic energy to program cryptocurrencies... okay. That could be true.
This is just a colorful comment. But I think there's something more sincere there, and that's what I'm asking for, and unfortunately there is a way to tell in writing if someone is or is not sincere, versus just trying to keep their payday, and that's the risk with exposing yourself to the community, and that's fine.
It’s simple: I don’t want my code and code collaborators to be using a platform owned and controlled by a third party. Just like I don’t want my OS or text editor, kitchen, furniture, clothing, books or music to be controlled by a third party that can decide to take it away whenever they see fit. Code and open source are integral to my life, as are the other things cited above, and therefore I’m uncomfortable with the idea of using github for the forseable future.
As it happens there are many others like me, and this helps fuel our excitement and drive to get this out there.
> I agree it's intellectually stimulating. But besides that, is there a reason they are particularly passionate about distributed source code repositories?
I’m surprised the answer isn’t obvious to you, yet again maybe I shouldn’t be as I suspect you’re a nocoiner.
Distributed decentralized anything is fundamentally about censorship resistance. Understanding that, for me, make the answer as to why they are passionate about distributed decentralized version control … they are concerned about coming censorship attempts on software, which honestly seems pretty likely given the current authoritarian direction of western civilization in general.
I’d also speculate that your perception isn’t shared by everyone based on the large number of upvotes on this submission.
For me it is not only about censorship resistance, it is also about having everything stored in git (so you loose nothing if you decide to move around) and about easy way to be a node itself (you installed Radicle? Congrats, you're a node in the network - you participate, you help, you extend. You can make a permanent node with domain name but you're already a node once you installed Radicle and started the node daemon).
It is this radical idea that everyone can easily be an equal participant in the network and that they have power over what they want and don't want. Open source nature further helps you to adapt things - don't like our web UI local-first interface? Build your own one or adapt ours to your need.
Thank you for sharing your work and great to see more attempts on the same problem. I am one of the maintainers of the Radicle project.
The main problem we encountered with similar systems that rely on blockchains / dht for storage is the problem of 'blockchain poisoning'.
This is when someone deliberately adds illegal content to an append-only source in hopes to make the sole act of replicating the project legally problematic, as correctly pointed out by Konstantin Ryabitsev of the Linux foundation with regards to a previous version of Radicle that was relying on IPFS. see https://radicle.community/t/the-radicle-social-model/317
I think you could add moderation to a project like this much the same way you can add moderation to a centralized project. You don't need to be as heavy handed as "community voting", you could just have each client nominate a moderator who is able to append instructions to ignore content that the client would follow.
Under this model, every user (or project) can choose their own moderators, which means you don't have to worry about other parts of the community having different ideas for ideal moderation - each project/user can subscribe to the moderation feeds that they like, and ensure that they get a clean experience.
This type of moderation is actually an upgrade from centralized systems, because it is much easier to nominate new moderators if you don't like what the old moderators are doing.
Considering the illegal content is added by someone who has access to the repository. The right way to address that would be via community voting, which then can decide to hide it from the platform since the data is permanent on Arweave.
This governance workflow will enable the community to make such content policies.
I think that you are confusing two things. An airdrop with "free money" and an actual experience with community points and collectibles (like badges) that you mainly earn.
People currently pay Reddit real actual useful money (dirty fiat) for stupid shit... so if they instead say "You can buy these things for Posting Points, earned whenever you get t3h upd00ts", well, I expect people in poor countries to start posting like mad in the hopes of getting Posting Points which they can resell to Americans and other people with more money than sense.
> well, I expect people in poor countries to start posting like mad in the hopes of getting Posting Points which they can resell to Americans and other people with more money than sense.
For what it's worth, that actually happened but with real money instead, there were entire local economies in Macedonia and other countries simply financed by the advertising income of "fake news" sites: https://money.cnn.com/interactive/media/the-macedonia-story/
