General Knowledge
« English »
updated: 2023-01-25
(‘IM’ → ‘chat’)
In order to see the picture of reality, there are concepts that we must understand. Below, I shall introduce as briefly as I can these basic concepts.
Reality ≠ Marketing
Perhaps from the page I introduce about E-mail, you might came to realise that the term ‘cloud’ came from the marketing department - way off the reality of the real infrastructure. If you still can’t figure it out yet, allow me to spell it out here:
CLOUDS ARE IN THE SKY,
HERE ON THE GROUND, THERE ARE ONLY ELECTRICAL CIRCUITS AND MEMORY DEVICES.
In reality, the international-connected-network or internet, is a system of computer that are connected together all over the globe. The thing that are called ‘clouds’ here are servers - machines that serve infomation for humans when we access the infomation network by our client machines.
I think if we keep using these abstract & inaccurate terms to describe reality, we as a society will go down a path of confusion in the already overwhelmingly & hectically documented world of the IT sector.
Infomation Structure
Just like math only ever have two fundamental operations of minus and plus, IT only ever going to have two fundamental structures for every system to be based on, regardless of size:
- Centralized.
- Federated.
The internet system in nature is a federated system. Meaning info are
not gathered at any one particular point. Every individual have the
right to upload content of their own and have the right to access info
at (or @
) other places and quit any time one wishes.
This website is an example of that. Because I can design it however I wish, update and|or delete it whenever I wish, and no one can officially stop me publishing my content if I am not doing anything illegal. Most importantly, I have no right to restrict you from accessing other websites.
The E-mail system is also another example since we can contact
anyone, regardless of where we and our partners had previously signed up
for the E-mail address. Thus an account
@trung.fun
can send and receive mails with an account from
@yahoo.com
or @gmail.com
or anywhere else in
the space of the internet.
However, once we sign up to a chat service with closed sourced software owned by some company, this means that we are using the internet as a centralized system. The reason is because these company will force us to communicate only with accounts within their private system. So the account that we signed up at WhatsApp is not able to talk to the account at Telegram or Zalo or e.t.c….
In other words, we and our relatives have unintentionally give away all our communication details, and our rights to an organisation that we don’t really know who the real owners are; let alone figure out their motif behind the info they gathered from us.
Below is a figure to help visualize this centralized internet system:
Client(d₄) Client(c₄)
↑ ↑
· ·
↓ ↓
Client(d₁)←·→Server(D)←·→Client(d₃) Client(c₂)←·→Server(C)←·→Client(c₃)
↑ ↑
· ·
↓ ↓
Client(d₂) Client(c₂)
Client(a₄) Client(b₄)
↑ ↑
· ·
↓ ↓
Client(a₁)←·→Server(A)←·→Client(a₃) Client(b₂)←·→Server(B)←·→Client(b₃)
↑ ↑
· ·
↓ ↓
Client(a₂) Client(b₂)
Notice that Server(A) is not communicating with Server(B) or Server(C)…
Source Code
IT devices can be seperated into 2 parts: hardware and software. Software only ever exists inside hardware. Hardware are stuff in the physical world. They are keyboards, mouses, LED|touch screens, speakers, computer processing units (CPU), harddrives, memory cards, e.t.c…. If there are only hardware, these things have the same value as industrial waste.
To manipulate these digital hardware, we « the humans » have to write software.
Software are built from source code. Source code are what humans write to tell what the machine do what the humans need to be done. Software with open source code means anyone can read what the machine is going to do when the software is running.
This concept is actually the norm in the physical world. Because when we buy any kind of products, we can always pull out your measuring instruments and do our own calculation to verify if the stuff we’ve got is actually what we paid for.
In the past, when I chose to run software that are closed source or proprietary, no one apart from the people who wrote the software really knows what the machine is going to do when I run the software. Perhaps it is minning ₿itcoin for someone else, or turns on the camera, or turns on the microphone, or looking at the finnancial details, or do god knows what.
When I understood this simple fact, I had no choice but to switch to use software with open source code. With these open software, I can always verify that they would do what the advertisement claims they would do. And it’s not just silly me, these software are constantly being monitored by comunity all over the globe to verify, improve and update.
Free Software
‘Free’ in ‘Free Software’ means freedom. Not free price.
Freedom in software is a concept defined by a gentleman named Richard Stallman. The definition has 4 points:
- The freedom to use the program for any purpose.
- The freedom to study how the program works and change it to do what you wish.
- The freedom to redistribute and make copies so you can help your neighbor.
- The freedom to improve the program, and release your improvements to the public so that the whole community benefits.
Point (1.) and (3.) are what defines the term ‘open source’. Hence libre or free software are open source. But open source software does not necessary means free software.
All software @trung.fun
are free software.
Protocol
Protocol is how software shakes hands with one another.
You are reading this site over the HTTP or the HTTPS protocol. Software on my server shook hand with your web browser before serving the content that I prepared prior to this event over one out of these two protocols.
Open source chat software shake hands with each other in the style of XMPP.
XMPP
‘Extensible Messaging Presence Protocol’ short as XMPP is an open protocol. This is the international standard for instant messaging, short as ‘chat’. Previously known as Jabber (I think its easier to say).
Because XMPP is an open protocol, it is on goingly being developed and improved by people all over the world. XMPP has the same structure as E-mail. Below is a figure that describes the federated system of E-mail and XMPP:
Client(a₂) Client(d₁)
↑ ↑
· ·
↓ ↓
Client(a₁)←····→Server(A)←·····→Server(D)←····→Client(d₂)
↑ ↑
· ·
Client(e₁)←··· · · ···→Client(f₂)
· ↓ ↓ ·
··→Server(E)←·····→Server(F)←··
· ↑ ↑ ·
Client(e₂)←··· · · ···→Client(f₁)
· ·
↓ ↓
Client(c₂)←····→Server(C)←·····→Server(B)←····→Client(b₁)
↑ ↑
· ·
↓ ↓
Client(c₁) Client(b₂)
As you can see, all the Servers are communicating with each other here. Hence all users can communicate freely in this system.
In other word, just like E-mail, the account you signed up
@trung.fun
is going to be able to talk to the account
@jabber.org
or @yax.im
or any other accounts
that use this protocol.
XMPP also is much less hectic because between client-server and server-server all the software are talking using the same XMPP style contrast to E-mail that do all kinds of funky dance.
Most of the ‘big tech’ companies that are providing chat services with proprietary source code also used to be part of the XMPP federated network. Big names are Yahoo Messenger by Yahoo, Messenger and WhatsApp by Meta (FaceBook), Google Talk, e.t.c.…. These companies used to open up their services for users to communicate with other XMPP accounts. Now these gates are closed.
Security
Just like E-mail, the entity you should watch out for when using an chat service is again your very service provider. If you don’t encrypt your messages from your machine, it is equivalent to letting your service provider constantly eavesdroping on every word you have to say.
When you use a proprietary chat service with closed source software, chances are these companies will be advertising the crap out of their security features for their users anywhere, and everywhere. But because they are closed sourced, there is no way you yourself can verify these advertising claims. All you have to do is close your eyes and take the leep of faith. 😁
Contrast to this, there are plenty of open source software using the XMPP protocol. When you use these open source software, you can verify freaking everything. Also because it is an open protocol, you don’t just have one way of encryption but three depends on which software you choose to use.
Firstly, there is OTR, short for ‘Off The Record’. This tech allows you to verify the person you are chatting with are really who they claims to be. Sound very good, but I think in reality it’s a little too hectic and lack a few of essential features like encrypting files and offline messages. I think this thing had it’s time.
Secondly, there is OMEMO, short for ‘OMEMO Multi-End Message and Object Encryption’. This tech is very convenient for mobile devices because it uses the unique identity of the device to create the encryption key. Most client program will generate the key for you when you sign in the first time. All you have to do at most is click a button and use it. This tech even allow you to choose which device the receiver can read the message you send. You can also do group chat with this technology. The disadvantage here is that you can still loose your phone if all your communication depends entirely on it.
Thirdly, there is OpenPGP, same tech that you would use with your E-mail. The disadvantage here is the size of the messages you send & receive. They are a bit big. Thus I recommend using this method only when you are doing 1v1 on a desktop.
To verify any encryption methods above, play the role of an attacker and log into your own account with any other client software.
You can check out this page from Conversations to compare between the three technology:
(Honestly there are no clouds anywhere.)