vvpan2 hours ago
In my opinion decentralization and protocols is really the final frontier in software. Sure, we've got AI, but from what I've seen so far it does not alter the scales of power towards individuals. Protocols do. Everything else feels like noise or thinly veiled monopolization.
Edit: actually thinking about it - at the bottom of much of it is identity. We need new identity solutions for the protocols.
pbreitan hour ago
I always thought SMTP would make a good webhook delivery protocol.
andai2 hours ago
What prevents 100 Billion ChatGPTs from using any protocol?
css_apologist2 hours ago
cost, and we can create policy (shocker)
also what specifically are you worried about these 100 billion chatgpts doing?
coldtea43 minutes ago
Cost is irrelevant if they get more out of doing it than the processing costs.
bigbuppo9 minutes ago
Do they get more out of it than it costs, or are they still in the "people are just giving us money in the hopes that one day it turns a profit even though we're not charging nearly enough to make a profit" phase?
kgwxd2 hours ago
Nothing, and that's fine.
iamnothere2 hours ago
Nostr provides both identity and protocol.
treyd31 minutes ago
It provides a very fragile identity system and a very unreliable and inefficient message delivery protocol.
iamnothere12 minutes ago
Care to explain what you mean by “fragile”? It is cryptographically sound.
I agree that the delivery protocol could be more efficient, but use of JSON is a tradeoff that provides good extensibility and easier parsing (many well seasoned libraries exist in almost every language).
ebiesteran hour ago
Consider - why did Discord or Slack win over IRC?
It turns out it's very slow to evolve a protocol. How long did it take for IRCv3 to handle channels having persistent history? How about channel takeovers via network splits? We knew these were problems in the 20th century but it took a very long time to fix.
Oh, and the chathistory Extension is still a draft! So is channel-rename! And account-registration?
And why is it still so painful to use Mastodon?
That's but one of many examples. Consider how the consolidation of HTML and HTTP clients was the only way that we ended up with any innovation in those services. People have to keep up with Chrome who just does their own thing.
I want to want a decentralized world governed by protocols, but good software that iterates quickly remains the exception rather than the rule.
gorjusborgan hour ago
All you've said here is that you (and many others) have shown in the past that they've valued convenience and rapid feature development over freedom and stability.
That is good to understand, but when that trade starts causing issues, it is important to remember that there was a trade made.
We aren't as stuck as we think we are, unless we decide not to reevaluate our past choices.
Gigachad12 minutes ago
Yes, essentially everyone on the planet was willing to trade some freedom for chats that work on mobile or could send images.
Matrix has shown how incredibly difficult it is to make a modern service in a decentralised way. Requirements like preventing spam become immensely difficult.
bigbuppo7 minutes ago
Put another way, the services need us more than we need them.
shabatar39 minutes ago
Totally understand, I am all for decentralized world too. In reality tho most ppl just choose whatever works fast and ships fast and more production-ready I guess, no drafts. Would be great if the world sees an opposite example, by far centralised approach just worked better
giancarlostoro2 hours ago
The whole replace Discord thing is something I've been thinking about since 2019 and building my own IM platform since 2007. I hear people pitching every platform under the sun, but the one that I think has the most potential is XMPP. I've been building a modern client, nothing worth showing yet, but eventually I'll slap it on my blog and do a Show HN, for now it supports very basic XMPP primitives, adding friends, setting statuses, messaging friends, simple stuff.
Back in the late 2000s and early 2010s Google and Facebook supported XMPP, so you could login to Facebook Chat / Google Talk via Pidgin through an XMPP gateway (if if this was the default protocol or a bridge I'm not sure, its been years).
The biggest strength I see for XMPP is that because the web and even enterprise (think banking etc) uses XML too, everyone's optimized the ever living crud out of HTML so you could get some very high performance libraries to churn through all those stanzas, but also more importantly, its an extensible protocol. There's no reason it cannot have half of the things that exist on Discord, without disrupting the protocols OOTB design, because unlike IRC and other competing protocols, its extendable by design.
quadriuman hour ago
The best part about XMPP, or rather "protocol not service" as the OP discusses, is that you can go beyond the intended use case of it.
My favorite example - Arista network switches can be clients on an XMPP server. Control plane's have to be very slim. XMPP enables someone with a network operator to apply wide, symmetrical configurations across a network, without repetition. You can add the "core" switches to a group chat, and query them for information simultaneously.
Found an example article: https://jonw.mayhem.academy/arista-switch-wrangling-with-xmp...
You would never see Discord as a control plane management option, nor a Slack, Telegram or Signal option. But if all or a group supported XMPP, there would be a low resistance avenue for that (if someone really wanted it).
As it stands, we have product lock in due to each service having it's own system, with limits on interactivity. So I won't be cross-channel quoting outage causes directly from the switch in the company Slack any time soon.
fishgoesblub2 hours ago
Oooh, a new client! between Fluux[0], Spaces coming to Movim[1], and now this, the XMPP ecosystem is getting exciting again.
RadiozRadioz29 minutes ago
> The biggest strength I see for XMPP is [...] XML
It's an advantage, sure, but to me the serialisation format is the least interesting thing. Others are similarly optimized too. I think the extensibility and approach to standards is far more interesting than the fact it uses angle brackets instead of braces.
codr723 minutes ago
Are they still sending the entire stream as an element? Thereby making dealing with that xml a lot more painful than it needs to be.
Back in the days, I had to write my own parser, existing xml parsers couldn't handle the case well.
glenstein2 hours ago
Please do show it off when it's ready! Three cheers for XMPP and the return of protocol oriented thinking.
WD-422 hours ago
There is another thread about self hosting an XMPP server today
ZiiS2 hours ago
I think the comparison today is more vs the Matrix protocol that is a more recent take at the same ideas, and JSON vs XML isn't the strongest argument.
rainmaking14 minutes ago
oh please do show it! I love XMPP and the clients are few and far between. Does it do jingle?
candiddevmike2 hours ago
XML isn't a strength these days, IMO.
dpe822 hours ago
It's a perfectly reasonable choice: flexible, well specified, well supported, reasonably performant. I think the extreme level of hype 20 years ago was overdone and (just like with anything) there's good ways to adopt it and bad ways. But as a basic technology choice, it's fine. Particularly these days when you can have a coding agent write the parser boilerplate, etc. for you.
wolrah6 minutes ago
> It's a perfectly reasonable choice: flexible, well specified, well supported, reasonably performant. I think the extreme level of hype 20 years ago was overdone and (just like with anything) there's good ways to adopt it and bad ways. But as a basic technology choice, it's fine.
Absolutely with you up to here, but...
> Particularly these days when you can have a coding agent write the parser boilerplate, etc. for you.
Absolutely not. Having seen the infinite different ways a naive implementation of XML goes wrong, arguably being one of the main causes of death for XHTML because browsers rightfully rejected bad XML, "Don't roll your own XML implementation" should be right up there with "Don't roll your own crypto".
I don't feel like it's going out on a limb to say that if someone needs to defer to a LLM to implement XML they're not qualified to determine if it's done it right and/or catch what it got enthusiastically wrong.
stickfigure2 hours ago
XML is much better than JSON for document-oriented data like messaging and web pages. Use the right tool for the job.
Gigachad4 minutes ago
IM messages aren’t really documents. They are text with some very minimal formatting that could be expressed with markdown. Any media attached isn’t embedded in the document, it’s attached externally / rendered at the bottom.
The only example I can think that messages are expressed as documents is Microsoft Teams. And it’s as much an example of what not to do as anything.
coretx2 hours ago
XMPP was the first creep towards the bullshit of today. Unlike IRC, it makes you register, leak identifiers, centralise and transfer power over you to third parties. Exposing you to lawfare, downtime and wasted resources. Also, IRC is extendable.
ikesauan hour ago
> You cannot require age verification on IRC, XMPP, ActivityPub, Nostr, or Matrix, because there is no single entity to compel. Each server operator makes their own decisions. A government would need to individually pressure thousands of independent operators across dozens of jurisdictions, which is a legislative and enforcement impossibility.
I'm very much sympathetic to the post's argument, but I think it should be acknowledged that this kind of claim has an implicit "(for now)" at the end.
The legal system doesn't have good mechanisms for dealing with problems that it hasn't needed to deal with yet, but if most people moved to encrypted & decentralized protocols for communication, it doesn't follow that laws couldn't be amended to give governments powers to legislate or police it at scale if deemed necessary by some sufficiently powerful group (an autocracy, a voting bloc, a national security service, etc)
So I guess the other implicit piece is that one hopes the technological change comes with cultural change to our political expectations - once people get used to privacy and autonomy, they resist efforts to erode those rights again.
Best of luck to everyone advocating for this! Really hoping to see a lot of thriving communities post-Discord in the coming years.
PretzelPirate2 hours ago
They use the email example, but if Google bans me, my identity is also banned and that may be how people contact me.
We also need decentralized identity so my identity can exist independently of service providers, but still be owned by me and not an impersonator.
vvpan2 hours ago
The underlying problem to both protocols and non-protocols is identity. Gmail works because Google owns the identity and acts effectively as a proof of humanity.
To go on a tangent - I think that more people having personal public key pairs (via crypto) than ever is actually a positive direction. Atprotocol is another big player in identity at the moment, just as long as "can't be evil" mechanisms are kept alive and have good UX.
voxic112 hours ago
You can use a custom domain that you own with gmail. But of course domains aren't that great either as they are only somewhat decentralized and it's still pretty easy to lose your domain.
Seattle35032 hours ago
Identity is "infrastructure" government should provide via something like mDLS. A lot of work needs to go into make sure it is secure and it can be used in a way that protects privacy. Eg selective disclosure of attributes for verifying age. Pairwise pseudonyms for identity when your online identity doesn't need to be tied to you real identity, which is most of the time. Something like that would go far in dealing with sybil issues in decentralized systems, which is often the source of a lot of headaches for system designers.
drdaeman2 hours ago
Only as a last resort. If possible, governments, just like any other organizations, should have absolutely no say about anyone’s identity.
They (like any other entity) can attest, but such attestation should hold as few of any special value as possible.
davidgay28 minutes ago
> Only as a last resort. If possible, governments, just like any other organizations, should have absolutely no say about anyone’s identity.
An unusual position, as historically governments have provided birth and death registries [0], passports, identity cards, etc, etc
[0]: or, earlier, in the West at least, the church
Seattle350327 minutes ago
We've seen ~20 years of people trying to solve identity without the government. We've seen plenty of solutions that can provide stable identities over time, but we haven't really seen anything that provides meaningful sybil resistance. As computer systems become more and more "autonomous", sybil resistance is increasingly the most important feature of any identity system. Any identity system that doesn't solve that problem pushes to the application layer, where it usually has UX impacts that have serious tradeoffs with adoption.
jrm42 hours ago
So, (especially after watching Bluesky / ATProto) I'm increasingly convinced that this is not a problem that needs solving.
Email is still a protocol, and the thing that ATProto is doing causes as many problems as it purports to solve.
Mostly because "decentralized identity" is still "identity." And the safest way to do identity is to have it be destructable and remakable on the fly.
cortesoft2 hours ago
> And the safest way to do identity is to have it be destructable and remakable on the fly.
It might be the safest, but it defeats lot of the purpose of identity. There is a reason it is a hassle to change your email address... so many services are tied to that identity. You can change it, but you have to change every service that is relying on it as your identity, and you still have to own your old email so you can prove to the service that you are the same person.
I am not sure how you could ever avoid this problem? The purpose of an identity is to be able to tell that one request is made by the same person who made a previous request... persistence is a requirement.
paulddraper2 hours ago
That exists in the form of domain names.
Which for reputable TLDs is permanent, outside illegal activities.
watermelon02 hours ago
Country code TLDs are also reputable, but you might lose access if you move or if something happens to the country.
wilg2 hours ago
atproto has a very elegant decentralized identity solution imho https://atproto.com/guides/identity
vvpan2 hours ago
Atproto identity is going in the right direction but I hope they go in that direction harder. For example plc.directory (maps DID to public keys I think?) is heavily centralizing force.
laurex2 hours ago
Especially protocols that allow us to get out of the services entirely! (local first, peer-to-peer). This is the frontier tech I'm interested in right now, not AI (though they might be eventually compatible).
[deleted]an hour agocollapsed
matheus-rr2 hours ago
The protocol vs service distinction matters most where version lifecycles create lock-in. When you depend on a service, you're at the mercy of their deprecation timeline — Heroku free tier, Google Reader, Parse. When you depend on a protocol, the worst case is you switch implementations.
The identity point in the discussion is spot on. The missing piece in most protocol-first architectures is a portable identity layer that doesn't just recreate the service dependency at a different level. DIDs and Verifiable Credentials are trying to solve this but adoption is glacial because there's no compelling consumer use case yet — it's all enterprise compliance stuff.
The XMPP vs Matrix debate is interesting but somewhat misses the point. Both protocols work. The reason Discord won isn't protocol superiority — it's that they solved the 'empty room' problem by piggy-backing on gaming communities that already had social graphs. Protocol design is necessary but not sufficient; you also need a migration path that doesn't require everyone to switch simultaneously.
throwaway133372 hours ago
The importance of this cannot be overstated.
LLMs are making software easier to write and releases are increasing. The app stores that were not seeing an uptick last year are now showing the uptick in releases. It is happening.
This means software will be more competitive and lower margin. This sounds like doom but it's actually great. Great for consumers. Great for indie devs that want to compete against big companies. Their margin is your opportunity.
Meanwhile, the kinds of early adopters that you're looking for are very conscious of enshitification and lock-in. So the best way to reach them and get talked about is through making software that the big VC-backed companies would never write.
The winners will be one-man companies who understand and respect their customer. Open protocols show your users respect and could be a great differentiator.
therein2 hours ago
> Great for consumers.
Yeah, I also love my data uploaded to public Firebase buckets.
throwaway133372 hours ago
The implied faith in large organizations to handle your data securely is interesting.
srdjanr34 minutes ago
If I had to choose between a large organization and a single person vibe coded app, I'd choose large organization.
WD-422 hours ago
"one-man companies" and "open-protocols" doesn't make a lot of sense. I mean maybe there's a super small chance that one person vibe codes an outstanding protocol definition that the rest of the developer community decides to adopt, but that is vanishingly small bordering on laughable.
Vibe coding is not the answer to every problem.
throwaway133372 hours ago
When I started coding, the web was just getting started.
I wanted to code in a 'real' language like C. I didn't respect the web technologies. I do now.
It's disservice to yourself to not use the tools available to accomplish your goals. I know the anti-AI sentiment is hot and sometimes for good reason. But there's value here, too.
As for open protocols, there are really two paths. You follow an open protocol that is already out there. Or you can, if you already have some success in your niche, open your SaaS up to be communicated with which can be the start of an open protocol.
With my own software, I'm making it easy for a user's LLM to interact with my software while not providing the AI tool myself. Through a copy markdown button that instructs the LLM how.
This isn't quite an open protocol but has some of the properties of them. It allows people to build integrations ad-hoc without much work. It is on their terms, not mine.
Right now, this seems to be the most ergonomic and transparent way to get integration that allows the user to be in control. And, for my own consumer perspective, the way I hope things go.
Now is a terrific time to be the change you want to see in the world.
hirako20002 hours ago
We keep trying to fix this by building better, more open, interoperable services. The deeper fix is decoupling the Identity Layer from the Application Layer. With cryptographic proofs (e.g signing), we shouldn't be logging in to a Discord, or an alternative; we should be associating our cryptographic DID (a Decentralized Identifier, a public key) with a community.
What about applications? federations, or better: relays, would put an end to censorship. Encryption would put an end to surveillance. Cryptographic signing would improve authentication and security at wide as there would be no stored passwords to leak.
Until then, "protocols not services" will remain a privilege for the technical elite.
superkuh3 hours ago
The Freenode to Libera incident is a great example of how using protocols allows for a community to mitigate most damage from bad actors both external and internal. I'm not saying damage wasn't done by Andrew Lee during his attempted coup. IRC as a whole lost many important FOSS projects due to Lee's channel take-overs. But most of the community of daily users just moved to the new digs and continues to carry on.
gjvc3 hours ago
why would you hedge yourself with a double-negative here? It was because of (open) protocols and not services that people could easily decamp and setup afresh.
Interoperability has always been paramount, but gets so easily forgotten.
adolphan hour ago
None of this could happen with a protocol. You cannot require age
verification on IRC, XMPP, ActivityPub, Nostr, or Matrix, because there is no
single entity to compel. Each server operator makes their own decisions. A
government would need to individually pressure thousands of independent
operators across dozens of jurisdictions, which is a legislative and
enforcement impossibility. And even if one server complied, users would
simply move to another.
iamnotherean hour ago
The interesting thing about Nostr (vs each of the other options listed here) is that it works perfectly fine over sneakernet. And that has been impossible to block throughout the world, even in some of the most oppressive nations.
Since the spec includes identity, content (in multiple formats), and authenticity/integrity, this makes it superior to nearly all alternatives for offline use. Once you know someone’s key, you can verify that content comes from them, however you manage to obtain that content.
0xdeadbeefbabean hour ago
I'm using TCP/IP how about you?
0xdeadbeefbabean hour ago
We already are. TCP/IP makes it all possible.
moralestapia2 hours ago
If your "protocol" runs over IP (which I doubt you can avoid these days) it doesn't make much of a difference if it's HTTP or whatever.
deadbabe2 hours ago
Let me get this straight: is this article saying we should have some kind of AI protocol where work is distributed across all peers in a network in order to process prompts, creating a sort of decentralized AI model free for all forever?
Could workloads really be broken up and distributed like this among many peer machines?
engelo_b2 hours ago
[dead]
EGreg2 hours ago
When it comes to AI, I would say
Use Workflows and Policies, not Agents.
Agents is what they called programs in the Matrix. They were not helpful. Trusting AI Agents is dumb. And Agents can go rogue.