疏解北京非首都功能 2600余家商户迁至天津超级市场群

Perhaps the vendor of a successful centralized technology just can't imagine anyone else doing what they do and keeping up with them, or doesn't want anyone else to start imagining that. If you look at other developers as those who help drive you forward and vice versa, rather than looking down on other developers as as those who hold you back, then openness, collaboration, and federation start making a lot more sense.

The only thing it brings, is user/customer lockin.

What progress has WhatsApp brought? It pinned your account to your phone so that, unlike other chat protocols, I can officially only chat on my phone and not on my tablet.
Ditto for Signal: I can only use it on my phone. How dare you call that progress? I'd say exactly THAT is back to the 90's

Lack of federation just demonstrates the inability to create or use a protocol that can work with the future and the past.

As noted Signal leaks metadata. This leakage is an insecurity (the USA administration admitted to kill based on metadata) so Signal is convenient and at most somewhat secure.

E.g. end to end decryption does not really require changes on the protocol (on the contrary; if you need to change the protocol it most probably means you're leaking information to the server).

Maybe we just need both designs in the right places (one where we need durability and the other where we need sophistication). Looks somehow like wheels to me in some sense... ;-)

Maybe because the silent majority of XMPP servers and clients don't phone home to one central authority? The rest of his statements are of a similarly dismissable begging-the-question variety — Signal is just another Yahoo Messenger in the grand scheme of things.

Bringing IPv6 up is just a red herring. Non-Federated Internet Protocol would run the network in some circle of Hell.

Open, multiple-implementor protocols get developed quickly enough, it's the adoption of new work that can be slow. As usual, Network Effects Ruin Everything. Some things, like end-to-end encryption, really can't and shouldn't be negotiated. A flag day really IS the best way to do that.

And federated protocols CAN do that. Developers can remove support for old, insecure fallbacks. (Like SSL libraries have done.) providers can declare flag days and say they'll only federate with the new version of the open, interoperable protocol that has much better security properties so everyone knows when the deadline is coming.

(The claim that federated protocols 'rally around' large providers actually vitiates the rest of Mr. Marlinspike's argument. If there are a small number of large providers they can coordinate. Or a single provider can take the initiative and refuse to support older versions, making the others support them. All the disadavantages of ederation disappear. I'm not necessarily convinced 'large providers' are unavoidable, but if Mr. Marlinspike is, he should throw the rest of his anti-federation views in the garbage.)

Centralized protocols of course have their own problems. You may have noticed, but there isn't much in the way of running Signal on something other than a smart phone (There is an application built into Google Chrome but by all accounts it isn't very good.), or if you have no phone at all. This kind of sucks.

If someone wrote a GTK+ client for Signal or a client to run in a terminal, would Mr. Marlinspike say he doesn't want THEIR project connecting to HIS servers? And he's already ruled out federation? That sucks too, doesn't it?

If I want to make Signal the input or output to a complex pipeline, say filtering piles of messages into interesting places, using some to update displays on my desktop and queueing up some for later examination, extracting information from others, populating an Org mode document with times I plan to meet people, can I? No? Not unless I convince Mr. Marlinspike and the other Signal developers to implement it? (Sure, I could implement it myself, but they do not want Other Projects aon Their Servers and they won't talk to any other servers.) That kind of sucks, too.

Stuart Cheshire turned DNS into an awesome zero-configuration/service discovery (yes DNS-SD can and often does run over regualr DNS not just mDNS) protocol without having to convince the Centralized DNS AUthority to let him. Avahi reimplemented Cheshire's protocol and talks to the original and other implementations. It works wonderfully. They didn't have to talk anyone into it or get told that nobody would interoperate with them. (And people store all kinds of other things in the DNS, too, more variety every year.)

Google sends and receives email from anyone, and they do all kinds of things with email that RFC 822 never mentions (making your flight itinerary automatically pop up on your phone?) and they didn't have to convince the Central Email Authority to implement it for them.

The Suckless people shatter IRC into a whole pile of FIFOs that you can run through the Unix meat grinder however you like. They didn't have to ask the IRC authority.

And where are the awesome centralized protocols of the 2000s? Surely with advantages like these and a popular Internet they must have evolved quickly, leaving everything else in the dust, making ICQ and MySpace the dominant platforms in the market today....?

Thank you, no. If someone starts a project to fork Signal and create a federated version that isn't so wedded to the phone (heck, if they make an open version that let's me use something other than a phone number as an ID, I'll write the desktop client), I will happily donate to a kickstarter or send paypal or anything else to hurry it along.

I'll leave centralized network paradigms to do what they have done throughout history: suck and die.

On the other hand, I do strongly agree that the extensibility of XMPP basically killed off Jabber. I’m back to just IRC except for a (non-federated) work-internal server, and occasionally (say twice a month) firing up a Jabber client to get a message through (though I mostly eMail those people instead).

I agree with other analysis here: the examples Moxie uses for "federated" protocols failing are not only inaccurate, they're just wrong. And most of his examples are examples of people making simple assumptions that later turned out to be wrong. IPv4 has failed because it assumed that there would never be more than 2^31 (or so) hosts on the internet. HTTP 1.0 failed because it assumed that each session would make one request and terminate and that session setup (TCP and SSL) would be cheap. Etc. etc. That was partially addressed in HTTP 1.1, but there are lots of things that HTTP 2.0 does that simply can't fit into HTTP 1.1 and require a new negotiation system. Fundamentally all of these are problems with backward and forward compatibility.

So to me part of Signal's problem with using federation is caused simply by them not thinking in the long term about what they would need and making sure that things would be forward and backward compatible. You don't have to worry about compatibility if you just force your client and your server to always use matching protocols, but it means that you and no-one else can be compatible with you. And that's exactly what Moxie argues for.

Have fun,

Paul