Broke Dumbass Attempts To Web3 Again

published: 2022-12-07


For the sake of Let's Decentralize, I looked into Dat and Hyperdrive and found out that, as of earlier this year, Beaker Browser is officially dead. Supposedly some of the developers are now working on another damn decentralized chat platform. Because there aren't enough of those already.

For the sake of entertainment, as I'm desperately bored after having recovered from COVID-19 and from my father deciding to catch it the day before Thanksgiving and thus cancelling all our travel plans, I looked into the current state of web3. Since the cryptocurrency ecosystem is in the process of collapsing before our eyes, I thought I'd see lots of previously-hyped projects folding like a house of cards. I was surprisingly wrong. Filecoin is still chugging along, supposedly going "from 22 PiB to 215 PiB of data stored on the network" over the course of 2022, although who knows if that stat's accurate since it's self-reported. Skynet Labs is dead because they can't get any more funding, but many of the Skynet developers insist they're going to continue development on Skynet regardless. Arweave is doing... whatever Arweave usually does, but it doesn't seem to be in any chaos. Either I am not looking at small-enough projects, or web3 has finally achieved some semblance of resilience.

Assuming, of course, that it's an actual web3 project with a proper blockchain and not just several databases in a trenchcoat.


Solid

Solid is, according to the project's homepage, "a specification that lets people store their data securely in decentralized data stores called Pods. Pods are like secure personal web servers for data. When data is stored in someone's Pod, they control which people and applications can access it."

Any kind of arbitrary data, from text files created by applications to music and documents uploaded through a file manager app, can be stored inside a Pod. A person's Pod stores all the data for all the apps they use inside the Solid ecosystem. Instead of person A hosting a blogging service and your blog being stored on person A's servers and person B hosting an online document editor and your documents living on person B's servers, both your blog and your documents live in your Solid Pod, and the services that others host are just interfaces for the data that lives inside your Pod.

At no point does Solid ever use a blockchain. This technically makes it "web 3.0" ("Semantic Web") instead of "web3" proper. But I see even technically-inclined people mix the two terms up all the time- I mean, I don't blame them; I never got the hang of all the seemingly-arbitrary numbering schemes the tech industry uses anyway- and web3 proponents will often bring up Solid when asked for an example of a functional web3 project.

As the whole point of web 3.0 web3 is decentralization of data, I decided to self-host my own Solid server so that my Pod, and the data within it, would remain on a server within my control. The Solid Project website offers four options for open-source Solid server software. However, the "Community Solid Server" that the Project's self-hosting instructions documents is written in... Node.js. Which initially put me off, until I saw that my other options were:

So I just chose the community server since that one seemed to have the best documentation.

I opted to run it in Docker since I prefer to not have Node.js code running on bare metal unsandboxed. Plus then I didn't have to worry about Debian Stable's Node.js version not being up-to-date enough. As per the documentation, I ran the following:

cd ~/Gits
git clone https://github.com/CommunitySolidServer/CommunitySolidServer.git
cd CommunitySolidServer
docker run --rm -v ~/Solid:/data -p 3344:3000 -it solidproject/community-server:latest -c config/file.json
				

With the last Docker command, the Solid server will run on localhost port 3344, save your data in a "Solid" folder in the home directory of the user running the Docker command, and actually persist data on disk instead of keeping it in memory and losing it when the Docker container is stopped.

At least, that was the intention. My first problem came when I attempted to visit the Solid web interface now running on port 3344. It complained that 127.0.0.1:3344 wasn't a configured URL and that for security reasons it would refuse to let me continue. But it also said that I could pass the -b flag to change the URL I could access the interface at. So I changed the last Docker command to the following:

docker run --rm -v ~/Solid:/data -p 3344:3000 -it solidproject/community-server:latest -c config/file.json -b "http://127.0.0.1:3344"

Then it started working again. I completed setup, giving it an email address (which it did not attempt to confirm) and a password and opting to make it a single-user server so that nobody else could register after me. But when I logged in, the web interface just showed me a file listing with two options, README and profile/, and attempting to access profile/ gave me an error page insisting I wasn't logged in. The error told me I needed to connect to the Pod via an app and interact with its data that way. So I went to Solid's app store and found some apps to test.

But the login pages for all of the apps assume that one's Solid server is configured with a fully-qualified domain name. So I went into my Caddyfile and set up an actual domain for my Solid server, so I was now accessing it at solid.letsdecentralize.org. The Solid server saw that the base URL had changed, so I once again stopped the Docker image and amended the command used to run it:

docker run --rm -v ~/Solid:/data -p 3344:3000 -it solidproject/community-server:latest -c config/file.json -b "https://solid.letsdecentralize.org"

After that, I went to try some apps again. I was able to log in with the Solid file manager, but because I had been using the localhost IP when I created my user in the web interface, the file manager kept throwing errors. I had to delete all my data and start over from the beginning. And by delete all my data, I mean running sudo rm -rf ~/Solid/*, deleting the Docker images, and then re-downloading the Docker images. Turns out this is a known problem that the developers don't feel like solving at the moment:

The account system is still quite rudimentary and does not include account deletion yet. To delete the accounts on your server you would have to delete the .internal/accounts/ folder on your disk.

After the full reset, the file manager then worked as intended, and I was able to create folders and upload files.

screenshot of a browser showing an image of Asuka eating a Happy Meal

I thought about self-hosting the file manager, but I looked at the Git repo, and apparently it's unmaintained:

NOTE: This project has no active maintainer. It may or may not be working, and from time to time stuff will probably get fixed.

As for alternatives, Penny and Solid IDE are actively maintained, and the UI for Penny is nicer. But Penny constantly sends HTTP requests every time you do anything in the window, which could easily overwhelm a server if you have more than a few Pods hosted on it, and the hosted instance of Solid IDE linked in the Solid app listing 404s, so I couldn't test it.

screenshot of Penny showing an image

I thought about deploying Plume on my Pod since my whole reason for exploring web3 is to find new and creative ways to host my website, but the guide links to an empty Releases page on a Github repo that's been abandoned since early last year. Not exactly reassuring.

Next on my list of apps to try was Notepod, a notepad application (also with an abandoned Git repo, this time from 2020). But after I entered the URL of my Solid provider (solid.letsdecentralize.org) and clicked "go"... nothing happened. Docker showed a few HTTP requests were being made every time I clicked "go":

2022-11-23T02:10:12.472Z [BaseHttpServerFactory] {Primary} info: Received GET request for /.well-known/openid-configuration
2022-11-23T02:10:12.557Z [BaseHttpServerFactory] {Primary} info: Received GET request for /.oidc/jwks
				

I gave Notepod about ten minutes or so in case it was loading in the background, but nothing happened, so I abandoned it.

O Edit, abandoned by the developers since 2019 (?!), would only let me select "Inrupt" or "Solid Community" as a valid ID provider from a drop-down list with no option to enter in my own pod. There is a text box to log in with WebID, but I had to go digging into my config files to find a valid string to put (https://solid.letsdecentralize.org/profile/card#me) and then I just got the same two HTTP requests and no response as Notepod. Tiddlywiki and Poddit did the same thing: two HTTP requests, and no visible response. If there was an error being thrown somewhere, I didn't see it, and I shouldn't have to open Developer Tools in my browser to see what a simple popup in the browser window could have told me instead. Remember, Solid is supposed to help normies get away from corporations... if technological liberation is only ever available to those knowledgeable enough to put up with unpolished and barely-functional software, and normies are lazy, and the network effect is what determines what software society forces everyone to use, we will never be free.

After a while, I finally found a Solid app that would let me edit the text files in my Pod: PodPro! But with one little caveat: I couldn't find any source code. If you're reading this and you know where PodPro's source code is, please let me know: the user interface was slick, and the editor had syntax highlighting, and it felt like a Solid app should... but I can't recommend proprietary software with a clear conscience.

In conclusion: Solid works surprisingly well, regardless of it's actually "web3" or "web 3.0", but there are barely any functional apps. What exists is just a glorified Nextcloud with less than half of the apps Nextcloud has. Hey, maybe if I'd gone with that plugin...


Internet Computer

This one popped into my head out of the blue one night, and was the inspiration for starting this post. I don't remember if it was this project in particular, or just mixing it up with the term for the Ethereum compute, "world computer", which is laughably weak: according to an article by Nicholas Weaver, it would take five thousand of the Ethereum "world computer"s to match the computing power of one Raspberry Pi 4.

You know what else my Raspberry Pi 4 can do? Serve web pages without needing a connection to a blockchain. When I tried to go to the Internet Computer homepage, I got this error message:

Blockchain cryptography will make this domain more secure.
This web browser cannot interact with the Internet Computer securely. (No: serviceWorker) Please try new web browser software.

Funny... I thought having an up-to-date TLS certificate that doesn't use outdated or broken ciphers was what made a connection to a site more secure. And what's this about "new web browser software"? I'm using the latest version of Firefox!

...Okay, I admit, it's the latest that Debian Stable has to offer. Chromium seemed to be "new" enough for Internet Computer, anyway, and I finally got through to the homepage, where Internet Computer describes itself:

The Internet Computer makes it possible to flip the script with online services, by making user communities their owners. That's because online services can now run 100% on blockchain, for the very first time. There is no need for centralized traditional IT, such as cloud services, which form the largest part of services built "on" other blockchains.

But if there's no traditional IT, then how will users interact with the blockchain in the first place? Someone has to develop the apps. And unless you expect users to all have their own devices they have permission to run apps on and that have the computing power to run the apps in the first place, or self-host all the programs they want to use on a server they somehow also miraculously have, then someone is going to have to introduce some centralization and host the frontends for the apps on traditional infrastructure.

Scrolling through the dapp showcase shows mostly NFT bullshit: of the eighty apps in the showcase, twenty-five of them (more than a quarter) are in the "NFT" category. Several are linked to games which either haven't launched yet or are in the very early stages of development. One of them, Plethora, has its description listed as:

Plethora is all about abundance and making you feel fulfilled.

...but the autoplay video shows a sparse and sterile-looking mansion with a new 3D NFTs scattered around. Not very abundant of them.

Another one, PokedStudio Bots ahem, I'm sorry, "Poked bots", has a professionally-written description on the Internet Computer showcase... but the official marketplace could use a little work:

500 years from now humans have long left earth and only the Robots remain. Robots have managed to create new identities often based on relics they have found from earths past. This collection features 5 groups of Robots that exist in the eastern waste lands near former Delta city. The Battle bots, they are tough and are used to hard work, entertainment bots constructed from old video game and junk food toy parts found in the giant rubbish heaps of former Antarctica. Wild bots have become deranged after the giant solar flare of 2453AD. The god class has come to rule much of eastern earth, they have abilities beyond normal bots. The masters are a secret society of robots that have links to the off world colony of Europa base 7.

Let's take a look at all the grammar problems this paragraph has:

  1. In the first sentence, there should be a comma after "now" and "earth". "earth" should also be capitalized as "Earth" since it's being used as a name and is thus a proper noun.
  2. In the second sentence, there should be a comma after "identities".
  3. In the third sentence, "city" should be capitalized as it's being used as part of a name: "Delta City". If it's meant to be lowercase, then the phrase should be rewritten as "near the city of Delta".
  4. The fourth sentence should be split up into separate sentences for each type of "Robot" being described.
  5. In the part of the fourth sentence, "The battle bots" is a fragment. The comma and "they are" should be removed so the sentence now reads, "The battle bots are tough and are used to hard work."
  6. Likewise, the part of the fourth sentence about "entertainment bots" is missing a verb describing what the entertainment bots are doing: in this case, being. It should read, emphasis mine to show correction, "The entertainment bots are constructed from old video game and junk food toy parts..."
  7. In the fifth sentence, although not necessary, "have become" could be replaced with "became".
  8. In the sixth sentence, "earth" should once again be capitalized, and the comma replaced with a semicolon since it is connecting two otherwise-complete sentences.
  9. In the last sentence, "off world" should be hyphenated as "off-world".

And here I was, saying that I wouldn't do free labor for cryptobros... Payment for the editing is welcome, PokedStudio. Fiat only. You know where to contact me.

If you want to do something other than buy expensive images, there are nine projects in the "Social" category. As my patience was starting to wear thin, I decided to try the first one listed: a Reddit clone named DSCVR. But I wanted to be prepared before I dove in, so I went to the "Wallet" category and installed the first one listed, Plug. I mean, if web3 is all about cryptocurrency, then it makes sense that you'd need a wallet, right? I clicked on the extension icon once it popped up by the address bar, and I was immediately met with this sleep paralysis demon:

screenshot of a creepy plug mascot with the text 'create password for Plug' underneath

(For those not familiar with zoomerspeak, "frfr" is short for "for real, for real".)

It prompted me to create a password, so I gave it a fourteen-word-long passphrase made in KeePassXC. Then it gave me a recovery phrase to backup... and whatever the hell this is:

screenshot of a creepy plug mascot saying 'keep this sh*t safe, forreal'

I get the feeling that the people at Fleek (the company that made Plug) don't take professionalism very seriously. Which is all good and fine when you're a Broke Dumbass like me who just wants to snark at everything, but when you're a company dealing with financial assets... well, a mascot with a creepy face who swears at you during the onboarding process doesn't exactly reassure the user that the company won't lose all the customer's assets.

Once I'd suffered all the way through the Plug setup, I went back to DSCVR, now ready to sign in. The homepage immediately blasted me with a post where... Christians were arguing over whether Christ had a vagina. (DSCVR also seems quite hostile to being archived by both the Wayback Machine and archive.md.) I was expecting the usual NFT hype to clog every post, but this time I had to actually scroll for it. I'm still not sure if I'd prefer the NFTs or not.

On your first visit, a welcome popup appears offering a site tour. Page one of the tour (there are six in total) is about receiving NFT airdrops... and so is page three. Page five says you can make subreddits "portals", and then paywall them by requiring certain NFTs to visit. I don't have any NFTs, and I don't have any interest in paywalling my content, but I forged ahead to the login page anyway.

There are two options for logging in to DSCVR: Google, and Internet Computer. It'd be a pretty weird Internet Computer app if you couldn't log in that way, and I'm not letting Google touch my device with a ten-foot pole, so I chose Internet Computer...

...and, instead of using the Plug wallet I set up solely for the purposes of interacting with Internet Computer, it prompted me to create an "anchor". I didn't have one, so I clicked the "create anchor" button. It asked for the name of the device I was using, and then a popup appeared asking me to plug in a Yubikey.

But I don't have one.

Naturally, the login failed. I went digging into the Internet Computer documentation and discovered that the login prompt uses WebAuthn, meaning I have to either have a hardware token (the Yubikey) or use a device which has access to biometric sensors like Face ID or a fingerprint reader. My ThinkPad T510 has neither of those, so I switched to my phone and tried again.

My phone had no luck either. Samsung Browser and Brave, despite both using the Chromium engine, threw a "your browser isn't supported for Internet Identity" error. Bromite, also a Chromium reskin, threw a "No: WebAssembly" error. The only supported browser on Android is Chrome proper, which I forcibly uninstalled from my device a long time ago. So, as far as Internet Computer is concerned, it's either "log in with Google" or "log in with Google". Or "buy an iPhone". No thanks to any of those.


Radicle

Radicle is decentralized Git hosting, not to be confused with Radicale, which is a CalDAV server. Radicle doesn't sync your contacts (unless you want to be that asshole who leaks the contact info of their friends all over the Internet) but it can help you sync your code across devices through a peer-to-peer network!

...Supposedly. The homepage says nothing about hosting your own node other than that you can, and there are currently only three nodes available: "willow", "pine", and "maple". There is a Git repo for... something, but the README is sparse and doesn't say if it's for the terminal client or a node. (And both of the "build" buttons say "failing". Fun!) The other Git repos that looked like they could be node software were archived, set to read-only, or were deprecated. I couldn't find a link to any documentation on the homepage, but there is a forum... filled mostly with talks about DAOs and barely anything about actual software development, and a Discord which I can't look at since I refuse to have a Discord account.

To be honest, I wasn't sure if Radicle was actually web3 at first, but it was on a list of "best web3 projects". Since cryptobros like to pretend that they're smarter than everyone else (cue the Bitcoin "few will understand" meme), I've decided in this one instance to take them at their word.

To install the command-line client, you run the following:

curl https://europe-west6-apt.pkg.dev/doc/repo-signing-key.gpg | sudo apt-key add -
echo deb https://europe-west6-apt.pkg.dev/projects/radicle-services radicle-cli main | sudo tee -a /etc/apt/sources.list.d/radicle-registry.list
sudo apt update
sudo apt install radicle-cli
				

Please note that, at the time of writing, the Radicle binary apparently takes a hundred and seventy-one megabytes of storage space once installed.

You then run rad auth to create an identity. It creates two keys: one to "identify your device", and another to "identify you across devices". You create a new Radicle repository by running rad init, similar to git init. Instead of git remote -v to show the URL for your repository, you run rad . (That is, rad and then a space and a period.)

Because I only intend to use Radicle for this test and not as an everyday tool, I chose for my test data a Git repository I don't see myself updating much in the future, if at all. (I'm personally hoping for the "not at all" option. You'd have to pay me big bucks to willingly hang out with a bunch of ableists.) Radicle didn't like that I had used GPG to sign some of the existing commits, though, because it threw this error:

user@host:/home/user/radicle-jail/ovarit_sucks$ rad push
Pushing 🌱 to remote 'rad'
$ git push rad
== Push failed
error: unsupported value for gpg.format: ssh
fatal: bad config variable 'gpg.format' in file '.git/config' at line 18
				

I removed everything in .git/config relating to GPG, but then Radicle complained that my Git version wasn't new enough:

user@host:/home/user/radicle-jail/ovarit_sucks$ rad push
Pushing 🌱 to remote 'rad'
$ git push rad
Everything up-to-date
== Push failed a minimum git version of 2.34.0 is required
				

As Git version 2.30.2 (the latest available in Whonix and Debian Stable at the time of writing) works perfectly fine for everything else I do, I see no reason to upgrade purely for the sake of Radicle. So into the trash Radicle goes.


Storj

Storj is "a distributed network of independent nodes where data is encrypted, split into smaller pieces, and then spread worldwide." In other words, you give it your files and a small amount of payment depending on how much storage space you use, and the Storj network will automatically select the best nodes to host the files. Unlike back in the first post when I was looking at Filecoin, the minimum requirements for hosting a node aren't atrocious: very doable, in fact... the only thing I don't have is enough storage space on my VPS.

Oh, wait, I take that back: apparently you need to get an auth token to set up a node. And the only way to get one is to request one from Storj Labs. Silly me! I thought web3 was supposed to be decentralized!

"Whatever," I thought. "I'll try it anyway since you can get 150 GB of space without paying or begging for tokens from a faucet. Unlike some other web3 projects."

A few moments later: "Wait, why do I have to give an email address and password? I thought web3 was about using crypto for everything, including authentication!"

So after giving Storj my very centralized email address to make an account, the Storj website gave me two choices:

  1. either use the web UI and opt in to server-side encryption,
  2. or install the Uplink CLI to make "object data, metadata and path data" end-to-end encrypted.

I opted for the second, both because I don't like trusting web UIs if I don't have to and because I wanted to see how well it would perform inside of Whonix, which locks everything behind Tor.

cd /tmp
curl -L https://github.com/storj/storj/releases/latest/download/uplink_linux_amd64.zip -o uplink_linux_amd64.zip
unzip -o uplink_linux_amd64.zip
sudo install uplink /usr/local/bin/uplink
uplink setup
				

The CLI tool at first run prompts for permission to send analytics, then asks for the name of your device, an API key and satellite address you created for said device during the in-browser account setup, and the passphrase for your account. After successful setup, you can then create a bucket for your data:

uplink mb sj://cakes

"cakes" in this example is the default name given in the online demo. You can make it whatever you want.

You can then copy files to it:

uplink cp /path/to/file sj://cakes

A progress bar appears. On Whonix, it didn't show any actual progress and the percentage was stuck at 100%, but the upload succeeded after a few seconds.

You can view a list of files in a bucket by running:

uplink ls sj://cakes

which produces output like the following:

user@host:/tmp$ uplink ls sj://cakes
KIND    CREATED                SIZE      KEY
OBJ     2022-11-24 03:35:34    162839    afkyturj.png
				

To make files publically accessible, you can generate a sharing link:

uplink share --url sj://cakes/path/to/file/you/want/to/upload

Uplink originally got angry at me because I didn't specify an expiration date for my file, even though the examples in the online demo didn't say that was an option:

user@host:/tmp$ uplink share --url sj://cakes/afkyturj.png
It's not recommended to create a shared Access without an expiration date.
If you wish to do so anyway, please run this command with --not-after=none.
				

Passing the --not-after option made Uplink happy again:

user@host:/tmp$ uplink share --url sj://cakes/afkyturj.png --not-after=none
Sharing access to satellite 12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777
=========== ACCESS RESTRICTIONS ==========================================================
Download  : Allowed
Upload    : Disallowed
Lists     : Allowed
Deletes   : Disallowed
NotBefore : No restriction
NotAfter  : No restriction
Paths     : sj://cakes/afkyturj.png
=========== SERIALIZED ACCESS WITH THE ABOVE RESTRICTIONS TO SHARE WITH OTHERS ===========
Access    : 1npMNz2QGpdys5h7u9xrq9pWeq1EMqMpGRNzeDWHDVgE4BgATazv6Nw2cufqZuQsrkywpUaC4kUa3LTyASvj6m7ri6xcQGoetJPaHu7Dzdb9xHHiz2XGH1Zxznn4vC4TrCMfmSLyEMYpqSpLyZi7VXf17FRPX9Z4jDdAPV1i7CZ118E4X6FDHBug7he4qF7a4SfQCv64ZT1HEgqtbjaf4X6JyHkWCNw9Zk188GXGFntu6mi4yMawaYUQCB1SKDEqkg9kuLXoSVsZv5WMsVU1URvUyKRvjmioz3FaakKnYfhQM4Z426sZ8cMjgQdYmCjbE8iy3AUU6yaZy415bZDmgpjsSnPU2YunPvntm5bbpZdyJnFUWvGZnUnkmnNZ8GmfpU8vS1ZzZfJ1GZ7oZ2A2kwapG7mk3mETGr24x3s6N6pvVBba6E9Vv36ZAXgUQkPZqgW4H6WRDat8rbqsDnghGZgTJZAhhGtymLZZDgQBdhpA4Wv6
========== CREDENTIALS ===================================================================
Access Key ID: [REDACTED]
Secret Key   : [REDACTED]
Endpoint     : https://gateway.storjshare.io
Public Access:  true
=========== BROWSER URL ==================================================================
REMINDER  : Object key must end in '/' when trying to share a prefix
URL       : https://link.storjshare.io/s/jxxkrms7du35byqxbwx7csyprueq/cakes/afkyturj.png
				

You can also view files you've uploaded in the web UI, but then you have to trust the server with your encryption key. If your key ever expires, you can create new ones in the web UI.


Conclusion

Unlike the last time I waded knee-deep into web3, this round seems to have actually brought some projects I can use without shelling out money. Solid's only problem was its lack of apps, and I have no reason to doubt Radicle would have worked beautifully had my local Git binary only been newer. But I can't exactly use Radicle to host a website, and Solid, being "web 3.0" instead of web3 proper and thus every Pod still tethered to a specific server, offers no advantages over just throwing some static files behind Caddy. If the storage requirements for a Storj node were lower, I could even be earning money through web3... pennies, maybe. If my goal is to host a website in a decentralized manner, none of the four aforementioned projects would be of any help. I'll just have to keep searching, I suppose. I'll just have to keep wandering.


CC BY-NC-SA 4.0 © Vane Vander