| > - bandwidth : ... More generally, if Urbit got even moderate adoption, the hosted-server companies would fall over themselves supporting it. I am highly skeptical -- the Wordpress has pretty high adoption, and it is useful for "non-techy Mom", but there are very few companies which support wordpress integration, and if they do, it is at a much higher price (bluehost: $3/mo regular hosting, $20/mo wordpress hosting) > - mail : ... full-fledged identities on the Urbit network cost a couple of bucks, and it is assumed that anyone who spammed from one would get blackholed before they recouped the investment. This blackhole mechanism is very much like spam problem, so it has all the usual questions: Is it going to be managed by someone? Does identity get un-blackholed after some time with no spam? Can you pay $$$ to make this process faster? Can someone blackhole whole galaxy? What if your computer gets malware which spams other users on your behalf? I am not asking for immediate answers to these questions, I just wanted to point that having "federated identity" will not fully solve spam problem. > - viruses : Urbit is designed to be essentially impervious to malware. ... In a worst-case scenario (say, your whole urbit got bitlocker'd), recovering would require you to a) get your hosting provider to restore from a backup, ... That's not the worst case scenario. The worst-case scenario is bitlocker reaches in your urbit (via whatever mechanism you use) and encrypts all the your data there, slowly over time (so your backup is corrupted, too) and starting with least-recently accessed files first, to minimize chance of early detection. Looks like in this situation, your only hope is that your hosting provider kept your backups, and this is not guaranteed at all. So basically not much better than existing self-hosting systems. Note: I have not actually checked, but I suspect that Urbit may keep all the previous versions of the files around. This will help against bitlockers, but: (1) Is there a mechanism to permanently remove data, say because you accidentally uploaded 25GB blue-ray movie? If yes, this is what bitlocker will use. (2) Are you sure that every user will have different urbit credentials and admin credentials to the hosting provider? Because if not, then bitlocker will ssh into your hosted machine and damage the files directly. (3) There are other things other than bitlockers. Malware will use your account to send SPAM, use your webserver to sell illegal drugs, use your CPU to mine bitcoins, and generally make a botnet out of your urbit. |
What's stopping you from getting the $3/mo package and installing wordpress yourself? The pain of learning how to administer and secure and update it, right? Urbit is (or claims to be) painless enough that you would install it yourself and not need to do any maintenance afterward.
> This blackhole mechanism is very much like spam problem, so it has all the usual questions: Is it going to be managed by someone? Does identity get un-blackholed after some time with no spam? Can you pay $$$ to make this process faster? Can someone blackhole whole galaxy? What if your computer gets malware which spams other users on your behalf?
This is all up to apps and users to handle. If you did write an app that defaulted to "accept messages from anyone" then you'd need to include some sort of "report spam" feature in it I suppose, but I think it's assumed that most apps would just ignore unsolicited messages. You could also do more nuanced rules, like "Ignore messages from accounts that are less than a week old; if the account is older than that, you can show me one message, but ignore any subsequent ones unless I respond to the first one." Up to the developer of the app.
> Looks like in this situation, your only hope is that your hosting provider kept your backups, and this is not guaranteed at all. So basically not much better than existing self-hosting systems.
"Your hosting provider might not do a good job of managing backups" is a) well outside of urbit's purview, and b) something I thought was pretty much a non-issue these days.
> Are you sure that every user will have different urbit credentials and admin credentials to the hosting provider?
At the end of th day, urbit is just an executable. You log in to your shell, you run ./urbit, and you tell it what to do. Anyone who can log in to your shell can run your urbit and tell it to do something you don't like. So of course you need to keep your login and password safe, and the host OS needs to be secure, and so forth.
But, if the claims of the people who made it are true, it should be impossible for J. Random Cracker to send a message to an urbit over the network that makes it do something bad. Not "we think we found all the buffer overflows" impossible, I mean "mathematically proven to be impossible" impossible. That's why they rewrote the thing from the ground up in such a hokey way. Whether they succeeded in, or whether that claim is laughably deluded, is something I'm hoping someone much smarter than me will definitively determine someday...