[hn_urbit_thr123]

FWIW here's an explainer I wrote up a year ago for a friend who asked. I'm not affiliated with urbit, except that I want a product that does what it does (which at this point means I'm hoping someone reinvents it, because it seems fatally doomed by how hated the founder is).

What is Urbit?

Urbit is a virtual machine OS for server-side applications. If you imagine a future in which it is common for non-technical people to rent cloud server space on which to host server-side applications (say, a small blog, a mastodon node, a minecraft server, etc), Urbit aspires to be a good platform on which to host them.

Urbit features:

1. All input events (http request to an urbit-based api, signed message from another urbit, keystroke from console, etc) are transactions which change the OS state (or don't, if they fail). As a result, it should be impossible for a transaction to fail halfway through and leave the urbit instance hosed.

2. Exactly-once messaging between nodes. This is possible because nodes have persistent connections; disconnection is indistinguishable from long latency. This may sound minor, but it is a huge part of what makes urbit novel and (theoretically) stable and secure.

3. Built-in identity and auth. An urbit instance can't boot without an identity, which serves as username, network-routing address, and also as the public key with which all outgoing messages are encrypted. In practical terms, this means no urbit app or service needs to deal with logins or passwords or crypto.

4. There are only 2^32 first-class identities, which makes urbit a de facto reputation network. This is to minimize malicious behavior; if an identity costs $5, and you can only make $2 from spamming before that identity is blacklisted, no one will spam.

5. The urbit network is hierachically federated, and hence resistant to censorship. (Of course, this is a misfeature if you want to be able to censor people off of the networks you participate in)

6. It's not there yet, but the urbit kernel aspires to be so small and simple and formally-provably-correct that at some point it's done. As in, done done - no features to add, no bugs to fix, done. A lot of the design decisions (some of which are wildly unperformant) make no sense unless you take this goal in to account. More on that here: https://urbit.org/blog/toward-a-frozen-operating-system

Main Criticisms:

1. The founder has objectionable politics/beliefs. For its first decade, urbit was the solo project of one Curtis Yarvin, who moonlighted as an alt-right-ish blogger, and flamed out of polite society as a result. I've read a tiny bit, it was pretty dumb. The tl;dr is that he wants to get rid of democracy and bring back feudal monarchies. He also said some pretty racist stuff from time to time and that's the main reason everyone hates him. He left the project several years ago, which accomplished absolutely nothing in terms of anyone hating it any less.

2. The language is very strange and possibly bad. By "language", I mean both the programming language (hoon, the native language you write urbit apps in) and urbit's terms for core concepts, almost all of which have new, made-up names. More info here: https://hooniversity.org/urbit-and-hoon-glossary/

3. A lot of people think it's a shitcoin of some kind. AFAICT this is objectively not true. There's no way anyone will make any amount of money speculating on urbit unless it works in the sense that it's a good OS that millions of people want to use. Besides, if it were some kind of scam, it would've fallen apart when the founder left under a black cloud. That didn't happen; it is still chugging along. There are competent programmers who understand it and have worked on it for a year or two and still think it's genuinely good technology and continue to work on it for that reason.

[olah_1]

>5. The urbit network is hierachically federated, and hence resistant to censorship.

This is not true. Urbit is essentially a proof-of-stake network where the Galaxies and Stars have the authority to ban anyone off the network that they want.

After Planets are already routed to some of their friends, they can keep those connections, but if a Planet is refused service by Stars, it will be limited in reach and capabilities.

The whole point is that there is accountability in the system and there does need to be a kind of Byzantine (literally it is set up like an empire) consensus.

If you're banned by one Star, you can still be served by another Star, but it does affect the reputation (not hard-coded, but actual) of the Star that serves unsavory Planets.

It's not far off from the Fediverse in this regard.

[hn_urbit_thr123]

I agree, I was being terse; it'd be more accurate to say you can be banned off of the urbit network entirely if everyone hates you, but if only most people hate you, you can still use it (but may only be able to talk to the other outcasts that most people hate).

[mmastrac]

Isn't this exactly the state of the internet today?

[hocwyn]

Not really? You could have thousands, hell millions of people who love your twitter account or your podcast but if a critical mass (not even a majority! just a large and sufficiently noisy minority) complain about you, you're gone.

On Urbit there are 65k tracker nodes and ~4B permanent peer nodes. So long as a single 1 out of those 65k is willing to sponsor you and broadcast your location anyone can find you and get packets from you, and even if the last 1 gets sick of you he's still just the equivalent of a torrent tracker: anyone who is already your peer will continue to see you on the network. It doesn't matter how many enemies you have or which corporations you piss off, you know? You're your own platform, once you install the software to share tweets or photos or interviews or whatever there is no one left between you and your audience to play gatekeeper.

[nohokum]

100% no.

On Urbit you have ~65,000 potential star sponsors and can switch at any time. (Worth noting: after a year and a half on the network, I have not heard of anyone being refused service by any star.)

That's a clear difference from today's internet, where effectively all discourse gets siphoned off, by a series of vicious megacorporation incentives -- the need to lock you in, the need to serve you up manipulative advertising -- onto the servers of one of four FAANG companies. (I think we can safely remove the N at this point, but then the acronym ends up looking rather seemly.)

[em-bee]

I'm not affiliated with urbit, except that I want a product that does what it does

similar feeling here. except i am also concerned about the connection to blockchains.

my thoughts on that are here: https://news.ycombinator.com/item?id=31130695

[nohokum]

> it seems fatally doomed by how hated the founder is

Having been around the network for a few years now, and having talked up Urbit to countless people of countless different professions, political beliefs, ages, etc, I can confidently say: This isn't true.

It's just that a specific sort of Hacker News/Reddit gets agitated and makes a lot of noise on this subject whenever Urbit gets brought up.

Normal people who just want their digital lives improved aren't interested in these cringe 2010s-era blogosphere political beefs.

[dmitriid]

> nodes have persistent connections; disconnection is indistinguishable from long latency

> An urbit instance can't boot without an identity

Does this mean that urbit requires an always-on connection at all times?

> this means no urbit app or service needs to deal with logins or passwords or crypto.

This also means that all apps have full access to all your money, private info, bank accounts etc.?

[hocwyn]

No, Urbit doesn't require an always-on connection. It does work better with an always-on connection, since its peers will send it a lot of events to process as soon it reappears after a long absence.

> This also means that all apps have full access to all your money, private info, bank accounts etc.?

If you wanted to write or install an app that had access to a hot wallet stored on your Urbit ship, for example, you could. It doesn't have access to secrets you haven't intentionally stored on your Urbit. When you say "all apps have full access" - what do you mean? For example you could write an app that is both a display case for POAPs and also spies on your private messages, but the actual app that is a display case for POAPs is written to have no way to access your messages: is this the question you were asking?

[dmitriid]

> When you say "all apps have full access" - what do you mean?

I mean this: "this means no urbit app or service needs to deal with logins or passwords or crypto.". If apps don't need to deal with that, they have access to your info, doesn't it?

[hocwyn]

I think you're turning the question around the wrong way - there are hundreds of thousands of apps and services on the internet that all force you to make an account with their service to use their software, access data you've uploaded to their service, and interact with other users. That's the thing that is a huge hassle and also, increasingly (with web3 and on-chain applications growing in popularity) a huge security problem because of the attack surfaces those services' front ends offer. On Urbit none of this is necessary, because the "account" (i.e. network identity and keys) of your ship is already baked into all your interactions with the network.

As far as the apps having access to cryptographic secrets you store elsewhere on your Urbit ship: the apps are all installed and running on your ship, so just like other software running on a computer you control they can have access to other local data if you intentionally give them permissions, or they can have no access, or they can have access conditional on some additional safeguard. It depends how you write the app. But an app always knows the Urbit identity of the ship it is installed and running on, and that is baked into messages the app sends to other ships.

You also have the ability to spin up 4 billion virtual identities ("moons") per primary identity ("planet"), and it is a standard use case to run an app/service you don't want to interact with the rest of your ship on one of your moons. The main value currently is, if you host a high-traffic groups or distribute a popular app, these would make your primary ship run slow so you stick them on a moon. But the reason Urbit was designed to associate each identity with 4B virtual identities was so that your IoT devices can communicate with the network without having access to your personal computer.

[dmitriid]

> It depends how you write the app. But an app always knows the Urbit identity of the ship it is installed and running on

So, it has all the access necessary to go ahead and steal my money, right? Because, quote, "network identity and keys are already baked into all your interactions with the network"

[hn_urbit_thr123]

Urbit is an OS, apps have access to whatever you give them access to. If you want one app (say, a dating profile) to not have access to data stored by another app (say, your bitcoin wallet), you run them under separate sub-identities as described above.

That has nothing to do with the thing you quoted ("network identity and keys are already baked into all your interactions with the network"), which describes how urbit nodes talk to each other. Whatever identity you run an app under, all traffic from that app will be cryptographically signed by that identity.

[wmf]

The urbit network is hierachically federated, and hence resistant to censorship.

Why isn't flat federation even more censorship-resistant? I don't understand the benefit of hierarchy.

[compressedgas]

My criticism of Urbit is about its lack of within a node parallelism and lack of between node transactionality.

[hocwyn]

What kinds of transactions would you like to see between nodes?

[gremlinsinc]

I want something similar but that has true validated id's, and separate person accounts and business accounts. Person accounts then would have taxation built in and UBI and mutual aid, and there'd be some algorithm that taxes and pays dividends based on how much you hodl and how much you utilize or transfer in a month, etc... essentially if your payment habits are that of a poor person you'd get more UBI if your spending habits are that of Elon Musk you'd pay taxes.

There'd also be a cap on how much your account could hold to basically bar billionaires and oligarchs from controlling the system. Maybe something like x amount times the average users' monthly income(transactions received).

Starting out it'd aim for like 500 million being a cap, and try to aim to keep some sort of stable price as well. Business accounts wouldn't have the caps because I mean a huge company like walmart has tons of money come in for payroll, etc.. and just there'd be no way to really handle that, and you want businesses to accept the currency as utilization is everything.

I think possibly having a dedicated exchange built in as well that basically floods the market with new dollars if stability starts to fade. Say the price of a coin is $10 usd, it would autotax the top 50% of earners and redistribute that to the bottom 50%, or something similar or mint new currency and distribute from that -- essentially to encourage prices to remain stable.

Now combine that w/ all the other features of something like urbit os, and I think you've got something.

TLDR: Imagine if as a US citizen you were born with an id and a bank account tied to that id. It's the only bank account you can have, it's the only bank. Now imagine there's a cap to that account and every billionaire ceases to exist because they'd be taxed at 100% until they're max holdings are 500 million. You can't hide money, or get separate accounts, etc... There are no loopholes as it's all by smart contract.