One of the things we got really lucky with is that Claude Code and not the ChatGPT app won the war for the defining AI product and it runs on your filesystem. There's a different reality where everything had to go through the API on a closed app layer and we're all begging OpenAI to add XYZ endpoint to their platform.

Anthropic is now racing to close this gap because they realize there's no lock-in. If the product is just .md files with hierarchy, you can drop any harness and intelligence on top of it. It is interoperable by default, possibly not even by intention.

We should do everything possible to stop the great lock-in that they'll attempt in the next 18 months.

This explains it best:

> When Facebook was born, it gave people who were already using MySpace a tool that would pretend to be you and log into MySpace, collect all the messages that your friends had left for you, and put them in your Facebook inbox. You could reply to them there, and it would send them back to your MySpace outbox, so your friends would see them. And that was what allowed Facebook to take so many users from MySpace so quickly. This is what interoperability is about. But if you tried to do that today, Facebook would use laws that were either enforced differently or did not even exist at the time of MySpace, to ruin you.

> If we were to restore this “noble ancient art” of technological interoperability, the users who are so obviously discontent with the platforms they use would consider the costs low enough to leave and join better spaces. In turn, the companies would be smaller, would pay more attention to user satisfaction, and could not push around the governments that tried to hold them to account.

https://www.greeneuropeanjournal.eu/cory-doctorow-how-to-tak...

I am nobody. I have little impact. I want my programs to be safe from government intrusions, from age checks, from encryption backdoors, from corporate surveillance. How do I win this battle with big tech?

I am deeply in self-host. For the self-host to succeed it needs to be better, unregulated, and free. It needs to be easily distributed. The data should be easily distributed. Import and export should be fast and easy.

That is why most of my programs use JSONs that are human readable, or use SQLite tables that are just copy-paste away.

I am from Poland. My ancestors were able to survive by hiding, and by fighting small partisan battles. My idea of software is "partisan". It battles big tech in small, distributed ways.

I am not sure, but I think what I said is similar to interoperability.

• embedding-shape

  today at 3:50 PM

  > I am nobody. I have little impact. I want my programs to be safe from government intrusions, from age checks, from encryption backdoors, from corporate surveillance. How do I win this battle with big tech?

  If you're only talking specifically about your program that no one else has access to, I don't think there is any battle? Do whatever you want, no one cares nor would even know about it.

  If you're talking about making software available for others, for free and open source, I also don't think there is any battles to be won here.

  When people talk about the web not being open, or "age checks" and "backdoors" and so on, they're mainly talking about for-profit platforms, that let users "use" their platform in exchange for something. These probably shouldn't be "do whatever you want, consequences be damned" but instead have some sort of checks against them, so we don't end up letting the business-people rush towards building torment nexuses.

  Even if platforms has to have age checks, encryption backdoors and a whole slew of other "bad stuff" or just "annoying stuff", I don't think the self-hosted ecosystem has much to worry about, we all run software "without warranties" already, and plenty of the stuff I'm running at home I've written myself, of course I won't care about age checks or whatever, even if it was regulated to be forced.

  • freedomben

    today at 4:06 PM

    In a world where big tech and governments are requiring user-facing things to do things (like age verification, etc) and be liable for what their users do with it, even the self-host becomes a problem unless you are your only user. There are plenty of people that are still doing it, but they're probably taking on liability they don't realize. For example if I stand up a self-hosted git forge and allow others to use it, and some user I don't know commits CSAM to their repo, to quote (paraphrased cause I don't remember exactly) Dijkstra from The Witcher: That's called being in the shit, and you're in the shit.

    • taeric

      today at 4:25 PM

      I mean, this is the case for a lot of things? Has always been the case.

      If you host friends over for dinner at your house a lot, nobody will ever say you are subject to the same rules as a restaurant. You start letting other people host dinners at your house, and things could change. You start letting people solicit your place for paid dinners, similar outcome. Do it once, nobody will probably know or care. Continue to do it at scale, though, and I don't know why you would expect to not be subject to regulations.

      • AnthonyMouse

        today at 7:09 PM

        The problem is obviously that the government shouldn't be regulating private speech. They pass these rules by saying "look how big Facebook is, they need to be regulated" when the actual problem is that they need to be decentralized. But then the rules don't apply only to Facebook, and worse, are designed under the assumption of a centralized service so that they entrench the thing that should be eliminated.

        • taeric

          today at 8:06 PM

          But there is nothing obvious about this? For one, this is speech that can only be done using otherwise regulated means. You couldn't claim "free speech" and build a radio tower that transmits long distances, as an easy example. For that matter, you can't claim free speech to allow concerts at your house. You similarly could not claim free speech to rent or loan out rooms of your house for storage.

          As has been pointed out elsewhere, if you want to take the effort to connect and verify the different parties that are going to communicate with your server, you are almost certainly going to remain free to do so.

          Do I think there are probably some concerning ways those burdens can be placed on folks? Certainly. But we already require inspections and other similar activities for things that individuals can do at home without an inspection. See the food industry.

  • renegat0x0

    today at 6:55 PM

    I am talking about many things. Also about my programs, but also data. Programs are not that important for me. They are just vehicles to get the job done.

    All my programs and data are open. It is something that anybody can pick up, and use as they wish

    - https://github.com/rumca-js/Internet-Places-Database - domains I found

    - https://github.com/rumca-js/Internet-feeds - feeds I found

    - https://github.com/rumca-js/RSS-Link-Database-2026 - news from 2026

    - https://github.com/rumca-js/RSS-Link-Database-2025 - news from 2025, etc.

    Does make any change? I don't know. I run web crawlers. It is interesting for me to see what my crawlers pick up from the Internet. It did change my life, these project changed how I see the Internet. More pro-activly.

    I think there are many projects which can be useful for niche groups. I suppose I have 390 stars on one repo. I hope at least my projects were useful for them. That is a hopeful thought.

  • chromacity

    today at 4:49 PM

    > If you're only talking specifically about your program that no one else has access to, I don't think there is any battle? Do whatever you want, no one cares nor would even know about it.

    Can I do it on my phone?

    • ChadNauseam

      today at 4:51 PM

      If you buy a google pixel 9 (the last version for which google released device trees), you can do anything you want on your phone. My pixel runs a version of android I built myself

    • beeflet

      today at 5:27 PM

      No because a phone, despite being made from the same parts as a computer is actually a completely different thing.

      You can't just run programs on your phone. You have to run apps, which require approved by the government and the company that made the phone, which tacks on additional fees as well. The phone also has constant cellular/GPS/wifi/bt-mesh location tracking, and it can never be completely turned off by the user without destroying the phone because even the batteries are glued in.

      It's basicially the perfect slave device for your average goy. And everyone will need one to to access your bank account, recieve insecure SMS authentication, talk to other NPCs, and generally participate in the neo-economy.

      If you don't think this is right, you are literally going to empty the bank account of my dumb ass grandma who can't stop installing malware, and in every way is better served by a flip phone from the early 2000's.

      • AnthonyMouse

        today at 7:14 PM

        > If you don't think this is right, you are literally going to empty the bank account of my dumb ass grandma who can't stop installing malware, and in every way is better served by a flip phone from the early 2000's.

        Then why are you demanding that everyone else's mobile computers have to be locked down instead of demanding that somebody make a mobile phone that only makes phone calls?

  • beeflet

    today at 4:23 PM

    Anyone will be able to lob legal complaints against your self-hosted mastodon instance if they don't like you, which will bring cops to your door like milkshake brings boys to the yard.

    • embedding-shape

      today at 4:27 PM

      Yes, again, you run a public service, expect to have to follow regulations for public platforms, not sure why anyone would expect something else.

      I was talking about creating/running software for yourself, in a self-hosted scenario, not just "I run the software, but it's for others" but really "I run software and it's for myself and/or my family, no one else"./

      • beeflet

        today at 4:49 PM

        The point of a social network, or blogging or whatever is that it's for others. Furthermore, I think people have the right to free speech and should have the ability to reasonably address the public square (for example, with a blog, or a forum or something).

        What I'm saying in the previous comment is that regulations requiring "Age checks, encryption backdoors and other bad/annoying stuff" also apply to small hosts and can be abused like DMCA (unless you are hosting on tor/i2p with good opsec).

        It's this notion that any regulation is good because it's done on a "big bad public company" that is at the heart of what I disagree with. At what point do you become a "big bad company"? Does anna's archive count? they accept donations. It just doesn't seem like a fleshed-out worldview.

        • embedding-shape

          today at 4:57 PM

          > What I'm saying in the previous comment is that regulations requiring "Age checks, encryption backdoors and other bad/annoying stuff" also apply to small hosts and can be abused like DMCA (unless you are hosting on tor/i2p with good opsec).

          Yes, just like even if it's just you and your bakery, you still have to follow a bunch of health and food safety regulations, as you're providing something people can be harmed by.

          I don't think it's so out of this world to require similar things for platforms and services available to the public on the internet. Although I wouldn't maybe say it should be straight up illegal, I wouldn't mind more research and understanding of how we could prevent the biggest harms, without infringing on what people do in private. But then is a self-hosted Mastodon instance connected to the public internet and other instances in public or in private? Personally I'd lean towards the first.

        • AnthonyMouse

          today at 7:17 PM

          > At what point do you become a "big bad company"?

          Revenue exceeds 0.1% of US GDP or market share exceeds 10% of their own market.

• bullen

  today at 5:16 PM

  I would say:

  1) Use HTTP (secure is not the way to decentralize).

  2) Selfhost DNS server (hard to scale in practice).

  3) Selfhost SMTP server (also tricky).

  4) Know and backup your router (dd-wrt or iptables).

  JSON over HTTP is the way.

  XML is not bad for certain things too; even if I understand the legacy of abuse.

  • almatia

    today at 8:08 PM

    There are bridges for Matrix (JSON)-ActivityPub (XML), one in Elixir: https://github.com/technostructures/kazarma/

  • zrm

    today at 5:45 PM

    > Use HTTP (secure is not the way to decentralize).

    This doesn't seem like useful advice. If you're going to use HTTP at all there is essentially zero practical advantage in not using Let's Encrypt.

    The better alternative would be to use new protocols that support alternative methods of key distribution (e.g. QR codes, trust on first use) instead of none.

    > Selfhost DNS server (hard to scale in practice).

    This is actually very easy to do.

    • bullen

      today at 6:03 PM

      Let's Encrypt is not part of our friends here.

      DNS is easy for yourself, but if you host it for others (1000+ of people) and it needs to have all domains in the world, then it becomes a struggle.

      • zrm

        today at 6:57 PM

        Let's Encrypt is a non-profit that defeated the certificate cartel. The main thing you get from using HTTP without it is bad security.

        DNS can answer thousands of queries per second on a Raspberry Pi and crazy numbers on a single piece of old server hardware that costs less than $500.

        • bullen

          today at 7:53 PM

          No root certificate is decentralized.

          If your DNS port is closed by your ISP, you can't have people use your DNS server from the outside and then you need Google or Amazon which are not decentralized.

          Also to be selfhosted you can't just forward what root DNS servers say, you need to store all domains and their IPs in a huge database.

  • pixl97

    today at 5:21 PM

    1) so how do you validate the http the client receives is the http you sent?

    • forgotmypw17

      today at 5:25 PM

      Validate it yourself with hashing and PKI. Yes, it needs bootstrapping, just like centralized HTTPS needs bootstrapping.

      • bullen

        today at 5:33 PM

        Wow, thanks!

        Also if people need more food for (decentralized) thought:

        https://datatracker.ietf.org/doc/html/rfc2289

• hermitShell

  today at 4:15 PM

  What do you think of the pace of hardware level freedoms? My context is also from Corey Doctorow: https://youtu.be/3C1Gnxhfok0?si=RjmADE5pQ3s7fBIk

  For me the freedom to own my computer means I can run any software I want on it.

  Self hosting is predicated on some openness of computing in general. Interestingly it still does not practically allow you to use certain services like Google Maps, where even if the end user has great benefit, they get it for free because they give back their data.

  • beeflet

    today at 4:21 PM

    There are the openstreetmap mapping apps (OSMand, organic maps)

    • fsflover

      today at 4:26 PM

      Organic maps should be used instead of OSMand, https://news.ycombinator.com/item?id=42343121

      Or maybe Comaps, https://news.ycombinator.com/item?id=43961908

      • handedness

        today at 5:13 PM

        I share your preference for Organic Maps over OsmAnd, and while I haven't been daily-driving CoMaps for long (nor has anyone, really) I already significantly prefer it over Organic Maps. I need to use it long enough to see what the edge cases are like, but after using it three time zones worth of rural places and dense cities, it has worked well.

• today at 5:34 PM

• fsflover

  today at 4:13 PM

  > How do I win this battle with big tech?

  Support https://edri.org and https://noyb.eu

Interoperability is what made the Web possible. Not sure I buy that it will save it without a fundamental change in people's behavior.

Image you are a 1960s household and RCA tries to sell you a TV to only watch ABC and Zenith has a TV to only watch CBS. 60 years later linear TV is unwatchable by normal humans IMO. It's not like "let advertising pay for this" enshittifying an entire industry hasn't happened before.

If you look at the healthcare space, you will realize interoperability only exists because it was mandated by government programs that the patient owns their data and must be provided timely access to all of that data; and also defines specifies the format of that data (open source definitions).

You might also define "exists" in some sort of way that makes sense. And you can also realize that payers are encroaching on every aspect of interoperability data exchange.

• skywal_l

  today at 3:44 PM

  It was mandated because, in some cases, getting data from the patient is actually harmful. A CT scan is not benign. So to ensure that CT scans from manufacturer A could be read on a review station of manufacturer B, the DICOM standard was created.

  But there is a real health element to it. Although I perfectly agree that standards are good for the consumer, the incentives here are not as strong.

  • taeric

    today at 4:08 PM

    There are also similarly a lot of controls mandated on who they cannot give the data to. It isn't like health records are an open free for all.

• jabl

  today at 4:40 PM

  I know nothing about IT project management for healthcare, but just the other day over here in the local news there was a mention that the all-singing-all-dancing healthcare application that the region (with ~1M inhabitants) has been spending years and around 800 million euros to get into production has been so poorly received that they're considering starting over from scratch. I'm so happy seeing my tax money well spent...

  This is an implementation of something called MUMPS, which is apparently some US system that is very arcane but widely used.

  Again, I'm not an expert on this topic, but it indeed seems like standards, API's, file formats and whatnot would be keys to a system where decoupled components can be evolved step-by-step over time instead of the current system which seems to be a humongous monolith.

> Cory Doctorow: Canadian-British blogger, journalist, and science fiction author who served as co-editor of the blog Boing Boing

[dead]

Previously:

Interoperability can save the open web - https://news.ycombinator.com/item?id=37399799 - Sept 2023 (97 comments)

(Published: 05 Sep 2023)

• tomhow

  today at 5:35 PM

  Thanks! Title updated.

offtopic: i've always read cory doctorow as cory dotcrow. anybody else?

• today at 5:25 PM

> we can propose two different rules for Twitter ... an end-to-end principle ... If I follow someone, and they post something, I can see it. That rule makes it really hard for Twitter to overweight content from its preferred suppliers. On top of that we add the Right to Exit. This is the right to leave Twitter without losing your followers and followees. This would be a mandate to stand up an API,

I don't even understand what the first point is even proposing, legislating use cases now? It's gotta be some dog whistle about Twitter pushing "fascism" and entirely hinges on the weasel word "overweight"

The second statement just seems like a category error. In what way can you leave twitter yet still retain followers and followees. Those words only mean something in the context of Twitter. We have no relationship in the world. If I follow someone on twitter and then they exercise their "right to exit and retain" do i now follow them on tiktok and mastodon and telegram and etc. No of course not.

Suppose I hate nazis and follow all the nazis on twitter. Now I exercise my right to exit. What data about the people I hate will Twitter be forced to provide me?

• MSFT_Edging

  today at 3:55 PM

  It's an observable metric. If I don't follow any "return to tradition" Statue PFP style posters, how often should the "for you" tab show you those style posts compared to posts by people I follow, who they follow, and who they interact with?

  Pre and post acquisition it was a clear shift. I would only see that style of poster when people I followed purposefully interacted with them. Post Acquisition, I began to get many more anti-immigrant, pro-white, pro-nationalism style posts in my feed.

• lokar

  today at 3:24 PM

  The use of overweight seems clear to me. You have a feed of items sorted by some score, when calculating scores you have to weight different factors.

  Seems pretty clear, and subject neutral

At some point this will be solved by AI, where you can just say: hey chatgpt, turn this powerpoint file into a keynote file.

• goldenarm

  today at 4:55 PM

  AI is poisoning the well of scraping and automation really fast. It generates so much spam, everyone is starting to block robots now.