DOX: Letter Explaining Ed's Plans for Future Project I just found this--it supplies missing dox about the international activism project. It's a letter that Ed wrote to da5id and gregg attempting to explain his vision and to persuade them to support it. He asked me to help him communicate these things more effectively, but we didn't get too far with that because I lacked the tech background to confidently edit this, and Ed was resistant to most of my suggestions about diplomacy. I've redacted some personal stuff but otherwise left it intact. Later on I will paste this into one of the other threads but for now I'd like to make sure it gets seen.Gregg, Da5id. After our latest argument i feel we all should get on the same page, to avoid frustrations, future malcommunication and or false expectations. I'll get things of my chest and do my best to communicate possibilities, possibly noteworthy considerations and attempt adding forms of constructive criticism at current conceptual approaches. I will also explain how i feel about how this all went down and why, i would rather be honest about it and us work towards avoiding such feelings --yes a lot of those improvements will be for me to make, however i hope you will appreciate straightforwardness instead of take issue with some of the feelings i (might wrongly) express. For starters, i am going to say the obvious. I take this project at hearth, i quite literally live and breath it day in day out. Bordering the obsessional --I do not think there has been a single day i haven't been trying to find problems and or solutions. Yes, so far this hasn't brought forth anything tangible, this is in part a failure on my end but also a current lack in committed resources and manpower. Having thought and studied things for a long time does not mean i have answers to everything, i am no oracle of wisdom --and want to stress that brainstorming and research should be done, but preferably with a different outcome than now, i.e healthy arguing not the type that ruins everyone’s day. So lets talk about frustrations, i am not pointing fingers this is on me. Many of them stemming from the wounds that need to heal [a little bit of personal stuff has been redacted here--Ed's theories about the interpersonal dynamics between the admins] Another possibly is that i look for too many problems, and more complex solutions -- or possibly that my vision is very different from that of either of you, in any case we need to talk openly --even if it means saying no. Part of better communication will also mean i should stop assuming you guys know what i think, and when direct communication such as IRC is failing to convey criticism, move onto for example email, where an argument can be explained and thought through a little bit more than "i see several problems with X-Y-Z". you're a fag "no, you". Onto why i think that in our case using services like amazon ec2 is a bad idea. While from a conventional business perspective using such a service makes absolute sense, we need to keep in mind that we don't and wont be able to fit that picture. The way i see it we are working towards an ideological enterprise, prone to a multitude of attacks, online, offline --attacks fueled from zeal to conflict of interest. Lets for the sake of my argument say that there is a marblecake of fortune 100 companies. Lets also assume for a second that what would cause surges in traffic is when one of those companies is found doing something less than kosher: e.g a financial institution. Someone starts a movement, it goes viral: we need overcapacity quick and based on the cloud suggestion rely on a fortune 100 company as fail over. the naughty financial institution puts pressure on amazon, the best possible outcome is that amazon decides to terminate the service, leaving us dead in the water. Remember that amazon is a conventional business and deals in money, not in ideology. While i am not saying that we will start off with the same amount of pressure as for example wikileaks sustains, we can't reasonably exclude that from happening. Protecting people from ourselves, data retention policies, dealing with raids and subpoenas. While we encourage the use of the tools we make available for legal purposes it is the sad truth that with every good thing you'll have bad people abusing the system. You also have good people caught in the cross-fire of other peoples wrong doings. A simple and plausible scenario: A student from london disapproves of the increase in tuition fee's and decides to start a movement, the word is spread amongst students the effort goes viral. Protests start to happen and before you know it they turn into riots. This was not the creators intent, but zealous politicians urge law enforcement to make an example out of this person, because "clearly" without this person none of this would have ever happened. How do we deal with that? If we were to facilitate such a person being made an example of, we would sign our death certificate, no one would trust or rely on us for anything --even the most benign of movements or initiatives can take an ugly turn. Now imagine that the question of protecting this person is not up to us but for example amazon. Ideally, the least amount of arbitrary decisions are possible to be made, the better. This would mean that while pressured we couldn't comply even while we would want to. In other words not being able to follow through or delaying such requests as long as possible. Again: While we promote legal actions we can not take that as a reason not to protect ourselves as well as the users from political and interest motivated attacks. How? I don't know, i am not an expert in any of the domains required to figure this one out --and while i am not trying to design a system that is bulletproof it should at least be bullet resistant (comment credited to da5id) both from the in and outside. What Follows is a suggestion, its not a starting point but a broader vision of a possible way of achieving a more or less resilient system. Yes this is expensive, yes this is not as efficient as it could be, but the character of the enterprise i believe does as argued before dictate that we think outside of the conventional and competitive box. Also keep in mind, that while we are now on a shoe string budget, this might not be the case forever. When it comes to grants, compartmentalizing the organization will allow us to apply for different types of grants for different purposes -- it also will not narrow our options down to the very few that would fund the project in its entirety. Bear in mind that governmental and private grants are substantial, they have a set budget --often their interest is in allocating as much of it as possible as quickly as possible, with the least amount of paperwork. they will often favor applications asking for high 6 to low 7 figures over someone asking for pocket change. Ideally we over time do enough of a good job to allow the organization to less rely on grants, but instead rely on service fee's and donations. It's even not entirely unforeseeable to have it turn a profit. See attached picture. [If I recall correctly, this refers a sort of Venn diagram showing how various parts of the plan were related. It was complicated.] Random Clarifications: will try to remain coherent. Bottom line is: While it starts with one organization try and branch of as much as possible into different legal entities. For example, while starting of taking all the heat on the hosting front, grow the isp division into independence. Rely on the carrier level division to save on a lot of overhead costs, making the necessary overcapacity to be financially viable for the federation. I believe this is called dynamics of scale. Another advantage of that becoming its own legal entity is that all it does is being a network service provider i.e it can benefit from the laws that might protect carriers but would not protect the entire initiative. What is this whole federation thing about? The federations are independent actors which take away a lot of the heat, by setting up not for profit hosting providers. We offer them the necessary technical and administrative guidance and services. These non profits can for example rent cages / suites in carrier neutral datacenters, or for all i care run a datacenter in their basement (aslong as it is connected to a metro ring and can reach an exchange). Another division/legal entity (hardware) sells or leases them prebuilt clusters. Think of plug and play clouds. A portion of that cluster is dedicated to the activism platform, another is available for external services and also serves as overcapacity for the platform in times of need. The independent actor can host others than us on the external service portion. Selling points being that what they purchase is resilience and support charity. Other ngo's fund the idle overcapacity. We pay service fees to the independent federations. What do those clusters do: They host and replicate the service amongst themselves. If one node/cluster goes down for whatever reason the impact should be nil. What is this granting permission between federations and system administration meaning? Having root is bad, it means that data we don't want out can be obtained by a single person / entity. The suggestion is to have a protocol in place for doing system maintenance. For example there is a literal switch putting the system in maintenance mode. Meaning that the database(s) are removed from the system traffic is offloaded onto the rest of the network(federations). System administration does the necessary updates under supervision. Once done the switch is flicked system administration is locked out again the database(s) are gradually downloaded back onto the systems. What is Quality assurance between system administration and the development division. Quality assurance makes sure that the updates that are being suggested don't contain any backdoors or other attack vectors. If they find none they ask the development division to release for example a hash of the update files, so the federations can see whether the update being installed by the system administration hasn't had any last minute changes. Again this is about trying to limit the possibility of one single entity going rogue and doing actual damage. this might not be the best approach, what i am trying to do is motivate this form of conceptual thinking. About naughty people and - attack -> ???! We won't be doing a good job if no one is led to put any form of pressure on us. The reasoning behind the federation model is that it is virtually impossible to sue / pressure all of them at once, and that attacking one or several of them would not affect the entire operation. They could go after the head, which at best in their case would mean development and certain service upgrades are delayed, not stopped. About us - success - and books. This is entirely figurative, while this might be one way of starting of this venture i wouldn't say it is sustainable it was mostly intended as a joke. This isn't about us. Another random thought in favor of compartmentalizing things is the odd example of organized scientology, look at how much of a legal maze and nightmare it is for people to investigate its fronts, structure, etc. While we're not in this to exploit people like scientology is, we might as well look at what we know works for them. Random thought: Stimulate and valorise each and every individual working on / within this project. Make a website - "we make this possible" with random profiles of those that chose to tell their story about why they joined and work for this organization. This isn't about us --this is about the people making it possible. I hope the rest is more or less self explanatory, it is an incomplete idea, tear it appart if you like. My main point is: think ahead and find a way to bridge from where we are to where we want to be. Thanks for reading.