My talk from the local-first conference is up! In it I discuss the difference between local-first and offline-first, and propose a direction for the community in the coming years https://www.youtube.com/watch?v=NMq0vncHJvU&list=PL4isNRKAwz2O9FxP97_EbOivIWWwSWt5j&index=2
@martin Exactly that is what I'm dreaming of as well! Is there a place I can contribute to this vision? #localfirst
@martin I suspect one of the trickiest parts of the "server goes away" scenario will be auth and data permissions. If we stick with the "logic lives in the client" principle the trivial solution is pairwise trust between participating devices with E2EE protecting synced data in the cloud, but y'know, the usability/performance kind of sucks here. I'm curious to see what an appropriate middle ground could look like.
I really like how the emphasis has shifted from “real-time collaboration with crdts” to “interoperable servers for device syncing”. I always felt that 90% of times I had to move away from local software into closed platforms was for the convenience of having my data available across devices.
Also dig the "protocols, not platforms" vibes
@martin I see there were 19 speakers; do you know whether all the other talks will be posted? The channel currently has six.
Also, pleased for the local-first movement to have serendipitously turned up in my feed (in the form of your talk) just as I was thinking through these very problems for something I'm working on.
@herne Glad to hear that! Yes, I believe the plan is for all talk recordings to be available eventually. Maybe they're still being edited.
@thomask We’re just kicking off a project to build a general-purpose auth+e2ee layer for local-first apps. Whether it will be good enough to serve as part of a standard protocol waits to be seen, but we’re trying. The aim is to be compatible with both client-server and p2p use.
@martin Fascinating, and very much needed. I'll follow with keen interest.
@holtwick Great! At the moment we’re still at the stage of making the individual implementations great before it makes sense to start the standardisation process. So I suggest you pick an implementation you like, use it, and help figure out how to make its sync protocol better. Both Automerge and Yjs have current projects to improve their respective sync protocols.
@martin Awesome, thanks. I'll take a look. Besides the "generic" implementation, I would personally like such a service to be content agnostic i.e. it should be rather "dumb" and all data passing should be E2EE. I guess "zero trust" is the right buzzword ;) I created such an implementation for my projects, maybe I find the time to wrap that up and present it in a blog article. Thanks for the initiative and inspiration. Great to see that such a vivid community is pushing these promissing ideas.
@holtwick I agree! Would love to read your thoughts if you write them up. We’re just about to spin up a project to develop a generic e2ee layer for Automerge that will work both with untrusted sync servers and p2p.
@martin As promised, the blog article describing my approach to sync for my #localfirst apps. The idea is pretty trivial and probably common practice, but well ... the simpler the better ;) Maybe it will give you a little inspiration anyway. The text is available in German and English. https://holtwick.de/en/blog/localfirst-resilient-sync
@swick @holtwick A partial answer is in this paper: https://eprint.iacr.org/2020/1281 — the algorithm offers similar security to MLS, but decentralised. We’re currently working on filling in the bits that are missing in that paper, especially the group membership algorithm
