Platform VS opensnitch

Open, permissionless networks beat closed, proprietary ones once they are good enough.

I spent 10 years and over $1 million from my company’s revenues to build an open source social operating system to power pretty much all the applications you’d want:

https://qbix.com

Hope it helps! About to release v2.0 on GitHub

https://github.com/Qbix/Platform

(And 5 years ago spun off https://intercoin.org/applications — we are still in the development stage on that one).

You might also like our platform that we’ve been building for 12 years and are preparing to launch:

https://github.com/Qbix/Platform

We have been doing it! Join us!

It isn’t perfect but we are ahead of most others (Mastodon, Matrix). We have spent TWELVE YEARS building the free, permissionless open source platform for anyone to assemble and host their own community software with all the features of Facebook/Twitter/TikTok for their own community:

https://github.com/Qbix/Platform

We are about to roll out version 2.0 — I have never done this before but I would like to invite whoever wants to learn about it or build on it, to a Zoom webinar where I will demo anything and answer any questions. The next Webinar will take place on our own platform — no Calendly, no Zoom, no Google, just the free open Web.

Anyway, sign up here if you want. Will do it every Sunday August:

https://calendly.com/qbix/qbix-2-0-platform-demo

This is true not just for analytics but pretty much all features.

Imagine you are a great speaker and instructir and have an audience. Right now you GIFT it to YouTube, Twitter, etc. and they monetize it for you, give you a ting percentage, and even constantly direct your audience to competitors and other distractions. In fact YouTube even sells an option to advertise your videos on your competitor’s videos!

I say — opt out. Run your own everything! It’s hard to build an open-source alternative that is good enough (no, Mastodon and Bluesky aren’t — yet).

Which is why (shameless plug warning) I spent 12 years and $1 million dollars with my team to build it. https://github.com/Qbix/Platform

Use it — as 1 of hundreds of features, you can have your own analytics on your own database on your own community site. The other features are here: https://qbix.com/features.pdf

I hope they don't do it.

I've had a similar situation with PHP, where we had written quite a large engine (https://github.com/Qbix/Platform) with many features (https://qbix.com/features.pdf) . It took advantage of the fact that PHP isolated each script and gave it its own global variables, etc. In fact, much of the request handling did stuff like this:

  Q_Request::requireFields(['a', 'b', 'c']);

I am the king of this. It has been 12 years and we had 6 million users — and we still have yet to ship Groups for Android for example.

Oh wait I have you one better — it has been 12 years and https://github.com/Qbix/Platform is only now almost ready to be released, as v2.0

Sure we “ship” it all the time, on github. We even released v1.0 but we didn’t announce it

People who discover https://qbix.com are shocked that there is a decentralized open source alternative platform to Facebook and Twitter that is far more full-featured than Mastodon, Bluesky or even Matrix and they never heard of it.

Well… the problem is that I picked a very complex space, one where no one got this far except for billion-dollar companies. People kept expecting everything to be real-time and rock-solid, and even when we finally got that done after many years, they still complain it “doesn’t look as good as Twitter”.

Every time I shipped half-baked stuff, it didn’t actually take off. Now, I believe it WOULD have taken off if it had a low demand surface area (eg Bitcoin just stores value and transfers it, period). But I tend to build stuff that is similar to what people use EVERY DAY, and that kind of stuff accrued lots of features.

Oh yeah my other project https://intercoin.org blockchain platform took 5 years to create. During that time we went from a crypto winter to a super bull market in crypto to another winter with super bear skepticism on HN.

On HN we knee-jerk get lumped in with stuff that isn’t even blockchain, like FTX or Binance, or ridiculous shitcoins that have no utility at all.

Our stuff is FREE AND OPEN SOURCE and you use it if you want, or don’t. Before complaining that it even exists to help people for free, or calling it a scam, at least click the link to https://github.com/Intercoin

A word about regulations, because you shouldn’t “just ship” in violation of laws (unless you’re Uber or AirBNB lol). Even though we raised money in an ICO pursuant to Reg D and Reg S exemotions, filed Form D with the SEC, got people who worked at the SEC as active advisors, complied with laws in multiple other jurisdictions, innovated in many areas of securities law, and carefully developed tokens to fit the No-Action letters grantsd to projects like PocketFullOfQuarters, people on HN just assume that we are like most of the others who didn’t treat their tokens as securities. Which is understandable. (I am not admitting the token ARE securities, this is a matter of opinion that a judge would determine, merely that we didn’t want to take the chance that the original transactions weren’t securities transactions.)

Btw besides securities there is also this FATCA, FINCEN and other stuff that many startups here should read even if they aren’t making web3 or crypto projects, but ARE dealing with money and payouts to people on their platform: https://www.fincen.gov/sites/default/files/2019-05/FinCEN%20...

https://github.com/Qbix/Platform/commit/704ee677a6937f0b20a26d6a3c56f6aff812ab47

2. Implemented stream.ephemeral(payload) that can be sent to any stream now, and whole system of ephemeral is now working parallel to messages. Unlike messages, ephemeral isn't saved to the database, doesn't trigger notifications for subscribers, and the order doesn't matter. It's for things like "Typing..." indicators and other temporary things. Ephemeral is like UDP while Messages is like TCP.

For a framework that is radically different but also PHP-native (since PHP 5), would you like to spend an hour playing with https://github.com/Qbix/Platform ?

If you do, please share your experience in a comment. I’d love to hear it. I architected this framework over the last decade :)

Author here. Happy to see this went viral.

I have spent 12 years and 1 million dollars to date (no exaggeration) on a project to hopefully help people get a viable alternative to the Big Tech, and have choice where to host the infrastructure they typically expect from Facebook, Twitter, Telegram etc. It’s open source and it’s the only way you can make it expensive to backdoor everyone in bulk, or shut down a platform altogether:

https://github.com/Qbix/Platform

If you spend an afternoon playing with, I think you’ll feel like you’re discovering superpowers (like Batman or Iron man or something). It’s free to use. We’re launching https://qbix.com/ecosystem soon, with courses and certification so anyone who wants to learn, click on my profile and email me.

And if you like what we do and you’re thinking of supporting us with $100 or more, feel free to do it here… November 5 we are launching, until then you can voluntarily put a “no-obligation” contribution: https://wefunder.com/Qbix

opensnitch has existed for a while now. I've never used it, so I can't comment on how well it works.

https://github.com/evilsocket/opensnitch

If you prefer a GUI try https://github.com/evilsocket/opensnitch

The whole BPF verifier and development process is so botched, it's ridiculous. It's like maintainers decided to make this as hard as possible out of pettiness and "they have to use C APIs instead" or something.

- Loading an eBPF module without the CAP_BPF (and in some cases without the CAP_NET_ADMIN which you need for XDP) capabilities will generate a "unknown/invalid memory access" error which is super useless as an error message.

- In my personal opinion a bytecode format for both little endian (bpfel) and big endian (bpfeb) machines is kinda unnecessary. I mean, it's a virtual bytecode format for a reason, right!?

- Compiling eBPF via clang to the bpf bytecode format without debug symbols will make every following error message down the line utterly useless. Took me a while to figure out what "unknown scalar" really means. If you forget that "-g" flag you're totally fucked.

- Anything pointer related that eBPF verifier itself doesn't support will lead to "unknown scalar" errors which are actually out of bounds errors most of the time (e.g. have to use if pointer < size(packet) around it), which only happen in the verification process and can only be shown using the bpftool. If you miss them, good luck getting a better error message out of the kernel while loading the module.

- The bpftool maintainer is kind of unfriendly, he's telling you to read a book about the bytecode format if your code doesn't compile and you're asking about examples on how to use pointers inside a BPF codebase because it seems to enforce specific rules in terms of what kind of method (__always_static) are allowed to modify or allocate memory. There's a lot of limitations that are documented _nowhere_ on the internet, and seemingly all developers are supposed to know them by reading the bpftool codebase itself!? Who's the audience for using the bpftool then? Developers of the bpftool itself?

- The BCC tools (bpf compiler collection) are still using examples that can't compile on an up-to-date kernel. [1] If you don't have the old headers, you'll find a lot of issues that show you the specific git hash where the "bpf-helpers.h" file was still inside the kernel codebase.

- The libbpf repo contain also examples that won't compile. Especially the xdp related ones [2]

- There's also an ongoing migration of all projects (?) to xdp-tools, which seems to be redundant in terms of bpf related topics, but also has only a couple examples that somehow work [3]

- Literally the only userspace eBPF generation framework that worked outside a super outdated enterprise linux environment is the cilium ebpf project [4], but only because they're using the old "bpf-helpers.h" file that are meanwhile removed from the kernel itself. [5] They're also incomplete for things like the new "__u128" and "__bpf_helper_methods" syntax which are sometimes missing.

- The only working examples that can also be used for reference on "what's available" in terms of eBPF and kernel userspace APIs is a forked repo of the bootlin project [6] which literally taught me how to use eBPF in practice.

- All other (official?) examples show you how to make a bpf_printk call, but _none_ of them show you how to even interact with bpf maps (whose syntax changed like 5 times over the course of the last years, and 4 of them don't run through the verifier, obviously). They're also somewhat documented in the wiki of the libbpf project, without further explanation on why or what [7]. Without that bootlin repo I still would have no idea other than how to make a print inside a "kretprobe". Anything more advanced is totally undocumented.

- OpenSnitch even has a workflow that copies their own codebase inside the kernel codebase, just to make it compile - because all other ways are too redundant or too broken. Not kidding you. [8]

Note that none of any BPF related projects uses any kind of reliable version scheme, and none of those project uses anything "modern" like conan (or whatever) as a package manager. Because that would have been too easy to use, and too easy on documenting on what breaks when. /s

Overall I have to say, BPF was the worst development experience I ever had. Writing a kernel module is _easier_ than writing a BPF module, because then you have at least reliable tooling. In the BPF world, anything will and can break at any unpredictable moment. If you compare that to the experience of other development environments like say, JVM or even the JS world, where debuggers that interact with JIT compilers are the norm, well ... then you've successfully been transferred back to the PTSD moments of the 90s.

Honestly I don't know how people can use BPF and say "yeah this has been a great experience and I love it" and not realize how broken the tooling is on every damn level.

I totally recommend reading the book [9] and watching the YouTube videos of Liz Rice [10]. They're awesome, and they show you how to tackle some of the problems I mentioned. I think that without her work, BPF would have had zero chance of success.

What's missing in the BPF world is definitely better tooling, better error messages (e.g. "did you forget to do this?" or even "unexpected statement" would be sooooo much better than the current state), and an easier way to debug an eBPF program. Documentation on what's available and what is not is also necessary, because it's impossible to find out right now. If I am not allowed to use pointers or whatever, then say so in the beginning.

[1] https://github.com/iovisor/bcc

[2] https://github.com/libbpf/libbpf

[3] https://github.com/xdp-project/xdp-tools

[4] https://github.com/cilium/ebpf/

[5] https://github.com/cilium/ebpf/tree/master/examples/headers

[6] https://elixir.bootlin.com/linux/latest/source/tools/testing...

[7] https://github.com/libbpf/libbpf/wiki/Libbpf-1.0-migration-g...

[8] https://github.com/evilsocket/opensnitch/blob/master/ebpf_pr...

[9] https://isovalent.com/learning-ebpf/

[10] (e.g.) https://www.youtube.com/watch?v=L3_AOFSNKK8

Close to zero most probably. If you want something different, to block/monitor what applications access the internet, block ads, etc, try https://github.com/evilsocket/opensnitch

The last thing I built from source was a suckless utility which was nothing but a treat to play with and hack on, so I felt confident I could manage this even though the project's wiki page on compilation warned that it might fail on distro's other then debain and ubuntu. First order of business was translating the apt-get command for the dependencies into an emerge command that would install the same packages. Once that was done, I went on to the go dependencies which all seemed to install without a hitch except for the first one which gave this "build constraints eliminates all Go files" message but didn't tell me that the installation had failed otherwise. I spent a good amount of time trying to decipher this message which eventually turned into just familiarizing myself with go since I hadn't really touched it before before deciding it was fine. Then I tried to build it. It didn't work.

OpenSnitch is a clone of the popular 'LittleSnitch' firewall for Mac. The main feature is that it will tell you about every single connection your computer is doing. A bit annoying for the first few days, but not too bad once you've already allowed the apps you use regularly. I think this would have been the perfect tool for the job.

take a look at opensnitch or picosnitch