FLOSS Weekly 709 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.

Doc Searls (00:00:00):
This is FLOSS Weekly. I'm Doc Searls, and this week Aaron Newcomb and I talk with Jason Griffey of NISO about the library box project he worked on for a number of years, which is a really great project to have this private on the net, but off the web standalone thing that would work in libraries, but lots of other places and experiences with the success and failure of that in some ways because technology and regulations and procedures and other things move on and how do you keep something alive and what is still useful about this thing. There's still promise in it. And in other projects he's worked on lot of learnings in this one. And that is coming up Next.

Announcer (00:00:47):
Podcasts you Love from people you trust. This is TWiT.

Doc Searls (00:00:54):
This is FLOSS Weekly, episode 709, recorded Wednesday, November 30th, 2022. The tiny free library that could, this episode of FLOSS Weekly is brought to you by Kolide. That's Kolide with a k. Kolide is an end point security solution that gives it teams a single dashboard for all devices regardless of their operating system. Visit to learn more and activate a free 14 day trial today, no credit card required and by code comments and original podcast from Red Hat that lets you listen in on two experienced technologists as they described their building process and what they've learned from their experiences. Search for code comments in your podcast player. Good morning, good evening. Good whenever it is, wherever you are. I am Doc Searls. This is FLOSSWeekly, and I am joined this week by Aaron Newcomb in his, his la There it is. His that's right, his, his background layer. <Laugh> probably something. Yeah. My virtual

Aaron Newcomb (00:02:03):
It does, in fact, you can even see, wait, over on this side. You can see my son's dishes in here, in this picture I

Doc Searls (00:02:09):
Took, I forgot <laugh>. They were left there.

Aaron Newcomb (00:02:11):
I forgot to get rid of his. This is where he stores all of his dishes. He's got like five bowls over there and this is where he plays all his games. And then I sit in the center position just right behind me there. But yeah. Good to join you today, doc. It's been a while since I've been on.

Doc Searls (00:02:25):
It's been a while. It's great to have you on the show and I, I, I want you on this one because it's, it's about old stuff in this case. Stuff that, not entirely about that, but stuff that's not necessarily worked out unless is to be learned. You're, you're our retro guy. I think pretty much all our cohosts are retro people to some degree, but you're all away. You're, yeah.

Aaron Newcomb (00:02:46):
And I

Doc Searls (00:02:46):
Love hardware hacking

Aaron Newcomb (00:02:48):
For sure. And I love hardware hacking as well. So I love hacking on raspberry pies and Arduinos and routers in some cases. And I think that's somewhat related to what we're gonna be talking about today. So I'm excited to learn about this project and I'm familiar with Pirate Box. And so this project, the library box, which I think is built off of that we'll have to ask our guests is somewhat familiar to me, but I don't know what the differences are. And I don't know when you would choose one or the other. And I don't even know which, what hardware I should be using. So it'll be interesting to if I've got, if I've got the hardware at my disposal, I'll grab it and and attempt an installation while we're talking. So

Doc Searls (00:03:28):
I was, I was thinking if, if, if, if, if you were to resurrect this project, that would be an interesting <laugh>, an interesting outcome and something to revisit. So, I, I wanna jump into it because I think there actually is a lot to talk about with our, with our guests. It's Jason Griffey, he's the Director of Strategic Initiatives at nso, that's N I S o which is I, I have to disclose his, is run by my son-in-law, <laugh>, my holding favorite son-in-law. Before that he worked as an affiliate at the Metal Lab and a fellow at an affiliate at the Berkman Client Center for Internet at Society at Harvard, where I also served time, but only as a fellow <laugh> I ever got the affiliate badge. He's also written multiple books on, on, on AI and machine learning and libraries. And it just goes on. It's such an extensive cv and machine learning stuff. One of eight winners of a Night Foundation News Challenge for libraries and the, and for the Measure of the Future Project, you have the library box project. Those are the two main things we're gonna be talking about, I think. He says it can be stocked obsessively online. Anyway, all of that aside, welcome to the show, Jason.

Jason Griffey (00:04:49):
Hey, doc. So great to be here. Thanks for the invite. And I look forward to talking about, you know, projects and hardware hacking today.

Doc Searls (00:05:00):
So, so, so I have an important question to start out with is Sure. Y'all went to Carolina. Are are you still tar heel by by favor?

Jason Griffey (00:05:08):
I, I got, I gotta tell you. I I do, I do still, do you still claim the Tar heels? Yeah. Yeah.

Doc Searls (00:05:13):
You still bleed blue? Still

Jason Griffey (00:05:14):
Still bleed. Still bleed that color blue. You have to, it's a very specific shade, especially in North Carolina. Yeah, it's a pm You don't wanna get darker. You don't want, you don't want that darker blue <laugh>. We don't, we don't claim the, we don't claim the the, the, you know, the Duke Blue. So gotta be careful about that.

Doc Searls (00:05:33):
I hate to say I do <laugh> cause I, cause I worked at Duke for a while that physically at Duke, but not in Duke. It was one of those institutions hanging off the side. I went to Duke games in the seventies when they started to not suck again and nobody knew they would end up being like, you know, the other Kentucky.

Jason Griffey (00:05:53):
Legendary. Yeah,

Doc Searls (00:05:54):
Legendary. Yeah. So so tell us about, I mean, it's, I mean, libraries are interesting to me and, and you're, you, you hack the physical library, it seems to me that's where your interests lie, which to me, the library's not a library unless it's, it's it's physical. And even though I, I love everything that is doing around that. But tell us about what, what got you into that and why you're still seem to be there.

Jason Griffey (00:06:26):
Sure, absolutely. Yeah. Yeah. So, yeah, my background is as a librarian. I'm my, my have a degree in library science from UNC Chapel Hill. But my sort of history is all technology. My, you know, I grew up doing, you know, learning basic on a Commodore 64, right? Like that that sort of old school old school computer computer programming. And so, you know, grew up, hit college right at the heyday of the web. So, you know, had that sort of long tail technology background and then discovered libraries and the sort of growth of libraries. And that early two thousands, late nineties, early two thousands when things really did sort of start cranking from physical to digital in the library space. Certainly lots and lots libraries have a extraordinary history of sort of creating new digital things.

The, you know online catalogs and early search engines and things all sort of began originating in the library space in as early as the seventies, but the sort of late nineties, early two thousands when I, when I kind of came into that space was when there was a great deal of excitement right about the web and about what it might do for libraries. And so between that and my background in sort of general technology and my interest in hardware and in sort of open, you know, open source software, open source hardware when I got a job as an academic librarian, one of the very first things that I started sort of thinking through is, what can I do in this space, right? In this new sort of world to get some of those tools to be valued in the space? How can I sort of help push open source software and then with the rise of sort of, you know, raspberry pie on some of the other open source platforms, what can we do with this stuff in in the library space? So that's sort of where my interest and background and the, the ideas for the, the couple of projects that that I, that I put together came from.

Aaron Newcomb (00:09:04):
Yeah. Well, speaking of those projects, I mean, so that kind of leads us into library box specifically. How did Library Box get started? How long has it been around? Who's using it, et cetera, et cetera.

Jason Griffey (00:09:15):
Yep, sure. Yeah. So Library Box was a project that sort of came into my head in 2011 ish, something like that. And it came from you, you mentioned earlier the Project Pirate Box, which was an early sort of open router system developed by Dr. David Darts at nyu. Darts is an art professor, and it was sort of late 2010, early 2011 that he developed this project pirate Box, which was <affirmative> a a router that was a full size router, <laugh> I don't actually know the model that he originally used, but it was a full size router with like a big lead acid battery and a lunchbox powering the whole thing that he flashed with some open open firmware. And then modified the firmware so that it became a upload download local area network, right?

A little tiny web server where people could connect to it locally, or no, no other connection to the net, no broader sort of you know access Anywhere. Just this hyperlocal little network that was available for people to grab things off of and drop things onto. Right. Super fascinating project, really interesting in got a little bit of press. It was in ours, Technica, and a couple of other couple of other online news sources at the time. And I, I saw it and my first thought was, well, that, that's sort of like a little portable library, right? That's sort of like a, like a, like a little, little you know, hyper local little digital library that you can carry around with you. That sort of sparked the idea. And in Schmid 2011, something like that a hacker named Christian Rutin poured it, poured darts project over to open W r t, and which was an open source firmware replacement for these little tiny travel routers.

So it went from this project that needed sort of a big lunchbox and a full size router and a big battery. And like, you know, it was quite a little package that you needed. With this, with the hack that Trican put together you could run it on literally like a $30 travel router. And these are, these little boxes are not particularly common anymore, but in 2011, they were fairly ubiquitous. And these were originally designed the ones that were mostly used were by the company TP Link. And they were originally designed as little travel routers that you would take with you to the, the kind of built in purpose pre hacking was that you would take them to a hotel and plug them into the physical ethernet right? In the hotel room, because hotels at the time, still, you know, many of them didn't have wifi, public wifi.

And so you would plug the plug the ethernet cable in and it would give you, in your room a little local wifi signal that you could, you know, bridge over to the, to the ethernet. And so these little travel routers though, ran just a, you know, tiny little Linux kernel. And when flashed with open w r t, you could get in and you could customize the interface. You could customize what it did, and you could really sort of get in and dig around in the guts of the thing. And so in 2011, late 2011, Christian poured Pyra box over to these routers. And that was when I said, ah, <laugh>, okay. Now we went from something that was a couple hundred bucks to something that was $30. And I started messing around with it. And so the first thing I decided needed to happen, sort of to convert it from a pirate box to a library box was libraries are one of, one of the things that makes the library a library is that it's curated, right?

That there are experts who sort of look at their community and decide what the needs are, the information needs of the community are. And so it's not just anyone can bring a book in and leave it, right? That's a, that's a different thing. It's not a library if that's, if that's what's happening. And so I wanted to go in and strip out the sort of upload ability to take the pirate out of Pirate box, more or less mm-hmm. <Affirmative>, and then customize the interface to just make it more friendly for users so that when someone from a library went to try and install this, that the, the result was something that was just sort of easier, right? Like it re reduced the friction of the user, make it easier for people to to, to install, make it easier for people to to, to use when they, when they discovered it and that sort of thing. And so, so I went through, created a bunch of documentation, changed the install procedure a little bit customize the interface, remove the upload ability. And that really was sort of the 1.0, sort of the test version of the of the project. And we, we, you know, went a long way after that. But that was the that was the, the sort of, you know, or, or origin story of the of the thing.

Aaron Newcomb (00:15:23):
Yeah, I think it's a great idea. Because, you know, there are people I can, what are the use cases? Let me ask you, cuz I was just about to say, I can see a lot of use cases for this. No, no, no, it's not about me, it's about you.

Jason Griffey (00:15:36):
No, no. That's

Aaron Newcomb (00:15:37):
What the use cases are. Like where would you use it? What, and who has used it? If you have examples of people like that have used it and been like, oh, this is great because we were able to do such and such.

Jason Griffey (00:15:49):
Yeah. So the, the fascinating thing is right, that what is the Corey, Dr. Os like one of his many laws, right? The street finds its use oh no, that's Gibson, sorry, I'm, I'm attributing Gibson to Dr. Al <laugh> Gibson, the street finds its use. So, you know, I, when I sort of originally built the thing, I was very much in that sort of library mode. I was, I was really thinking about sort of outreach libraries especially public libraries often struggle sort of to, to do outreach into their communities. And so I, you know, I was thinking very simply, I was thinking sort of, wouldn't it be great if a library could load up a bunch of public domain books and take the router down with them to the farmer's market or to their, you know, local elementary school or to, you know, just wherever the library happened to need to be, they could take their, you know, take these resources with them and people could, you know, grab a book as they walked by from their mobile phone, right?

Again, this was 2012, right? So like, it's a decade ago. It's kind of hard to imagine what that space was like, but you know, it was still pretty young. The, the mobile phone use, the iPhone was certainly around, but smartphones were around, but we were unlike the iPhone four or something, right? Like, everything had just gone retina. It was a very early, it was very early in the sort of growth of smartphones. And so the you know, the, the idea, the original idea was sort of outreach to to the communities, right? One of the great strengths of libraries is that they're so tied to their sort of communities and what they, you know, what the community is you know, needs. And so I thought, let's, let's see if that's a tool. Let's see if this sort of helps the library bridge those gaps into spaces that they couldn't otherwise get digital things into, right?

You build one of these, you throw some public domain books on, on there, you take it out and you see, you know, see what kind of uptake you get from your from your community. Now, that was the original idea. As the project grew a little bit, I realized that with a little bit of funding and a little, you know, if I could, if I could find a way to make a little bit of money using the project, I could get some help with some of the programming. I could make a few things easier and I could you know, I I I had a sort of a glimmer that it could do a little more. And so it was 20, let's see, when was the, when was the Kickstarter project? Kickstarter project would've been about, I guess maybe late 20, mid 2013, something like that.

No, 20. Yeah, 2013. Mid 2013 would've been the Kickstarter project. So I did eventually. So we, we sort of had a little bit of time where it was just, just mostly in the library world and there were people playing with it, different academic libraries were playing with it to take, you know, taking books out to dorms and public libraries were playing with it. And I had, I had this idea that, you know, obviously it could do a little more. And so started a Kickstarter project again pretty early. This is 2013. So, I mean, Kickstarter had been around a little while, but crowdfunding and everything had not certainly not the size it is now. And I thought this is a little tiny library project, right? This is maybe I'm gonna get 30 people to sign on, right? This is cool. Let's, let's, let's see if I can get 30 people to help me build the, the 2.0 version.

Let's see if I can do that. So I put it up and it ended up on Boeing Boing at the time actually Corey noticed it and put it up on Bo Boing. And it ended up getting a, a huge amount of traffic in ways that I did not expect. Bunch of news stories, et cetera. And ended up being sort of about 12 times the size I thought it was gonna be. Instead of 30 people, I ended up with almost 500 people who who backed the project. And instead of raising, I think my goal for the Kickstarter was about $3,000, and instead I raised like 30 some thousand dollars. And so it's the typical sort of problem where, you know scale, scale is hard. And so I ended up having to work through that. That did give me the capital though, to sort of try to get a couple of people to help pay some developers to help me with some of the, you know, the, the deep magic that I wasn't quite wasn't quite capable of getting to myself. And we eventually used that to sort of, you know, kickstart the the 2.0 version. And that was where things got really interesting because it got a lot more notice and people started finding those street uses. And the ones that I am, I'm sorry. Go ahead, doc. You're signaling

Doc Searls (00:21:29):
Me finish this cuz I, I be basically, I wanted to say you have an awesome story, but I also need to do an ad

Jason Griffey (00:21:34):
<Laugh>. That was my guess. That was my guess. I don't want to keep you from that. So I'll tell you, whater, this is a great, let's do, let's do a break. Let's leave and then I'll tell you the uses

Doc Searls (00:21:43):
<Laugh>. Let everybody know that this episode of FLOSS Weekly is brought to you by Kolide. That's Kolide with a K. The challenge with device security has always been that it's difficult to scale. The bigger you are, the more edge cases you introduce, and the easier it is for significant issues to escape your notice when remote work took over, we only remember that the challenge got exponentially harder. Whether you're a fast growing startup that needs to graduate from managing device inventory in Google Sheets or an enterprise trying to speed up service desk issues, you need visibility into your fleet of devices in order to meet security goals and keep everything running smoothly. But how do you achieve that visibility? When you design team uses max accountings on Windows and your most talented developers, of course, are on Linux, well, you get Kolide. Kolide is an end point security solution that gives it teams a single dashboard for all devices, regardless of their operating system.

 Kolide can answer questions, MDMs can't. Questions like, do you have production data being stored on devices? Are all your developers SSH keys encrypted, and a host of other data points that you have to write a custom shell script in order to learn about? Think about it. If a Linux vulnerability is exposed tomorrow, how will you figure out how many machines are at risk? File a ticket with a team that manages your MDM and wait days to get a report back. Send a mass email and hope the Linux users open it with Kolide. You have real time access to your fleet's data and instead of installing intrusive agents or locking down devices, Kolide takes a user focused approach that communicates security recommendations to your employees directly on Slack. You can answer every question you have about your fleet without intruding on your workforce. Visit to find out how. If you follow that link, they'll hook you up with a goodie bag. It includes a t-shirt just for activating a free trial. That's k O l ID <laugh>. Okay, so Jason, you, you, you were saying I had <laugh> I had to cut you off as you getting into kind of a midpoint your story. This is a long story and it's good. We like, sorry

Jason Griffey (00:24:03):
About that. Apologies. It's

Doc Searls (00:24:05):
You know, have an hour. No, no apologies necessary. I, this is what what we do.

Jason Griffey (00:24:09):
It's cool, you know, it get, it gets, it gets, it gets longer in the retail. I apologize <laugh>, but you know, the so with the rise of the 2.0, the Kickstarter, the ability of me, I, I was actually able to get sort of the lead pirate box developer to sort of do some dual development between the two projects. Matthias Struble, who's a fantastic fantastic developer helped with the sort of development of the 2.0. And when that came out and we sort of, we added a few little bells and whistles made the installation even easier, it suddenly sort of started exploding. Now, one of the really difficult parts of talking about use is it's specifically designed like this tool was specifically designed not to connect to the internet, right? Like it's intentionally designed not to talk to other things.

It, it's its own little hyperlocal network. And so I have no idea who's using it, <laugh>, like I lit, you know, literally have no way to know who's using it. I could track downloads of the, of the code base, but I, I couldn't like know when someone built a new one or where it was being used or what was happening on it. And that obviously that's intentional, right? It's one of the other sort of design and development goals. Libraries for those who may not know this are in incredibly sensitive to privacy issues and are really, really worried about people not knowing the information that you are accessing through them. And so that was sort of one of the design goal number, you know, design goal number one privacy. But I did hear from people, I did end up hearing from people with, you know, feedback and, and, and emails and things that came in.

And some of the, some of the use cases that were the most fascinating were the English teacher in China who contacted me and said, you know, I, I want to be able to share texts with my students and the great firewall keeps me from doing it right? But I being sort of, you know of a higher economic stature in China can afford a vpn. And my VPN allows me to connect through another country and get the texts I want, but then I can load them locally to my, to my library box, take that into my classroom where the students themselves can then download the material locally. And almost as importantly that box doesn't connect to the larger network. And so nobody knows I'm doing it right. There's this sort of hidden network now that that people can grab the material from.

 So that was, that was a, a really big one, right? The other one was I worked with a group in Ghana who were trying to get first aid and nursing information out into extremely remote areas to do basically first aid training and just general health, you know, general health training in in in Ghana. And so they I worked with them to build a handful of library boxes to preload with medical you know, medical textbooks. And then those were actually run because the, the hardware we were using the TP link, Mr. 30 twenties and 30 forties they, they run on standard usb, you know, five volt one a power. It's super, super low super, super low energy. They can run off of a fairly small solar panel really easily. And so they were running those in extremely remote areas with a solar panel on the roof and the box hanging under a, an eve, right?

And then the community could come through and grab things using using whatever device they had. So the, those sorts of uses were sort of integral in the way sort of the, the development started going. We started trying to internationalize the, you know, internationalize the the interface. We did a call for pub to the public to do translations of our interface. We ended up with about 15 different languages that the interface was translated into. And we used a, an open source library from, I believe Mozilla to you know, we threw that into the project in order to be able to do localization for languages. So those were, I mean, those are the, the, the sort of uses that, that made me, you know, set up and take notice. It was these, you know, getting the information to the people that needed in the places that they needed without limit to the infrastructure that was in that area. That was the, the, the turning point for the project really was when we realized that it wasn't just this like tool for libraries, but it was this tool for anywhere with a certain need that did not have the in infrastructure to fill that need. That was the Right, that was a, a huge turning point.

Aaron Newcomb (00:29:51):
Yeah, for sure. And I can see both of those use cases. In fact, I may recommend this to well, we'll talk about whether I should recommend it or not based on Sure. FCC and some other things, but it would be a great project. I can see like a Boy Scout who is, who wants a project for their what is it, Eagle Scout project or something like that, to be able to take one of these and put all of the, like the first aid information and the stuff that you're gonna need in the wilderness, and then show how you can just package it up and take it with you while you're, while you're out you know, exploring without any internet access. So I don't know if anybody's done that, but I might, I may reserve this project for boy Scout that I that needs some help trying to figure this out. But anyway, that's a side note. My question was, you know, in the, in the interface, because it's gonna be obvious when you're, when there's no internet around that you're not connected to the internet

Jason Griffey (00:30:49):

Aaron Newcomb (00:30:50):
But when there is internet and you're, it's that first use case where you wanna provide an island of something that's not connected to the other network, right? How does the user know, the end user know that they're not connected to the internet? Is there, like, are they gonna go on here and, cause you were saying they expect to be connected a lot of times online. Yeah. Is there some signal that says, Hey, you're in a private environment, you can only access these things? I mean

Jason Griffey (00:31:15):
Yeah. Yeah. I mean, it, it discoverability and that, that sort of first use, like how do people find it? That's actually some of the hardest problems for a project like this, right? It's, it's designed to not be sort of findable in a certain way, right? And so how do you find something that's designed to not be findable? So we, we, we tried to solve it in a couple of ways. One of those was that we, we had a, a recommendation for sort of network naming the router itself, right? What, what ends up being seen by devices is just another wi just a wifi network, right? It's just a, it's just a, a wifi network that's being produced by this tiny little box in a tiny little area, right? The hardware that we, that we use, the 30 forties and the 30 twenties you know, they're smaller than a deck of cards.

They're, they're, they're tiny, tiny little little plastic you know, routers. And as a result, the antennas are not very big and the power that they are pushing out is not very large. And so the sort of bubble of access is, is is pretty small, even in a entirely open field. You're only talking about maybe 50 feet, right? Like a 50 foot sphere, right? It's, it's a, it's a pretty tightly controlled little, little access point just because there's only so much power and only so big in antenna that you can put in something that size. And so discoverability was, was a, was a big thing. Now, you know, you can go looking, right? So, you know, if you indicate somehow, Hey, check, check, check for this S S I D, right? Like, open up your wifi and take a look. And so we have, you know, signage and we had QR codes that would automatically, you know, automatically attach people to the ss i d or, or, or tell them what the ss i d was.

 The signal could be either open or you, you, you could throw a, a password on it. That was the up to the, up to the you know, person in doing the install. We, we had a, a trigger for that setting for that. And so, you know, you could, you could have an entirely open wifi signal where somebody just jumped on and, you know, boom, it just looked like a website, right? Like, there was, you connect to the web, you connect to the S S I D, you open your browser, and what you get is, Hey, you're connected to a library box. Here's the choices, right? Here's, here's your books, here's your here's your you know, do you want download open source movie, right? Or a non non copyrighted movie, do you wanna, whatever. So that was the sort of, you know, opening experience for people. But it, it is a really hard, it's a, it's a really hard user experience thing to overcome is that first, like, how do you find a thing that's not sort of screaming at you to find it? Right.

Aaron Newcomb (00:34:37):
We had that problem at, at Maker at a, I've done several maker Faire type events for that support the maker space. I started whenever that was 10 years ago, I guess, almost. But the, we wanted to use Pirate Box for it, but the problem we ran into is the feedback was, well, I can see the open wifi that the venue gave us, and I can see this other one, right? But they didn't know the difference. So when they connected to the other one, they expected when they were connected to that S S I D that they would just be able to open up Chrome and browse and they couldn't. Right. So that's kind of why I asked, because I think the the use case has to be clear. Yes. And, and you have to communicate the fact that the documents are here that you want to access, but there's no internet, internet access otherwise.

Jason Griffey (00:35:26):
Yep. Yeah. That, that it ended up being that is a, it's a, it's a tough user experience thing to sort of figure out the interface there, how you communicate it. People don't read things, right? Nobody reads like the signs or, you know, <laugh>, we just have big, big blink texts that was like, this is not the internet. But it, it still wouldn't, it wouldn't help. It ended up being a lot of kind of user education through physical, if you were doing it at an event or with a library or at a conference, they ended up being used a lot at conferences. They you know, there would be a a sign, a QR code with instructions something that would give you that little bit of, you know, the first step. And then the, hopefully once you got in, there was enough explanation on the interface that you, you could sort of see what was going on.

Aaron Newcomb (00:36:23):
Yeah. Yeah. Let's talk just a little bit about the hardware for about three minutes. Sure. What is the current set of hardware that you recommend for this project? I mean, you said it runs on open W R T, which I'm familiar with that, and, and also DD W rt and the stuff that runs on the LSIs. Well, it runs everywhere, right? Depending on the chip set, but it was known for running on the LSIs products. But let's talk about, could I theoretically install this on any device that is capable of uploading the W Open W RT firmware

Jason Griffey (00:36:58):
In, in, in theory, yes. Certainly the, the underlying code would run basically anywhere that open W r t will, right? There's nothing magic about the about the hardware that we were using. The the real difficulty now is that mostly the project, the project has been Cecil, let's say, I won't say entirely dead, because there are still occasionally people who decide they wanna try to build one. But the, the, the Pirate Box project formally ended in 2019. They sort of cease sort of support and development and everything. And library box was basically around the same time. We were more or less developing on similar code bases underneath. And so without one, the other was not, not gonna move forward very quickly. And so it's been a couple of years now, but the, the project is, again, I hate using the word dead, but I will say it is definitely no longer in development.

 And, you know, I know we're, we're maybe sneaking up on another on another ad you said three minutes. So I don't want to go too far into the story, but I do want to talk about why everything died. And there are two big reasons. One of those is https, and the other is the fcc. And I'm, I would love to explain why those two things killed the projects. But if we need to take a, take a little break, before I get into that part of the story, <laugh>, I, I'm happy to do that. That,

Doc Searls (00:38:36):
Wow, that, that this is the first time I think, where the guest has teased

<laugh>. What we're gonna follow the ad with <laugh>. There's a, there's a first for everything. So <laugh>, with that tease in mind this episode of Plus Weekly is brought to you by Code Comments, an original podcast from Red Hat, you know, when you're working on a project and you leave behind a small reminder in the code, a code comment to help others learn from your work. This podcast takes that idea by letting you listen in on two experienced technologists as they describe their building process. There's a lot of work required to bring a project from whiteboard to development, and none of us can do it alone. The host Be Sutter is a Red Hatter and a lifelong developer advocate, and a community organizer. And each episode be sits down with experienced technologists from across the industry to trade stories and talk about what they've learned from their experiences.

The latest one is with David Duncan. He's the senior manager of Partner Solutions for Linux at aws. And he came over from Red Hat. So these guys are former colleagues, and what he says about aligning with open source principles goes really pretty deep looking at agility, meshing skill levels, the principle and practice of transparency, the need to roll back and have records so you can roll back. So it's not just about code and decision records, it's the whole decision process. There's a lot in there and I highly recommend going there. Episodes are available anywhere you listen to podcasts and at Red comments, podcasts, search for code comments in your podcast player. We'll also include a link in the show notes by thanks to code comments for their support <laugh>. So Jason <laugh>, pick, pick it up, dude. <Laugh>,

Jason Griffey (00:40:27):
You were Sure thing. Yeah. So we were talking about the hardware and talking about, you know, what would you, what would you choose if, you know, if you wanted to sort of build the project Now? Sadly the answer is you need to go back to about 2015 and buy a piece of hardware. Because in 2016, I believe it was, ah, that would've been the time the rule making happened. So in 2016, the FCC decided to change the rules around 8 0 2 11, around 2.4 gigahertz and five gigahertz band radio chips, chip sets. And the change in 2016 was that anything that, any radio that enabled five gigahertz basically could not have the ability to alter its signal strength, right? So the manufacturers of anything that included a five gigahertz antenna, basically were required to prevent users from manipulating the signal strength of that particular radio.

So that was a rule that the FCC set in 2016. There are lots of ways that manufacturers could do this, but most of them, TP link included, did the sort of laziest thing they could do, which was just lock down the entire wifi chip stack with encrypted firmware, right? And so, as of the sort of 20 17, 20 18 models of those routers, they started locking the firmware chip sets such that open W R T was no longer able to be flashed onto them, which has a problem when your entire project has to do with flashing firmware onto routers <laugh>. So, yeah, so that was one that was sort of one piece of the, I won't say downfall, but certainly the sort of slow slide of you know, the project becoming less relevant. The other was actually something that, not a big fan of the, of the manufacturers doing that personally, I was a fan of the other problem.

But it, it, it ended up being just about as significant, and that is the rise of browsers insisting on HTTPS by default, right? So it was a, in about the same time period, this was like 20 15, 20 16, 20 17 I think it was 20, late 2017 or late or early 2018 when Chrome finally said, you know, all HTTP sites are marked as not, you know, plain HTTP is marked as not secure, and you get popups that warn you about them and things. So this was the time period, 20 15, 20 16, 20 17 when most browsers started turning on the switch. That was like, no, no, no, we really just want https. Now, that's again, fantastic for the open web. I think, you know, overall that's a, that's a, that's a, a general good. But we were developing a web browser, a, a, a web server, right, that was incapable of using SSL certificates because it's an island that can't do any route certificate checking.

There's no, like, you can't, there's no there there, right? For the, for the chain of certification. And so what ended up happening was, as browsers starting, started to default to HTTPS only, or HTPs primary, someone would connect to a library box or a pirate box and pull up the site and immediately start getting warnings, right? And that is just game over, right? Like you're talking about a user interface problem that is just like, okay, yeah, you're, I'm going to tell you that this thing you just connected to, no, no, no, really just go ahead and accept that insecurity and you know, that it's no, it's, it's just a losing battle at that point.

Aaron Newcomb (00:45:15):
And there's no way, I guess, because there's no way to verify the certificate cuz you're not connected, right? There's no way around that really. I was trying to figure out if there was a way to spoof it somehow,

Jason Griffey (00:45:25):
Believe me, we, we tried an enormous number of things. We tried some truly, truly ridiculous solutions. And the, I mean, again, right, it's in general, it's good. It can't be spoofed, right? Like, I mean, that that's actually what you want. You don't want people to be able to spoof ssl, right? Like, that's <laugh>, I'm, I'm glad it cannot be spoofed quite as easily. But yeah, there was no good sort of no good solution to having a box that never connects to the internet, that can't, shouldn't connect to the internet, that doesn't have any broader network connectivity at all, but wants to use SSL sorts. They're just, they're, there's, there is not a good networking solution for that. So

Aaron Newcomb (00:46:17):
I run into this a lot. Yeah, I mean that's kind of like the Achilles heel here, and it's nothing to do with the project, it's nothing to do with really nefarious things going on. It's just a side effect of the way that the industry, in this case, the web browsing industry has decided to go for security and privacy reasons. So it's like a, it's like a really bad side effect of a good, good intentions.

Jason Griffey (00:46:43):
Yeah. Yeah. Absolutely. Yeah. It's, it, it was, again, like I entirely support it, even though it more or less killed two projects that I really love, right? <Laugh>. it is, it is the right solution for the sort of wor networked world we live in. But man, it it, between the, between those two things, between the fccs locking down and manufacturers locking down firmware and then, you know, the https becoming the standard for all browser you know, all browser calls was like, wow, okay. I mean, you know, very little you can do to get around those two things. So that was the sort of, you know, that was 20 18, 20 19, and by 2019 it was very clear. Both I mean the Matthias Struble, the lead developer for Pirate Box and I worked together very closely. And it was by that point, both of us were like, I, I just, I don't know even, I don't know how to solve this, right? I think we're, we're, we were at an impasse to the degree where yeah, not doesn't, doesn't really work anymore. So,

Aaron Newcomb (00:47:56):
Yeah. So the project is still there. The project still works fine. It does. It's just that end users are gonna have to put up with going through, if they're using a browser, which they probably are clicking the little, I don't care about the security implications go away, security warning thing. Yep. Before they can actually get to the site, which is a huge annoyance. Yeah. But it's, it's

Jason Griffey (00:48:17):
A huge, it's a huge way. It is. But it is, yeah, it is the way it is. And again, like there is not a good solution for it. And it's probably good that there's not a good solution <laugh>, which is

Aaron Newcomb (00:48:30):
Yeah. Yeah, because I was thinking like, well, in terms of the hardware, couldn't this, couldn't you do the same thing with a custom built s p 32 type device, right? That can act as its own router and then have, you know, files off to the side on like an SD card or something like that, that you do. Cuz I'm just thinking about, oh, I could create this, I could go out and design this thing. Oh yeah. Have it be small, small form factor, put it in a little box and basically do the same thing. But the bottom line is you're still gonna come back that that would kind of get around the FCC stuff, but you're still gonna come back to this problem of the, the H CTPs. This is an insecure site, Morgan. Yep.

Jason Griffey (00:49:12):
Yeah. You're, you're still gonna have that issue pop up regardless. And you know, you, you obviously, you know, the, the, the, the plethora of open hardware at this point in time is so rich. Like you, you know, you mentioned the esp the you know, you've got you've got raspberry pie you know, incredibly small raspberry pies that have wireless. Now, when we started the project, raspberry pies didn't even have built in wifi yet. Right. Like, again, it's sort of hard to go back in time and remember what the state of hardware was at the, you know, 10 years ago. But raspberry pies didn't have built in wifi at the point, otherwise we probably would've used those instead. Right. We would've, right. We would've built the project from the beginning on a pie, but at the time when we were doing the initial development, buying a raspberry pie and a, a USB wifi don goal that the pie would use, and hoping that the driver stack for that was all going to be nice and stable.

Yeah. All of those things, you know, the, the, the pie plus the wifi plus the wifi dongle was more expensive than buying one of these off the shelf pre-built TP link routers. And so it, it didn't make any sense to use the pie at the time. Now there's, I, you know, five different platforms you could probably pick off a shelf well in, in, you know, non hardware lean times, you can, it's still hard to find a raspberry pie right now for whatever reason. Yeah. But yeah, you could, you could find multiple platforms now to be able to build a project similar to it. And there are definitely other projects in this vein that are still sort of live in the space that still get, you know, they still get caught by the whole HTTPS thing, but there are other projects that, there's internet in a Box is one there's a handful of them that that sort of continue this idea of Yeah. Self-Contained, small, portable, cheap Right. You know, delivery,

Aaron Newcomb (00:51:38):
And there's a lot of like cloud storage type projects that would, would kind of fit the same bill, but you, like you say, they're all, if they're offline Yeah. Then they're all gonna have this, this issue. So

Jason Griffey (00:51:52):
Yeah. Yeah. They're gonna run into that networking. The SSL issue sort of is a, is a, is a hard, is a hard stop for anything that never connects to the internet.

Aaron Newcomb (00:52:01):
Yeah. Hmm.

Jason Griffey (00:52:03):
So, so

Doc Searls (00:52:04):
Boy, we've, we've, I think we've got like about seven minutes left, something like that. And, and I want to get to your measure of the Future project, because I think it's an interesting one, and it's another one sort of a related matter, but I, I wanna throw a bit of a context on it that I actually got from one of my son's, your boss's wife's brother <laugh>, who, who said back in 2003, it wasn't even that technical guy a little bit though he said at that time, well, the, the internet is splitting between what he called the live web and the static web. The static web is one we had. So one we thought was a library, you know, you had domains with locations and addresses that you could go to is, well, there's real estate metaphor. The internet archive, in fact is based on that assumption that we're, there's a static body of work that's gonna persist in virtual space, but it was like physical space.

We could metaphorically understand it as physical space. And then we have things happen in the future, you know, was joking on the back channel that 2013 used to be the future that it was now, and now it's way too long ago. But things like the FCC coming up with the, the, you know, guidance or requirements that chip makers use to obsolesce exactly what you're doing, you know, or hdps basically obsolescing an entire body of work that's just sitting there on http on old servers that work fine and serve my old blog. Is there lots of stuff that have written in the past, is sitting out there behind http and you know, and you get warnings and all that. So, but libraries are about what persists, right? So, and we're sitting in this live web now where the evanescent and the current seems to be the context for everything. So how, how are you seeing where we're going with this or how we're, and maybe work this into the measure of the Future project and what you learned through that?

Jason Griffey (00:54:00):
Yeah. The, you're, you're, you're touching on a lot of sort of really interesting library information science topics in, in that, in that comment, I mean the the difficulty of the current world for libraries and archives is, is enormous because of that sort of live nature of it. And the, the, the, the way things have evolved, digital information has evolved from as you say, sort of what we could understand more or less as metaphorical spaces, a site, a place, a thing and have moved to a stream instead of a, a, a static sort of place. We could have an entire discussion, it's probably not a floss discussion, but we could have an entire discussion. And I would love to at some point about sort of the change in the way that information science deals with those problems and archives deal with those problems and the challenges of the stream versus the place.

 I think that's a, that's a fascinating discussion. For the purposes of the sort of Measure, the Future project that was the other open hardware open software project that I built for libraries. Library Box was definitely the bigger project of the two that I've created. But Measure the Future was a was interesting because it wasn't just about networking, it was about camera it was about using cameras to, in a privacy centric, secure way to measure movement inside libraries and try to derive from that movement sort of attention what were people doing in the library that people should know about, right? So the idea was basically like and again, this was early, this was, oh gosh, this was 20 15, 20 14 2014 probably when this really started. So, you know, a few years back now there are, are lots of commercial projects that do this sort of work, but when we were initially building it it was using we started on the Intel Edison platform, which seemed like a promising platform.

This is why hardware is terrible and no one should ever use it. <Laugh> it seemed really promising. <Laugh> and Intel ceased production literally halfway through our version one cycle, right? Yeah. they killed the hardware and we were like cat K, all right. So we, we eventually moved over to the Pie, to the Raspberry Pie for it, but it was using using, you know, camera and some some machine vision work to identify individuals and how long and what they did in a space, but without identifying those individuals and without recording anything about the people themselves again, it was one of these interesting challenges inside libraries where we want information to be able to make decisions about how best to serve communities, but we don't wanna know anything about the individual people and the choices they're making when it comes to the the information that they're seeking, because privacy is so important.

And so Measure the Future was this really specific challenge of how can we gather information but do so privately and give us actionable sort of metrics about library spaces that we can use to make changes and make things better. That was the overall vision for, for that project, and it was an incredible challenge. Really, really fun. We did some really, I think, good work. We ended up partnering with a bunch of libraries in the US and we ran an Alpha program and a beta program eventually just sort of ran out of steam as far as development goes. That is still, it's all available and open and people can build their own if they want. But as far as a, a, you know, sort of a commercial entity, we got run, we just got overrun by the, by larger players, basically, right?

Aaron Newcomb (00:58:48):
Mm-Hmm. <affirmative>. Yeah. Yeah. I was also thinking about the, you know, what's going on. The, the crossover between privacy and access is really, really interesting, right? Because now you have on kind of a separate thread, you have libraries that, in s in school, libraries in particular that are removing books because of where they live Florida, other places that are saying you can't have access to certain books either in the school system or in the library, or, you know, o places, right? Mm-Hmm. <affirmative>, it's really kind of kind of weird the time that we live in. But the question is, you know, this may be a way I would, it would be kind of interesting to, to protest this in a way by going to a library, finding a hidden plug in the wall, or just using the battery powered devices, putting in one of these devices with all of those band books on it, right?

And just saying band books here, you know? Yeah. And then people could access those. And I know that there's other solutions to this New York Public Library as actually made, whether you're a library member live in New York or not, they've made all these band books available for anyone that wants to go download them. But I still like the idea of a little bit of social protest here by using a device like this just to give access to information for people where they don't have to feel like they're gonna be tracked or monitored in some way. You know, they may have concerns about that given their local regulations where they live. So, any thoughts on

Jason Griffey (01:00:23):
That? Yeah, yeah. That's the yeah, the one of the, one of the best quotes about libraries and I, I'm gonna absolutely forget in the moment who said it. But it is that libraries of the last public space where you can go and not be tracked, right? It's like one of the great things about the library, public academic school of elsewhere. And so, yeah, I absolutely agree using it as a using it as a way to get information to people who need that information, regardless of whether other people want them to have that information or not. Right. That's the, that's one of the brilliant things about these little, about the Library Box project, about Pirate Box. That was the original, one of the original sort of underlying goals for David Dart's, you know, 2010 experiment with Pirate Box was what can we what can we do to get people to share information, to have information in places that, you know, they, they need it. And so that was, it goes right back to the sort of origin story of the entire idea. Mm-Hmm. <affirmative>.

Doc Searls (01:01:40):
So Jason, I wanted to ask you in the little time we have left, which is actually close to none, but we'll pretend it isn't a little bit about ny o about your day job and Oh yeah. What it is, <laugh> and cuz I have a feeling you're not, there's no failure yet in that. No, I, I it's a pretty important institution. I think so a few words about it. Well,

Jason Griffey (01:02:01):
Thank you. Yeah. Yeah. And Sony o for those who don't know, is the National Information Standards Organization. And is the body in the US that oversees the development of information standards. So any sort of background technology that uses a communication standard to talk between, say, a publisher and a library, or a library and a vendor or you know, any of those sorts of background, pieces of infrastructure that are necessary in order to sort of make information flows work. Ns o is the organization in the US that has probably built that little piece of that little piece of technology. And my particular role in the organization is you know, strategic initiatives is a vague sort of title. But my, my particular role is largely to sort of look at the space and see where new and interesting stuff is happening and try to pull that in and make that available inside the org to, you know, sort of develop into projects and develop into working groups. And so I'm always on the, always on the look for new and exciting things happening in the, in the information publishing space. So

Doc Searls (01:03:27):
I'll have to have you back to talk about some of those. I was thinking about your title at my title once a thousand years ago was Area Coordinator <laugh>. Nice. Can't get much more vague than that. <Laugh> like director of Interrelations or something like that. So so we always conclude with a couple of questions, which if you're not busy hacking now, may don't wanna answer, I don't know. But they are, what are your favorite text editor and scripting language?

Jason Griffey (01:04:00):
Ooh text editor, probably BB edit. I still, still end up falling back into BB edit a lot for for work that I do. And scripting language. I work on Max and Apple Pro products and a lot of the stuff that I do is local. So I'm gonna say Apple Script. I still do a fair amount of stuff. Oh my gosh. Using,

Doc Searls (01:04:26):
Using <laugh> two Apple items. PB Edit is also Apple, but it's pretty, it's, it's pretty good. I've always wished they were open source, but they are not. And as far as I know, anyway, I haven't looked at 'em in in a couple years, but yeah, but that's, this is great. I, I'm sorry we didn't have enough time cuz there's really so much more to talk about and you've been an awesome guest and really thank you a lot for coming on the show and saying

Jason Griffey (01:04:54):
Thanks a lot for inviting me. This has been super fun.

Doc Searls (01:04:57):
Likewise. So <laugh>, so that was great.

Aaron Newcomb (01:05:03):
Yeah, I mean, super interesting product. Like I said, I played around with pirate Box back when it came out. And so I just, I like the idea of having a way to have information like this, this at your fingertips. I think a lot of people, like the Boy Scout example I gave, they don't realize, you know, like, oh, you know, okay guys, like we, we need to be out in the wild. You're not gonna have any cell phone connection or internet connection, you know, that's true. But there's so much wealth of information available on the internet, like how to set a fractured leg or something like that, that may actually be really useful. Or training materials or things like that. So I, I, I'm really interested in that aspect of the project, even though the limitations that we discussed in terms of the certificate authentication and things like that, you know, in those settings it wouldn't really matter because everybody would just know, oh yeah, I'm gonna get that stupid warning.

I'll just go ahead and just click by that and say it's okay to browse the site. So super interesting project. A lot of great history obviously that we discussed and a lot of good implications for, you know, both privacy and access to information. So yeah, it's still up there. It's, it makes me want to do that project anyway, even though I know there's gonna be issues with it. I just want to kind of get out on ESP 32 and make it happen or find similar projects that I can download and, and just explore the code for, because I think it's really important.

Doc Searls (01:06:32):
Well, maybe, maybe one of our listeners or viewers could, could do the same or get together and try and make something happen. Like you said, the code's all out there, it's gonna be in in our show notes for sure. There's just a lot there. A big takeaway for me is really how the net is the net and the net is everywhere and it is the matrix in some ways. I mean, you can't get out of it, you know, you're in it. And when you try to and you try to do something that's isolated and that uses the protocols, but you, you're limited in a number of ways. It's just kind of sad. I know, I know some writers and figures, Dave Winer is probably the biggest one. Love to have him on a show sometime doing awesome work lately.

 Who's la Constantly, not constantly, but often about how a lot of his old stuff, he's never gonna go back and fix those servers if they're sitting there Right. Serving h a tp. My old blog is sitting on one. I, I want it's archival. I don't recall getting any warnings going there, but maybe you get warned once and I've been there more than once and, and there's a cookie saying, I I got warned one time. I don't know. Yeah. But I do know that it, it, it http is deprecated and that's not good. I, I think there's, we, we shouldn't have useful protocols that are fully deprecated like that mostly by practice, you know? And and I'm, there's probably a fix for it. Some, some something you can put in the html I mean in the, you know, in the index page html that will say, you know, there's a legacy site, no harm going, no, nothing harmful here. I don't know. But it needs to be addressed somehow, I think. Cuz it's, it's kind of tragic how that's going.

Aaron Newcomb (01:08:21):
Yeah, just a great show. I've got the, I've got the answer by the way, doc.

Doc Searls (01:08:25):

Aaron Newcomb (01:08:26):
Let's bring back Gopher

Doc Searls (01:08:29):
<Laugh>, go all the way back. Yeah,

Aaron Newcomb (01:08:30):
Let's just bring back Gopher and there's no way, no restrictions there. You know, that was the time before we had to worry about that kind

Doc Searls (01:08:37):
Of stuff. The time before. I mean, I'm remember in the eighties and early nineties and it, it, and that's, that's all you had is that kind of stuff, you know, and Exactly. And the BBSs of a zillion kinds and <laugh>, so, so, oh, show channel free servers in Africa. Australian nerd. I, I haven't looked back at the back.

Aaron Newcomb (01:08:58):
They're recommending Gopher an Archie as well. I think that, I think that's great. I remember, you know, just browsing Archie being able to browse libraries. That was a lot of, you know, taking this all the way back, this discussion. I mean that was the fir my first use of the internet was being on. I think the service was called Ohio Link when I was in school. And it was just that it was a connection to all the universities. Not all of 'em, but the ones that were connected to the internet at that point, which was still very early. And that's what we did. That's what I used the internet for the very first time, was to go browse something at like Ohio State's Library that I needed for a research paper. And it was all open and there wasn't any, you know, nobody was concerned about charging anything for anything and it was all open. And it's like, it kind of, for those of us, especially that were around back at that time, it does really make you nostalgic and desire a a a time where we could go back to, to just having everything open and not having to worry about all these other things, but, oh well.

Doc Searls (01:09:54):
Yeah. Oh, well, well it's, it's, it's more to talk about in the future. We need to move on quickly. So let everybody know next week is gonna be a good when one of my favorite people, Tim Posar, who I know through broadcast through the ISP world, he's one of the earliest people there. He's all about that side of things. And at the same, it probably has something to say about today's show as well. But also as a broadcast engineer, we're gonna talk about broadcasting and about radio and what's happening to it. And Tim is like the best person I know of to talk about that. That is coming up next week and we will see you then. Let's do our plug. Oh, so, okay,

Aaron Newcomb (01:10:38):

Doc Searls (01:10:39):
I went full jersey on it. I'm sorry. We got you the plug. Let's, let's rewind. So now I was just editing, sorry Aaron.

Aaron Newcomb (01:10:47):

Doc Searls (01:10:47):
No worries. I'm sorry. So what, so what do you got to plug there, Aaron?

Aaron Newcomb (01:10:51):
Yeah, so as usual, I invite everyone to tune into my YouTube channel Retro Hack Shack. If you like talking about all these old things that we were just discussing but specifically hardware, retro PCs and things like things of that nature. The, the one that I just put out was all about the Atari 2,600 and 10 things you didn't know about the release of the Atari 2,600 and how that went. I've got some other cool episodes coming up on that theme because it's the Atari 50th anniversary. So I've got some you know, some new sort of new, it's not gonna come through with the background, is it? You can kind of see 'em there. Aqua Venture and Ya's Return if I move that one over this way. There we go. You can kind of see it. I've got some cartridges from new cartridges from Atari that where they went old school, put 'em in the box, you know, the big box and some pretty cool games. So I'll be talking about those in a future episode. But definitely tune in to Retro Hack over on YouTube if you're interested in that kind of stuff.

Doc Searls (01:11:51):
Excellent, thanks. And then again, we'll have Tim Posar up next week. He's gonna be great. We will see you then.

Ant Pruitt  (01:11:58):
Hey folks, I'm Ant Pruitt and what do you get Your favorite tech geek that has everything. A Club TWiT gift subscription, of course, TWiT podcast, keep them informed and entertained with the most relevant tech news podcasts available. What they club to subscription, they get access to all of our podcasts ad free. They also get access to our members only Discord, access to exclusive outtakes behind the scenes and special content such as AMAs, which I just love hosting. Plus exclusive shows such as End Zone, Mac, end Zone Windows, and the Untitled Lenux Show Purchase Your Geek's gift at TWiT tv slash club TWiT. And it will Thank you every day.

All Transcripts posts