While most of the existing Clan framework is dedicated to machine and service management, there’s more on the horizon. Our mission is to make sure peer-to-peer, user-controlled, community software can beat Big Tech solutions. That’s why we’re working on platform fundamentals that would open the way for our FOSS stack to match the usability and convenience of proprietary platforms.
Unfortunately, the FOSS world is still lagging behind commercial platforms in some important aspects:
Web and mobile apps are strongly sandboxed, so while they can get very aggressive in snooping on the data they are allowed to access, the enforcement of the isolation model is very robust — and there is a model for sharing data that makes the isolated applications actually useful.. Meanwhile in the FOSS world, it’s still extremely common to run software with full access to the user’s account. The only project that has built anything close to a similar platform for local software is Flatpak, which is still not perfect and its main repo has a very lax policy;
Centralized Web services can have “multiple instances” simply by switching accounts; self-hosting Web services is trivially multi-instance; even Android now provides a multi-instance facility.. Meanwhile local software often doesn’t have a global database, but when it does, it can be impossible to make it multi-instance without advanced knowledge;
Commercial apps come with their own always-online remote servers. Users don’t have to think about connecting the clients to the servers, it’s all pre-connected! Meanwhile decentralized community software is stuck between various bad options. Supporting multiple commercial backends is tedious and defeats the point anyway. Self-hosting traditional web servers can get complex and unreliable, and exposes attack surface to the public Web. Direct peer-to-peer connections can be hard to set up and unreliable too, and typically don’t provide asynchronous communication.
So… What do we need to make it possible for communities to share apps install and load quickly, already pre-connected to network services; are isolated to a worry-free level of security, and yet allow for enough sharing via explicit permissions to make them useful?
The first piece of the puzzle is, unsurprisingly, Nix. The entire Clan project is built on Nix, and the future app platform is no exception. Nix makes it possible to quickly fetch and run any software – thanks to caching, as long as we steer everyone towards using very few common versions of the nixpkgs tree, most downloads could be almost as fast as web app loads.
Then we have to add a microVM hypervisor with Wayland and GPU virtualization and a side of D-Bus portals… and we can finally get a glimpse of the future!
microVMs
... continue reading