[HacktionLab] Kicking the tires: pump.io

[yossarian]

Hi,

As I think Bone Idol mentioned, OStatus and StatusNet (which runs
http://indy.im) are now deprecated - it's not that those projects don't
have a home anymore, but they've been handed over to Gnu Social for
caretaking. The main coder behind StatusNet, Evan Prodromou, is now
focusing his efforts on a new microblog project, called http://pump.io.

I recently set up my own pump.io microblog server to play around with
temporarily, and I'm quite impressed by it. Here's a quick review.

Upsides:

It's fast and resource-efficient - enough so that it can comfortably be
run on a Raspberry Pi and a home connection.

You can use multiple data storage back-ends. Out of the ones I tried,
Redis is extremely fast, but I chose MongoDb because it's web scale [1].
Despite my professed hatred of JavaScript, the nodejs people are really
going from strength to strength lately.

The federation seems to work very, very well, so much so that it
immediately feels like a full federated Twitter replacement, in a way
that StatusNet, which seemed difficult to set up and fairly resource
intensive, never really did for me.

pump.io is very easy to install (probably 15 minutes for a basic
non-ssl/non-proxied install, if you just want to try it out without
federation). This assumes you have some reasonable idea what you're
doing on the command line.

For a full production install,  there was some ugly screwing around with
SSL certs and Nginx proxying when I went the whole way, and that wasn't
much fun. If I get enthusiastic about it, I may do a blog post on the
exact configuration that worked for me, but the quick version was: make
sure you concat your certs properly, and then use https for your Nginx
proxying. I initially went [web] => [https nginx] => [http node], which
didn't work: only running node itself with SSL and certs worked for me.

There's a full JSON/REST API, which is the actual "pump" software.
Unlike StatusNet, which was designed as a regular web application with
an API tacked onto it, pump.io was built in an API-first manner. This is
already having nice effects: despite the fact that it's a fairly new
project, there are 2 Android apps for it, both of which sort of kind of
work, and even a KDE desktop app, in addition to the web client
interface which you see at (for example) https://e14n.com/evan. The web
interface is pretty much a standalone JavaScript thing, it just
authenticates to the API with OAuth 1.0 and then makes API requests,
like any other client. The modern world in action!

It implements the ActivityStreams protocols [2], which I think is a big
win, because it means pump.io is not primarily a "FOSS Twitter":
instead, the project is trying to leapfrog current proprietary social
networks by providing a defined way for computers to talk to each other
about human-relevant time-ordered activities.

[end upsides]


Downsides:

At present, the web interface and general amount of functionality is
probably somewhat worse than StatusNet (I didn't do a lot of stuff with
indy.im though, so I'm not sure about this). From what I can tell, this
was a big shock for the identi.ca community when the migration from
status.net to pump.io happened.

It's written in JavaScript, which I have a great dislike for. I guess
this is something of an upside insofar as StatusNet was written in PHP,
but for me, only in the way that a punch in the head is better than a
kick in the groin. This is really a personal prejudice though .

The Android clients ("Puma" and "Impeller") are mildly shaky, but they
both seem to be under heavy development and I've already seen a few
updates to Impeller [3], including one which provides an Android tablet
interface.

[end downsides]

Overall, pump.io is designed to feel more like a piece of web
infrastructure (like a message queue) rather than a copy of Twitter or
Facebook's web applications. In my judgement, this API-first way is the
right way to approach things - it's how the big boys build their stuff,
both internally and also in terms of their public-facing APIs.

Interestingly, StatusNet is the second project to do this recently: the
Friendica people have also started work on their second-generation
software. It's called "Red", and also seems to take an API-driven
approach. It's a bit hard to tell exactly what Red is, as the Github
write-up [4] and introductory blog posting [5] has more foam than an
'80s businesswoman's shoulder pads.

A lot of buzzwords, but it all seems a bit early days over there. It's
not clear if they're following a defined spec (ActivityStreams? OAuth?
Neither of these get a specific mention). I wouldn't use Red before
somebody subjects their "magic" auth system to a good security review -
it freaks me out when I see the project advertising domain-independent
security, which is "magic", even if we take it as marketing text.

Back to pump.io. There's an interesting short talk by Evan Prodromou
available in which he talks about baking positive values into the
software we build, because we're halfway between Mosaic and Skynet:

https://www.dropbox.com/sh/xksfs1ok6qbxp4j/ccnI4I-ppy/08%20Evan%20Prodromou.mov

Overall, it's been a worthwhile few days of investigation. Out of the
current crop of open social software, I'd currently rate pump.io as the
one which I think shows the most promise. As Bone Idol says, though,
this whole space is changing very quickly.

I'd advertise my instance, but it seems unsporting to offer it as
infrastructure - we could instead set up a bunch of them, no? If you
mess with the pump, please let the list know.

Cheers,
Yossarian


[1] http://www.xtranormal.com/watch/6995033/mongo-db-is-web-scale

[2] http://activitystrea.ms/

[3] http://impeller.e43.eu/

[4] https://github.com/friendica/red

[5] http://friendica.com/node/59