Uses This

1288 interviews since 2009

A picture of Christine Lemmer-Webber

Christine Lemmer-Webber

Developer, co-founder of MediaGoblin

in developer, linux

Who are you, and what do you do?

My name is Christine Lemmer-Webber. You can find me at my personal website, or on the federated social web on identi.ca which runs pump.io and octodon.social which runs Mastodon. (Sadly you'll see those federated social web examples don't interoperably federate, but that's something we're working on... see the ActivityPub stuff later.) If you must, I'm also available on the birdsite.

I've done a few things of possible note; I co-founded GNU MediaGoblin which is a distributed media hosting platform along the lines of Flickr/SoundCloud/YouTube. I'm co-editor of the ActivityPub specification for federation (which is how you get distributed websites to talk to each other) which is being done as part of the W3C Social Working Group. I'm co-chair of the W3C Social Web Incubator Community Group which you can view as carrying on the work of the Social Working Group. I also occasionally contribute to GNU Guix and GNU Guile, as well as various miscellaneous projects. A number of years ago, before I went to do the decentralized web stuff full time, I was a programmer and at one point tech lead of Creative Commons.

ActivityPub is taking up most of my time these days, but I think is pretty important. The social web is an enormous part of peoples' lives these days, and for the most part, it's controlled by a handful of small companies. I think we can do better, and ActivityPub hopes to unite the federated social web... it looks like we might even succeed (there's been an uptake in interest from the existing federated social web places, eg Mastodon and Nextcloud and probably GNU Social and diaspora, and MediaGoblin and Pump.io have long dedicated themselves to adopt the standard). But time will tell. At this very moment I'm trying to get the standards test suite done, which is super boring, so I'm taking any distraction I can seemingly. A good time to follow up on this thread!

I have a good number of side projects which I don't find enough time for mainly because the ActivityPub stuff is taking up so much of my time. I think the most fun of these is GNU 8sync, which is an implementation of the actor model in Guile. There's a video on the 8sync homepage that shows me doing a demonstration of 8sync where the talk was itself a MUD (multi-user-dungeon) that the audience was able to play as I discussed it. That kind of stuff is super fun to me and I hope I can find some time to get back to it soon.

What hardware do you use?

At the moment, a ThinkPad X200 laptop flashed with Libreboot which I usually have docked. It's upgraded with 8 gigs of RAM and a larger hard drive which makes things pretty manageable, but I wish it had a better graphics card. For whatever reason, even though I can run OpenGL blob-free on this, it was one of Intel's earlier graphics cards, and the performance has gotten pretty bad for anything 3D. (I miss being able to do artwork in Blender..) For everything else though it's surprisingly a pretty robust machine for something nearly a decade old. (That's probably due to computers not having improved that much CPU-wise over the last decade.)

I used to have a ThinkPad X220 but then I was in a talk given by John Sullivan a couple years ago and he talked about Intel ME / AMT and I was like "Whaaaaat??? How have I not heard of this? A low-level backdoor into nearly every modern computer?" I started to do research into that and was shocked to find out that they exposed a web interface from which you could compromise the machine even when it's off. I guess this was for corporate deployment purposes but I found it to be pretty alarming. I checked my BIOS and found out that it was turned on, along with something called CompuTrace which, as best as I could tell, was for some anti-theft purpose which reported information about your computer's whereabouts. It was run by a car anti-theft company named LoJack. I turned off both of those (to the extent you can be sure they're actually turned off, but since there's no source code to that, I couldn't really), but was pretty spooked by the whole thing. IIRC there's even a single key deployed by default for all these machines, and while you can change it, that seems like a really easy way to exploit a whole lot of hardware out there.

For a while I would tell people about this and I think the average person was pretty skeptical that this was a concern to the extent that I was expressing (the Cassandra Complex is high in FLOSS people I think, for better or worse). Well, there was the news a while ago about Intel AMT having a really terrible bug that allows for super easy exploit so I guess people generally recognize it as a problem now. Will Intel or AMT release new chips without these problems? I'm not sure. People really want it though.

I also have a Kinesis Advantage2 keyboard because a few years ago I had serious repetitive strain issue problems. At one point I also used foot pedals for ctrl and alt but I kind of stopped doing that, but I'm not sure why. (Why not use your feet for programming? They're just sitting there.)

And what software?

I mostly live in GNU Emacs, where I program, read my mail using mu4e, and organize my life using the incredible org-mode.

I'm running the GNU/Linux distribution GuixSD. (Guix is the userspace package manager, which can run on any distribution, and GuixSD is Guix turned into full-on distro form.) It's pretty incredible for a few reasons: it's a functional package manager, which I think doesn't say much to most people, so I like to say "it's like Git for your whole operating system". Ever had an upgrade that went badly? No problem in Guix... you can always just roll back. It also solves the disconnect between language package managers for development, where people want to have isolated environments to just work with/on certain packages, and distro package management, which people want to be fairly stable and to be the bedrock of their system. In Guix you have a nice "environment" feature, which if you're familiar with Python development workflows is kind of like a "universal virtualenv". In all my new projects I put a guix.scm file and if you have Guix, you can just run guix environment -l guix.scm and it opens up a shell with everything you need to get hacking already set up for you.

There's one more really thrilling thing about Guix, and that's that the whole thing is written in Guile, which is a kind of Scheme, which is a kind of Lisp, which is a kind of programming language with lots of parentheses everywhere. This is (aside from the libre-pureness) the distinguishing feature between Guix and Nix. Guix is written entirely in the same language, including in package definitions. It does a really nice job of taking advantage of the "code is data and data is code" aspect of Lisp. This means that your whole operating system is heavily programmable. More on why this matters later.

I currently run the window manager StumpWM which I consider to be the most tolerable of the tiling window managers, but I do envision something better. It's nice that it's written in Lisp; it's my personal opinion that as many things as possible should be written in Lisps. I used to run GNOME, and I still think GNOME is pretty great and beautiful, but I found it was pretty hard to configure to do what I wanted and I got a bit frustrated with extensions breaking between releases. The main reason I moved to StumpWM though is that GNOME 3 is pretty heavy on OpenGL usage, and as I said, this laptop doesn't really do OpenGL well. I still think the GNOME people are doing good work in general though, and I'm glad it's there for most people.

Back in the day I used to do artwork in Blender and in The GIMP for fun. I haven't had time for that, but I really miss it. Some day maybe I'll learn to use Krita, which seems pretty cool. I'd also like to do more game development.

What would be your dream setup?

Wow, lots to unpack there. Let's start with me personally, and then broaden to social stuff.

You said "dream setup", so I'm going to go on the "dream big" setup. Dreaming big, I'd have my own personal computer attached to my body which ran completely libre software/hardware from top to bottom. It would have a visual overlay over my normal vision, but not a camera; I don't want to surveil everyone. (If it had a camera, it would at least have a physical shutter which could be visible whether open/closed.) I'd like to run something as configurable as Emacs, but maybe not necessarily Emacs, but definitely configurable in Lisp. Instead of keystrokes, I'd like to be able to fire off commands just by thinking of them, but be able to bind them to any procedure I control, similar to keystrokes being bound to commands in Emacs. Once I had this I'd throw my phone right into the garbage. (Actually I'd probably donate it or recycle it.)

The operating system running on this dream-machine might be a lot more Lisp-like from the ground up. I gave a talk on the Lisp Machine and GNU not too long ago, maybe that gives you some ideas of what the dream setup looks like to me. It would probably use a microkernel architecture and have a capability-based security design, which it turns out is pretty much the same design as GNU Hurd, but the Hurd is widely ridiculed, except now that it looks like Google is working on an OS design that looks an awful lot like the Hurd people think maybe it's a good design again.

Of course, it's dangerous to dream big! Anyone who knows about the perils of Worse is Better vs The Right Thing knows what I'm talking about. And there's some real lessons to learn that the best designs are not necessarily the ones that survive. But eventually most of the good ideas from them survive, in mangled forms. See also Greenspun's Tenth Rule and the fact that nearly every every good concept from Lisp has become popularly adopted elsewhere ages after the fact, except for the parenthetical notation that permitted developing all those good ideas to be so feasible. Oh well. But you asked me to dream, so there are the dreams.

So socially! Short term, I think we're currently in a crisis as in terms of peoples' ability to deploy servers. I've been in this decentralized social web space for a while, and part of the problem is that it's a huge curve to start deploying, and then they struggle to keep their servers running. That includes me, even as an advocate in this space. My friend Deb Nicholson and I came up with the term UserOps which I like to contrast with DevOps. Right now, deployment is focused on enterprise'y and startup'y teams which have a ton of highly skilled, highly technical resources which are paid to be highly available to keep things running. Well, if we want to get self-hosting into the hands of people, those assumptions can't be true. Not everyone is a technical expert, and most people don't have that much time.

Well, I know a bunch of people who agree on UserOps being important, but not everyone agrees on the solution. Personally (did you guess it?), I think the right decision has to do with Guix. I mentioned before that Guix is highly programmable, and that's what distinguishes it from Nix. I think this is going to be really important, because we're currently in a terrible crisis where it's very difficult for people to deploy and upgrade and keep to date their systems. I think Guix can help, and I've given a talk on this with my friend David Thompson. People are afraid to upgrade machines, and we already have that solved, and it's also hard to develop enough expertise to start and administer machine deployment. For that latter part we haven't yet built enough (my friend Aeva likes to say that Guix is currently like "Gentoo for adults") but the highly programmable nature of Guix gives me hope that we can; since everything is written in Guile, you can write programs that write programs, and even programs that write out package definitions and even programs that write out operating system definitions, declaratively. Maybe you can see where I'm going with this: imagine having a web interface where you select installing MediaGoblin and Prosody and Wordpress and fill in your domain name and etc, and the web interface just sets up the whole thing. Well you can get that very cleanly with GuixSD as the root design. Plus, you can do an upgrade, and if things go badly, you can always just roll back! (Well, minus any migrations made to the state of your databases and etc. Hopefully we can make backups easy too.)

Okay, great. So people are now able to deploy libre network services, and that's great. So on top of that, hopefully we're all speaking the same network protocol... maybe ActivityPub? Now we've got a decentralized social network. Woot, we're on track! Though there's still things to be tweaked in that setup; currently all the examples in ActivityPub show using https:// type links (however, we don't mandate that; it might be possible that people could start federating with a different uri scheme that's more peer to peer). It would be even nicer to have a network what doesn't rely on DNS, something much more distributed. Now attach public keys to everyone's profile, and... now we're really getting somewhere.

Gosh, doing all this would take a lot of work! What's the point of all this technology though? What'd the point of this "ideal setup"? Is technology for technology, or is it for the embetterment of human kind? Well golly, I sure hope it's the latter. We used to have this Jetsons and Star Trek optimistic idea of the future that when we automated all this stuff away that people would be able to persue creative endeavors. I know some people think that without a profit motivation nobody is willing to do anything, but those people probably don't have any artist friends. There's a lot of stuff to get done that really matters and is even crazy hard to fund (math, science, humanities, some kinds of engineering, art, literature, environmental, social service stuff, or even good ol' fashioned free software authoring). Well what is the point of all this automation if we aren't freeing up resources for that stuff? I don't know what the right solution is; it could be minimum basic income, or it could be something else, but which future do you want, an automated future where people have time to explore humanity and improve the world, or an automated future where all the money is poured into the pockets of just a few people while everyone else is unemployed and desperate?

Here's a free startup idea (and I'm dead serious about this): a company that automates away executive positions. Target shareholders, tell them that your AI-plus-deskworkers are able to generate dramatically better performance for a fraction of the expense, which means extra money for shareholders from all those costly executive positions. Do that, and you'll see how fast the upper crust who are against social services and minimum basic income turn their butts around.

Speaking of that, the stuff I work on is myself pretty hard to fund. You can support me on Patreon or by donating to MediaGoblin through the FSF or by hiring me as a contractor for some free software project... I'm easy to contact!