Project

General

Profile

Where does this project go?

Added by Josip Almasi over 2 years ago

Folks,

let's talk about openness part of VR-enabled internet.
I honestly don't have clear vision or roadmap or anything, I just enjoying making it and play in with my kids.
While at it, I see ways how to do this and improve that, users point out they need something and I do this or that.

I'd consider project successful, say, if it got accepted in Apache Foundation or Linux Foundation incubator. Well former is more about community and later more about business, but both mean the same thing:
that project isn't going to die with me, means that project has a healthy community around.
(I don't intend to do any time soon, but every now and then I have to take a few weeks or months rest to prevent burn out)

I do have a lot of other things to say, but they're in most part irrelevant for the project. Like, how my philosophical views influence how someone uses my software? I'd say ordinary user is as interested in reading these about as much as reading through End User License Agreement ;)

So how do you see it going?


Replies (17)

RE: Where does this project go? - Added by Nick Naglich over 2 years ago

For me openness goes well with decentralized.
An ideal future would be jumping into a VR space that I can meet people and buy/sell digital assets.
Then spin up my private server and have those assets be accessible by everyone but proof of ownership linked to me, and invite friends into my space.

I have experience 3D scanning real world objects using photogrammetry and also creating 2D/3D digital assets and having them on sites like Sketchfab. I've always hated the idea that I'm locked to their system and dependent on their success.
I feel old and have seen too many companies come and go while the users get left in the dust. I don't want to help Meta (Facebook) or any other closed megacompany build the metaverse..

Personally I've researched and am investing in Decentralized Social (DeSo) and ARweave
DeSo is a layer 1 blockchain built for community. https://www.deso.org/
ARweave is permaweb decentralized storage. https://www.arweave.org/

The learning curve/adoption for these forms of open web3 will be difficult.. and without an cross platform way to access it like webxr will be dead in the water.
Hence my interest in this project and the reason I'm here..

On a related, but kind of side note DeSo does have a Octane fund for developers with web3 projects who use the blockchain
https://www.deso.org/blog/a-50-million-fund-to-fuel-the-decentralized-social-developer-ecosystem

RE: Where does this project go? - Added by Nate Lager over 2 years ago

I tell ya what, this all sounds easy coming from a guy who cant code any of it, but... Here's what I would love to see, someday.

Spaces are able to be hosted anywhere. A cloud provider, my basement, my laptop, a provider that sells space, anywhere, much like a web server today. And it needs to be accessible to any platform.
Whether i have a high dollar gaming rig and vr hardware, or im on a $150 chromebook. VRSpace is a great start there.

Identity though... i think that's the key. My identity needs to be "me" in the metaverse. Not just an avatar with a name on it, but me. And maybe it could be an anonymised me if i'm going to go visit somewhere that I don't want to be known. but my identity becomes some sort of database, that lives on my hardware, and can be synchronized between my devices, and has things like my avatar, nick name, my friends list, even a way to pay for things. Maybe that's something like a crypto wallet? Maybe not. Maybe things like deso that Nick mentioned above handles some of that?

RE: Where does this project go? - Added by Josip Almasi over 2 years ago

I hear you guys.
Identity is a tough cracker, and I don't have a solution.

I have investigated OpenID Connect, that's a no go: https://redmine.vrspace.org/issues/103
Truth be told, I don't even understand it. And if I don't 99% dev's that are supposed to use it don't either. So that's never going to be widely adopted.

DeSo is definitely interesting: https://redmine.vrspace.org/issues/103
It's going to take a while to figure out how it works, but I'm totally for integration. Plugin rather than dependency.
That said, let me point out things I dislike about it.
One thing that I miss with it is clear concept of Proof of Stake vs Proof of Work. Allegedly it's much cheaper (CPU and energy consumption) than ethereum etc. but I still don't see what and how.
Another thing from their 'vision' that I'm not buying is fairy tale about ethereum and bitcoin decentralizing financial system. Software that I designed and/or wrote handles trillions, and that's just small part of the system; but compared to that, thiscoin and thatcoin all together look like rounding errors. And now they're about to use the same approach to decentralize social media... well if their analogy makes holds, it follows that it's going to have the same impact overall - next to nothing. And don't get me wrong - I do want decentralized media myself - but the way I see it, it's more about number of users than technology.
That's not to say it's not useful, quite the opposite. And VR could be just the killer app they need to make the impact.

I'm going to summarize here my discussion with our security guy... oh yes we do have our own security guy. You're not going to see him around, but you can see his contribution in issues like VAS and related tickets.

VRSpace is server software. If you want to run it and publish anything, you must have SSL certificate. That's just how web works, nothing is going to work without it.
And SSL is actually pretty good in encryption, and in proving the identity - of servers. Let's encrypt SSL certs are pretty much automated, free, private, you name it.
Distributed ledger in community of servers does not require any other proof of stake. Just sign a transaction with your private key, and everybody with the access to public key can verify it.

So I looked around if there's anything like this out there, looks like that's exactly what Hyperledger does. And that's Linux Foundation project - good enough for me.

What this means for identity, I'm not sure. I can't see anything beyond user@domain type of identity for the time being.

RE: Where does this project go? - Added by Nate Lager over 2 years ago

So, i guess as a start, i'll ask the simple question. If this isnt possible, my concept isnt either.

Would it be possible to hook an external identity, and like i mentioned above I don't just mean me@mydomain, i mean some chunk of data that is me. My avatar, my name, my preferences for how much of that identiy is visible, and maybe my wallet, into a world hosted by VRSpace? And i dont mean is it possible today, because thats a lot to ask, i mean could it be possible. And if so, the conversation should start with, how? Then what needs to be done to implement it.

RE: Where does this project go? - Added by Josip Almasi over 2 years ago

Sure it's possible, and it's in the FAQ: https://redmine.vrspace.org/projects/vrspace-org/wiki#How-can-I-implement-custom-authentication-andor-authorization
It goes down to writing at least one function. It takes as input pretty much everything that VRSpace server knows (HTTP headers etc), and returns instance of Client - an object that represents user.

RE: Where does this project go? - Added by Nate Lager over 2 years ago

What if part of that data is a 3d model that is my avatar though? It sounds like what you've already got implemented is the traditional key/value type user record. username=this accesslevel=that, avatarurl=thisotherthing

What I'm imagining is an actual pile of data, wither its text or binary, that is me. and that data is mine, on some vault on my computer. and what gets handed to the servers im interacting with is up to me to decide. that model has other implications, but to me, i think its the ultimate in "i own my data" type user privacy. It also means you don't need some central vault of user data that can be abused, or stolen.

RE: Where does this project go? - Added by Nate Lager over 2 years ago

Maybe this diagram helps.

It makes a ton of assumptions, like that amazon.com would one day be a vrspace, but you get the idea. I define what i want different sites to know about me, and thats all they get form me because I truly own the data.

RE: Where does this project go? - Added by Josip Almasi over 2 years ago

URL of your avatar is stored in mesh field of Client object.
You can own all you want, but it has to be publicly available somewhere on the web, if you want anyone to see it. Anyone that can see it can save it and use it elsewhere, and there's nothing that technology can do about it.
Think of it as someone taking photo of you IRL. How you look like, that's just not private information. And it's also in the FAQ :) https://redmine.vrspace.org/projects/vrspace-org/wiki#Can-I-makebuy-and-use-my-own-unique-avatar
And the same applies to everything else that people can see on the web. Sure, you can't just right-click and save a youtube video, it's not easy as that, but it's really just matter of effort/price.

Your private data is something you don't show to everyone, like how much money you have on your bank account, health information, etc. You can store it all, like, anywhere, but keep it private by means of encryption. Just keep your private key private, use two factor authentication etc etc.

What your own, like intellectual property, that's somewhere in between. NFT is signed by author's private key, and everyone can see it, but the model is still publicly available. It's some metadata on the ledger somewhere, but you can't force anyone to look at it, ever. And that seems to be common misconception about NFTs: it does prove ownership but does not enforce copyright, yet somehow people think it does. Make no mistake - technology can't enforce copyright, that's in domain of law enforcement.

Then there's ownership model in VRSpace spaces. Basically whatever you add to the space is owned by you, and nobody can remove it. It can have some public properties and some private ones, e.g. you could allow anyone to move a thing around but only you could resize it. Very basic implementation so far, just some internal data structures, nothing useful yet.

At this point, vrspace server requires and keeps exactly zero personal data. That's by design, audited, VASed and pen-tested - I am running a public anonymous service after all.
How to deal with it, and how crypto ledgers fit in, I'm still trying to figure out. (and I value your input)
Nearly all content that I use comes from Sketcfab. It already does contain author and license information in model metadata, and it gets cached internally, and distributed with models. And you can even see it in browser console, like
Object { author: "hong227 (https://sketchfab.com/hong227)", license: "CC-BY-4.0 (http://creativecommons.org/licenses/by/4.0/)", source: "https://sketchfab.com/models/5e0c47f7f7fe453bb4d3c8c7eba356e8", title: "Gracy Lee" }
And now the question is - how to make this distributed?
Sure, distributed immutable ledger seems like way to go, but that's an answer that begs more questions :)

RE: Where does this project go? - Added by Nate Lager over 2 years ago

I think what I'm suggesting is, instead of requiring things like your avatar to be hosted somewhere on the web, that it could somehow be sent to the server and cached. From my local data store. I dont know how much data is involved in that sort of transaction though.

I'm trying to take a step back and ask, where is identity coming from? And how is identity federated without a central source? If vrpsace is intentionally not storing it (and thats good!) then who is? Sure, oauth can be a solution, i use my google or facebook identity to provide identity to vrspace, but then we're not really solving the privacy problem. we're just depending on the very folks who are hoovering up our data to provide it. I'd argue that the same would go for Me, if I were to run an identity provider, with the best of intentions, its still a central source, that can go away, or be broken into, or be abused.

vrspace should be an identity consumer, i think we agree there. But then where's it coming from? It could be something new, that's specific to how portable a metaverse identity COULD be. I could be getting too idealistic here though. Say we did come up with a solution, and we worked to implement it, it would mean nothing if we're the only ones doing it.

RE: Where does this project go? - Added by Josip Almasi over 2 years ago

This is how almost exactly how it works :) All the content is somewhere in the content subdirectory, and served by embedded apache tomcat (or apache httpd in production), and metadata is stored in neo4j database (embedded or not). It doesn't have to be stored locally though.
But how the content and metadata get there?
I made a simple web app that allows you to upload your stuff to your server. It's unmaintained and possibly broken disabled by default. I just can't make it good and secure and maintain it alone. Ultimately, we're talking about a CMS. If you know some open source that we could integrate with, please do say so.
I have a lot in common with this guy ;)
https://www.youtube.com/watch?v=-IxHM3qsYW8

Re identity, these are all good questions, and as I said already, I don't have answers. Hopefully together we'll figure out something.

Oauth2 doesn't provide identity though, it provides authentication. Once user authenticates, we get some json that isn't standardized in any way. Someone gives you mail address, someone does not, everybody gives you some data that's relevant only in their context. It seems that everyone gives personal name, so what we currently store is something like Josip Almasi/facebook. (work in progress - needs to be hashed etc)
Implementation was rather easy, as spring boot framework supports Oauth2 out of the box. I only needed to configure endpoints and secrets in application.properties. Harder part is registering the application with facebook, google, github, sketchfab... and the list goes on to infinity :)
Everybody supports Oauth2, and that's great news, because users can choose their authentication provider. Bad news is, registration process is too complicated to be practical - every server needs to be registered with every provider, and every provider has their own forms and rules.

But once user authenticates, vrspace uses some internal identity. From that point on, there's no difference if it's Josip Almasi/facebook or joe/vrspace.org or .
And now that I've written this down, adding ouath2 provider capability to vrspace server starts making sense... and then again, distributed identities on blockchain, hm... this sounds promising:
https://www.hyperledger.org/use/hyperledger-indy
nobody ever got fired for choosing IBM ;)

RE: Where does this project go? - Added by Nate Lager over 2 years ago

Thanks for the explanation. Identity isnt my expertiese for sure, and the lines between identity, authoriziation, and authentication are always blurry for me.

Hyperledger seems like its similar to what im picturing. I even mentioned earlier that maybe a blockchain based system would be better than this self-owned database of stuff idea i was trying to describe. Something that makes it more attainable for the average user i think is important, but allowing them to maintain control of their data. I think thats one of the problems blockchain is supoposed to solve. No?

RE: Where does this project go? - Added by Josip Almasi over 2 years ago

Guy(s) that invented blockchain did not bother to explain problems they were solving :)
But now that it's here, we're applying it to this and that. Like, immutable ledger is holly grail of finances.
Distributed, reliable, encrypted database is holy grail of much more than that :)
... for as long as you keep your private key private. So, add 2FA, and it's certainly better than local database.
Then again, blockchain may not be optimal distributed, reliable, encrypted database. Ironically, just because immutable ledger is immutable :) All transactional databases keep transaction history anyway - until the transaction completes. And that's by design - we don't need to remember all changes forever, we just need current state of affairs.
Even if sub-optimal, it's best we have so far. Mind that we're in early stages of blockchain adoption.

RE: Where does this project go? - Added by Nate Lager over 2 years ago

I chatted with some co-workers today on a "water-cooler" call some of us remotee's have on Fridays, about vrspace.

part of my motivation for getting it running in a container that I could then push to docker.io was so I could lower the bar for folks to get their hands on vrspace, so I showed that to them today. It sparked a fun conversation. Turns out a lot of folks are also worried about the hands that are currently trying to guide "the metaverse", and they also love the idea of a truly decentralized, but federated world.

I just wanted to share that other folks are excited, and hopefully others might end up coming here to see how they can get involved. I hope anyway.

RE: Where does this project go? - Added by Josip Almasi over 2 years ago

Thanks for the update Nate, and docker is certainly going to improve the accessibility.
We shouldn't underestimate the effort though, have a look at https://redmine.vrspace.org/projects/vrspace-devops/wiki
(it's not a secret but not publicly available because security, some of these pages should be moved to vrspace.org wiki once reviewed)

RE: Where does this project go? - Added by Nate Lager over 2 years ago

Josip Almasi wrote:

Thanks for the update Nate, and docker is certainly going to improve the accessibility.
We shouldn't underestimate the effort though, have a look at https://redmine.vrspace.org/projects/vrspace-devops/wiki
(it's not a secret but not publicly available because security, some of these pages should be moved to vrspace.org wiki once reviewed)

That is quite helpful! I wonder if I could work it all into a container definition, docker-compose style.

I personally run my containers on podman, but the rest of the world is going to expect docker-compose. So I could write up both. I also use nginx as my proxy, but again, documenting both to give people options.

I have not dug into vidu yet. Does each user need to be able to reach vidu? or does that happen internally between vrspace and vidu? If the latter, it could be completely inter-container communication and never leave the docker/podman private networks.

RE: Where does this project go? - Added by Nate Lager over 2 years ago

looking at your configs, i would assume that yes, end users need to be able to reach openvidu.

RE: Where does this project go? - Added by Josip Almasi over 2 years ago

First, VRSpace server creates OpenVidu chatroom corresponding to a virtual world.
Then when a user enters/exits a world, VRSpace server adds/removes the user to the chatroom.
All the usual REST calls.

Over websockets, vrspace server pushes connection parameters to the client, that's only one so far - a token generated by openvidu.
Web client uses it to initiate websocket control connection to OpenVidu, and then WebRTC connection to Kurento. It's all bundled in the same docker image so we call it simply openvidu, but is rather complex system for itself.
It's also rather complex set of network protocols, STUN, TURN and whatnot.

Once WebRTC streaming starts, the client maps incoming audio stream and/or video texture to the appropriate avatar.

    (1-17/17)