Tilde.town is a computer meant for sharing

265
20
13 days
(tilde.town)
by memorable

Comments

nonrandomstring
13 days

Perhaps perfect granularity of social networks can be achieved if little "towns" are aggregated on top of small Unix servers or VPS.

A 1GHz 1GB compute unit can probably handle 1000 people, with IRC level chatting and light browsing a text protocol like Gemini.

If each "town" has a maximum population before it becomes a grind and people want to move out there's a natural feedback mechanism.

Am elected local council can take care of some (sysadmin) things and vote on new services and boundary (firewall rules).

If people identify with an online location, instead of an amorphous brand maybe they'll take pride in the upkeep and so on.

It's an interesting metaphor/model, and the Tilde project certainly seems to have proved it can work. I wonder what wisdom the inhabitants could give to other federated social projects?

rsolva
13 days

This is what is happening with the Fediverse (sans the minimalism), only there is interoperability between all the small communities. I think it's the future, as long as it doesn't grow to fast.

NelsonMinar
13 days

One particular choice of Mastodon is that pretty much everything federates all the time. Some local instances try to create a sense of local community, but other than the local timeline page you might as well be anywhere.

Hometown is a fork of Mastodon that adds a "local only" post feature, posts that deliberately do not federate. I think it's an interesting experiment. https://github.com/hometown-fork/hometown

account42
11 days

> One particular choice of Mastodon is that pretty much everything federates all the time. Some local instances try to create a sense of local community, but other than the local timeline page you might as well be anywhere.

In theory.

In practice, this is the norm:

https://mastodon.social/about/more

https://wiki.todon.eu/todon/domainblocks

https://toot.cafe/about/more#blocked-instances

The latter doesn't even bother labeling the instances they don't like as "Hate Speech", apparently free speech is enough.

NelsonMinar
10 days

I wasn't thinking of the isolated little hate communities when I said "pretty much everything". Truth Social is another isolated little community based on Mastodon, for that matter.

ourcat
13 days

That's not a million miles away from how Second Life operated (and still does). Where the 'Land' & 'Estates' (and parcels within them) were servers. Each has their own limitations to how many user avatars they can support at one time.

People flock to places they identity with. Buy parcels. Build their own space and communities within communities.

As far as 'voting' and governance goes, I think there's room for development with blockchain login/identity/ownership and Decentralised Autonomous Organisations (DAOs) which support that.

latexr
13 days

> As far as 'voting' and governance goes, I think there's room for development with blockchain login/identity/ownership and Decentralised Autonomous Organisations (DAOs) which support that.

Immediately turning it into a community of crypto bros where the only subject is cryptocurrencies and derivations. A figurative and literal waste.

remram
13 days

You can vote without Blockchain, somehow everyone forgot about that. In fact Blockchain and other "trustless" mechanisms are completely useless in a community where people know each other, since Sybil attacks require anonymity.

Gigachad
13 days

This is essentially what discord is. Most people find a group of under 100 people which is a more personal space to interact with.

kuschku
13 days

Except that discord isn’t anything like that, having centralized control of all these groups on one platform with global rules enforced upon all of them (see the recent iOS NSFW ban)

klysm
13 days

I agree the technical foundations aren’t like that but the social structure is. The incredible ease of setting up a new server is a strict requirement for discord being successful. I don’t think we’re at a point where you can have people self host this stuff easily.

Gigachad
13 days

The average person realistically doesn't care. You can just use the desktop app and switch a toggle that turns off the nsfw ban which is what Apple requires for apps. Discord and similar IM apps have become small scale social hubs for the world.

lrvick
13 days

If you do not care about censorship, lock-in, and their anti-privacy policy.

I for one refuse to touch Discord.

GekkePrutser
12 days

Yeah it's mad how many FOSS projects use it for their comms. Like home assistant. Which was developed to keep your home automation away from the data mining cloud services. Yet to chat with them you have to use discord.

It's terrible considering there's so many good alternatives available that work great and offer the same user experience while respecting your privacy.

Discord even use this fact for advertising now :( https://discord.com/open-source

klysm
12 days

Unfortunately, it’s where the people are.

fossuser
13 days

There’s some overlapping ideas with how groups on urbit operate. Though urbit goes further down the stack to replace the bits that make managing a Linux server hard (fixing the incentives that lead to everyone having to be on one centralized server in the first place).

HidyBush
13 days

I guess the server should enable instant messages between its users and only offer email communication with people outside

pm90
13 days

you do see a version of these dynamics in mmorpgs like eve online

IgorPartola
13 days

The OG version of this idea is of course the Super Dimensional Fortress: http://sdf.org/

tinsmith
13 days

SDF is tons of fun, and good people. I wish I had more time to experiment with the systems and build my own space there, but anyone interested in preservation of the Old Ways of the Internet should certainly spin up a free account and see what's what.

tecleandor
13 days

What does "OG" stands for?

sphars
13 days

OG means "original gangster", but now it's generally a quicker way of saying "original".

yjftsjthsd-h
12 days

I thought it was "original generation"

8bitsrule
13 days

"I think web apps have their place in the world of commerce but that people should not feel ashamed if they don't want to combine megabytes of javascript and css to their framework-powered dynamic blog just to put their thoughts online. People shouldn't also be forced to use corporate-mediated, surveillance-based platforms like Twitter and Facebook just to put some ideas up for others to see." [https://brutalistwebsites.com/tilde.town/]

Been a long wait.

z3t4
12 days

You dont need JS nor massive frameworks to build a static web site in order to publish stuff online. I reccomend learning vanillla HTML which is very simple if you compare with modern JS and CSS frameworks.

bovermyer
13 days

This is my page on Tilde.town: https://tilde.town/~sithlord/

It's a hand-written, kind of ugly test bed for random things. I have a random startup generator. It's stupid.

I love this community.

canadaduane
12 days

Hey sithlord! It's been a while, but fun to see your page. I'm here: https://tilde.town/~canadaduane

I love having a simple page somewhere, hosted within a community that might take a peek every once in a while. Feels like a lot less lonely of a vast Internet.

bovermyer
12 days

For sure! I haven't posted in chat in ages, though. I should probably jump back in.

the_default
12 days

i really should get off chat more, haven't even run into you two :P

mjfisher
12 days

Every single hot sauce your generator comes up with sounds amazing

bovermyer
11 days

I did try to put thought into that one, haha.

hieloz
13 days

It is very convenient. Similar tilde sites https://tilde.club/, more details can be found in tildeverse.org https://tildeverse.org/

sherr
13 days

The .org link seems to be a rick-roll.

kuschku
13 days

Many sites, including that .org link, have redirects for users coming from HN (because HN has a lot of trolls, though you may not see them unless you have showdead enabled)

alwayslikethis
12 days

I turn off referers in my browser. There is no reason to have it on, especially cross-origin. It's only good for tracking and not much else.

yjftsjthsd-h
12 days

Didn't it get used for some login flows?

alwayslikethis
12 days

Yeah. You can re-enable them when needed, such as with https://addons.mozilla.org/en-US/firefox/addon/togglereferre...

453453636
12 days

That's hilarious. No wonder /g/ ridicules the Tildeverse whenever it's brought up.

memorable OP
13 days

What is shodead? Cannot find any relevant info on them.

david_allison
13 days

showdead is a setting on your HN profile

lupire
13 days

It takes 3 seconds to check and prove that you are wrong about this case.

ryukafalz
13 days

I took the 3 seconds to check and they were right.

  jfred@lambdacrypt ~$ curl -IL https://tildeverse.org
  HTTP/2 200
  server: nginx/1.18.0 (Ubuntu)
  date: Sat, 14 May 2022 14:05:51 GMT
  content-type: text/html; charset=UTF-8
  vary: Accept-Encoding
  strict-transport-security: max-age=31536000
  
  jfred@lambdacrypt ~$ curl -IL https://tildeverse.org -H "Referer: https://news.ycombinator.com"
  HTTP/2 301
  server: nginx/1.18.0 (Ubuntu)
  date: Sat, 14 May 2022 14:06:18 GMT
  content-type: text/html
  content-length: 178
  location: https://www.youtube.com/watch?v=dQw4w9WgXcQ
  strict-transport-security: max-age=31536000
yardshop
13 days

It takes a similar amount of time to prove that he is correct.

If you copy the link into a new window instead of coming from HN, you get a different result.

sva_
12 days

This is crazy. What an absolute gem to discover all this.

vnorilo
13 days

The procedure for credential reset sounds a little concerning:

> are you a town resident that lost their ssh key? try this: using the email address with which you registered, send an email to root@tilde.town. put "new public key" in the subject. include the new public key in the body of the email

Hopefully they will at least reply to confirm the person can actually read the email instead of just replacing pubkeys from any forged from-address.

Affric
13 days

It does seem like they read the emails. A reminder that the web can be social.

vnorilo
13 days

Reading the emails is not enough: they would need to send some secret to the email associated with the account to link the power to exhange keys to ownership of the account. Just reading a legit-sounding email and relying on from-address is 100% suspectible to abuse.

hnlmorg
13 days

This is a operation for people to have little sandboxes for fun. Not only is the threat model signify lower than your average social network but the blast radius too.

It’s also worth noting that there’s a multitude of ways one could take over these machines if they were determined enough. The entire principle behind this is giving people shell access for giggles. So we aren’t exactly taking about VPSs for serious business here.

While security is always important for anything online, it’s also important that security is balanced against appropriateness. Here the point is a little slice of the old days even though that does invite some risk.

mccorrinall
13 days

Usually your email doesn’t even make it into the spam folder but just gets straight rejected if the DKIM signature isn’t valid.

Unless the admin doesn’t know how to run an email server in 2022.

8organicbits
13 days

It's also worth considering threat models. It may be worth risking account takeover if they can keep the reset flow user friendly. Not every site needs bulletproof security, this one seems lower risk.

lupire
13 days

If the person can't read the email, then they can't read the key.

This is exactly how credential reset works on every system with registered backup email address, include Google.

The only risk is if they send the key to the wrong email address, such as From and Reply-To.

lights0123
13 days

> If the person can't read the email, then they can't read the key.

You’re sending them your public key, not receiving a private key.

whartung
12 days

I've not seen this discussed anywhere, and it's a bit of an under documented facet nowadays.

But, how does one go about securing a "tilde town".

That is, when you're letting random strangers have access to your machine with a fully operating shell, all of the Unix tool suite, and even programming languages, what's the threat level like?

Most security today is keeping people off the server in the first place, but here we're holding the door open for them.

Back in the day, I had a Netcom dial up shell account. So, I assume there's some way to secure a system where folks log in to a random machine and have their home directory NFS mounted. In the old days, there was NIS, but that's right out from what I can read. Replaced with LDAP I reckon.

Anyway, I appreciate that many of these communities are "Friendly", with several "don't do that" clauses in their guidelines, but that doesn't mean there's not room for stuff to be better secured.

Any write ups on this?

z3t4
12 days

Ive made https://webide.se that gives you a Linux shell on a shared machine. I count on Linux to be secure by default. So users are free to do whatever they want except email spam, dos attacks, and crypto mining which is blocked by iptables. Im working on giving each user their own IP but for now incoming connections are proxied via http proxy and unix sockets and wildcard domain name so that foo.user.webide.se is proxied to /home/user/sock/foo

Similar services use Docker containers or VPS for user isolation.

xhrpost
12 days

I don't know about this site in particular but sometimes they're just writing application servers that utilize the ssh protocol.

https://github.com/charmbracelet/wish

qudat
12 days

> But, how does one go about securing a "tilde town".

On top of something like charm, you can also use a force command when using ssh to limit the commands a user can take within the session.

tonguez
12 days

“On top of something like charm”

my autismometer just exploded

Taylor_OD
12 days

These things are always seem really cool but I feel like I don't know how to use them. Anyone have a use case they can share? Like what do you do on this site? How does it provide you with some type of value/or compel you to spend time on?

samatman
13 days

This brings back fond memories, grex was my first shell and a large influence on everything which followed http://www.cyberspace.org/grex.xhtml

Thirty years old this year, my goodness. Wild that an online space I was using 'talk' on when Hackers was in theaters is still around and kicking.

lrvick
13 days

You might also check out #!, a similar community running for over 20 years.

https://hashbang.sh

kuu
13 days

I wonder what kind of things are interesting to do on a server under ssh. Write files? have websites? Ascii art? It's a bit hard to me to grasp what is the "fun" in this project.

inputvolch
13 days

This is one of those moments where "if you have to ask, you'll never know" is appropriate.

justusthane
13 days

All of the above. Socialize with other members. Write CGI scripts to do interactive stuff. Ctrl-C Club keeps a list of neat things their members are doing here: https://ctrl-c.club/#frigginsweet

memorable OP
13 days

The fun of creating a website.

lupire
13 days

Play in the MUD

imdsm
13 days

Interesting, the SSH join form doesn't ask for an email, so they have no way of getting back to me with their answer.

lupire
13 days

Yes it does. https://cgi.tilde.town/users/signup

"e-mail: "

The hardest part is deciding which answer to "are you a robot?" is correct.

LanternLight83
12 days

I was just looking around the other day, and can't reccomend enougj to do so yourself-- several user's pages are gems of character, one in particular has great nostalgia links like textfiles.com, and the site really captures small-web vibes.

GekkePrutser
12 days

Tilde.town is pretty great. Nice community and handy as a reserve ssh host.

Be careful though with stuff like port forwarding on a shared computer because forwarded ports are accessible to all users on the same machine.

mmastrac
13 days

I miss this small-community feel from the early internet days. Social media really blew up the togetherness you feel from being around a finite number of people.

r3dk1ng
13 days
Commodore63
12 days

Ah, shell accounts! Such nostalgia. I ran an Eggdrop bot on one for years. Great way to dip my toes into Linux-land.

wlonkly
12 days

One thing I miss from that era (or, at least, one thing I am thankful to experience) is that I got to learn how to _use_ Linux before I had to _administer_ Unix.

I feel bad for "kids these days" who didn't get to find their way around on a well-administered shared university server or similar.

lloydatkinson
12 days

It’s funny none of the links work except for the donate one. What’s the story there?

Bessie69
13 days
453453636
12 days

https://tilde.town/wiki/conduct.html

The aesthetic is late 90s, but the attitude towards censorship is squarely late 2010s. Neocities is better; much less pozzed.

yjftsjthsd-h
12 days

> If anyone asks you to stop a particular kind of behavior, always err on the side of respecting their wishes. If you believe their request is unreasonable or unfair, ask an admin, but don't respond with hostility.

That does seem rather lopsided:\

wolverine876
12 days

It seems like run-of-the-mill good, mature behavior to me. I'm not perfect in my behavior, but there is rarely a good moment to be hostile. Among other things, it empowers the other person to turn me into someone I don't want to be.

yjftsjthsd-h
12 days

> Among other things, it empowers the other person to turn me into someone I don't want to be.

That's the problem, yes. Considering all input is reasonable. Giving every troll you meet power over you is not.

betwixthewires
12 days

Meh, this is to be expected by some communities.

The cool thing is the tilde communities in general, not this specific one. Anyone can start one, they're small, community oriented, simple and light little online spaces that can be a lot of fun.

matt321
9 days

I don't understand the problem with "don't be an ass" as a major rule

wolverine876
12 days

> pozzed

? Is this a signal of something?