hckrnws
Perhaps perfect granularity of social networks can be achieved if little "towns" are aggregated on top of small Unix servers or VPS.
A 1GHz 1GB compute unit can probably handle 1000 people, with IRC level chatting and light browsing a text protocol like Gemini.
If each "town" has a maximum population before it becomes a grind and people want to move out there's a natural feedback mechanism.
Am elected local council can take care of some (sysadmin) things and vote on new services and boundary (firewall rules).
If people identify with an online location, instead of an amorphous brand maybe they'll take pride in the upkeep and so on.
It's an interesting metaphor/model, and the Tilde project certainly seems to have proved it can work. I wonder what wisdom the inhabitants could give to other federated social projects?
This is what is happening with the Fediverse (sans the minimalism), only there is interoperability between all the small communities. I think it's the future, as long as it doesn't grow to fast.
One particular choice of Mastodon is that pretty much everything federates all the time. Some local instances try to create a sense of local community, but other than the local timeline page you might as well be anywhere.
Hometown is a fork of Mastodon that adds a "local only" post feature, posts that deliberately do not federate. I think it's an interesting experiment. https://github.com/hometown-fork/hometown
> One particular choice of Mastodon is that pretty much everything federates all the time. Some local instances try to create a sense of local community, but other than the local timeline page you might as well be anywhere.
In theory.
In practice, this is the norm:
https://mastodon.social/about/more
https://wiki.todon.eu/todon/domainblocks
https://toot.cafe/about/more#blocked-instances
The latter doesn't even bother labeling the instances they don't like as "Hate Speech", apparently free speech is enough.
I wasn't thinking of the isolated little hate communities when I said "pretty much everything". Truth Social is another isolated little community based on Mastodon, for that matter.
That's not a million miles away from how Second Life operated (and still does). Where the 'Land' & 'Estates' (and parcels within them) were servers. Each has their own limitations to how many user avatars they can support at one time.
People flock to places they identity with. Buy parcels. Build their own space and communities within communities.
As far as 'voting' and governance goes, I think there's room for development with blockchain login/identity/ownership and Decentralised Autonomous Organisations (DAOs) which support that.
> As far as 'voting' and governance goes, I think there's room for development with blockchain login/identity/ownership and Decentralised Autonomous Organisations (DAOs) which support that.
Immediately turning it into a community of crypto bros where the only subject is cryptocurrencies and derivations. A figurative and literal waste.
You can vote without Blockchain, somehow everyone forgot about that. In fact Blockchain and other "trustless" mechanisms are completely useless in a community where people know each other, since Sybil attacks require anonymity.
This is essentially what discord is. Most people find a group of under 100 people which is a more personal space to interact with.
Except that discord isn’t anything like that, having centralized control of all these groups on one platform with global rules enforced upon all of them (see the recent iOS NSFW ban)
I agree the technical foundations aren’t like that but the social structure is. The incredible ease of setting up a new server is a strict requirement for discord being successful. I don’t think we’re at a point where you can have people self host this stuff easily.
The average person realistically doesn't care. You can just use the desktop app and switch a toggle that turns off the nsfw ban which is what Apple requires for apps. Discord and similar IM apps have become small scale social hubs for the world.
If you do not care about censorship, lock-in, and their anti-privacy policy.
I for one refuse to touch Discord.
Yeah it's mad how many FOSS projects use it for their comms. Like home assistant. Which was developed to keep your home automation away from the data mining cloud services. Yet to chat with them you have to use discord.
It's terrible considering there's so many good alternatives available that work great and offer the same user experience while respecting your privacy.
Discord even use this fact for advertising now :( https://discord.com/open-source
Unfortunately, it’s where the people are.
There’s some overlapping ideas with how groups on urbit operate. Though urbit goes further down the stack to replace the bits that make managing a Linux server hard (fixing the incentives that lead to everyone having to be on one centralized server in the first place).
I guess the server should enable instant messages between its users and only offer email communication with people outside
you do see a version of these dynamics in mmorpgs like eve online
The OG version of this idea is of course the Super Dimensional Fortress: http://sdf.org/
SDF is tons of fun, and good people. I wish I had more time to experiment with the systems and build my own space there, but anyone interested in preservation of the Old Ways of the Internet should certainly spin up a free account and see what's what.
What does "OG" stands for?
OG means "original gangster", but now it's generally a quicker way of saying "original".
I thought it was "original generation"
"I think web apps have their place in the world of commerce but that people should not feel ashamed if they don't want to combine megabytes of javascript and css to their framework-powered dynamic blog just to put their thoughts online. People shouldn't also be forced to use corporate-mediated, surveillance-based platforms like Twitter and Facebook just to put some ideas up for others to see." [https://brutalistwebsites.com/tilde.town/]
Been a long wait.
You dont need JS nor massive frameworks to build a static web site in order to publish stuff online. I reccomend learning vanillla HTML which is very simple if you compare with modern JS and CSS frameworks.
This is my page on Tilde.town: https://tilde.town/~sithlord/
It's a hand-written, kind of ugly test bed for random things. I have a random startup generator. It's stupid.
I love this community.
Hey sithlord! It's been a while, but fun to see your page. I'm here: https://tilde.town/~canadaduane
I love having a simple page somewhere, hosted within a community that might take a peek every once in a while. Feels like a lot less lonely of a vast Internet.
For sure! I haven't posted in chat in ages, though. I should probably jump back in.
i really should get off chat more, haven't even run into you two :P
Every single hot sauce your generator comes up with sounds amazing
I did try to put thought into that one, haha.
It is very convenient. Similar tilde sites https://tilde.club/, more details can be found in tildeverse.org https://tildeverse.org/
The .org link seems to be a rick-roll.
Many sites, including that .org link, have redirects for users coming from HN (because HN has a lot of trolls, though you may not see them unless you have showdead enabled)
I turn off referers in my browser. There is no reason to have it on, especially cross-origin. It's only good for tracking and not much else.
Didn't it get used for some login flows?
Yeah. You can re-enable them when needed, such as with https://addons.mozilla.org/en-US/firefox/addon/togglereferre...
That's hilarious. No wonder /g/ ridicules the Tildeverse whenever it's brought up.
What is shodead? Cannot find any relevant info on them.
showdead is a setting on your HN profile
It takes 3 seconds to check and prove that you are wrong about this case.
I took the 3 seconds to check and they were right.
jfred@lambdacrypt ~$ curl -IL https://tildeverse.org
HTTP/2 200
server: nginx/1.18.0 (Ubuntu)
date: Sat, 14 May 2022 14:05:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
jfred@lambdacrypt ~$ curl -IL https://tildeverse.org -H "Referer: https://news.ycombinator.com"
HTTP/2 301
server: nginx/1.18.0 (Ubuntu)
date: Sat, 14 May 2022 14:06:18 GMT
content-type: text/html
content-length: 178
location: https://www.youtube.com/watch?v=dQw4w9WgXcQ
strict-transport-security: max-age=31536000It takes a similar amount of time to prove that he is correct.
If you copy the link into a new window instead of coming from HN, you get a different result.
This is crazy. What an absolute gem to discover all this.
The procedure for credential reset sounds a little concerning:
> are you a town resident that lost their ssh key? try this: using the email address with which you registered, send an email to root@tilde.town. put "new public key" in the subject. include the new public key in the body of the email
Hopefully they will at least reply to confirm the person can actually read the email instead of just replacing pubkeys from any forged from-address.
It does seem like they read the emails. A reminder that the web can be social.
Reading the emails is not enough: they would need to send some secret to the email associated with the account to link the power to exhange keys to ownership of the account. Just reading a legit-sounding email and relying on from-address is 100% suspectible to abuse.
This is a operation for people to have little sandboxes for fun. Not only is the threat model signify lower than your average social network but the blast radius too.
It’s also worth noting that there’s a multitude of ways one could take over these machines if they were determined enough. The entire principle behind this is giving people shell access for giggles. So we aren’t exactly taking about VPSs for serious business here.
While security is always important for anything online, it’s also important that security is balanced against appropriateness. Here the point is a little slice of the old days even though that does invite some risk.
Usually your email doesn’t even make it into the spam folder but just gets straight rejected if the DKIM signature isn’t valid.
Unless the admin doesn’t know how to run an email server in 2022.
It's also worth considering threat models. It may be worth risking account takeover if they can keep the reset flow user friendly. Not every site needs bulletproof security, this one seems lower risk.
If the person can't read the email, then they can't read the key.
This is exactly how credential reset works on every system with registered backup email address, include Google.
The only risk is if they send the key to the wrong email address, such as From and Reply-To.
> If the person can't read the email, then they can't read the key.
You’re sending them your public key, not receiving a private key.
I've not seen this discussed anywhere, and it's a bit of an under documented facet nowadays.
But, how does one go about securing a "tilde town".
That is, when you're letting random strangers have access to your machine with a fully operating shell, all of the Unix tool suite, and even programming languages, what's the threat level like?
Most security today is keeping people off the server in the first place, but here we're holding the door open for them.
Back in the day, I had a Netcom dial up shell account. So, I assume there's some way to secure a system where folks log in to a random machine and have their home directory NFS mounted. In the old days, there was NIS, but that's right out from what I can read. Replaced with LDAP I reckon.
Anyway, I appreciate that many of these communities are "Friendly", with several "don't do that" clauses in their guidelines, but that doesn't mean there's not room for stuff to be better secured.
Any write ups on this?
Ive made https://webide.se that gives you a Linux shell on a shared machine. I count on Linux to be secure by default. So users are free to do whatever they want except email spam, dos attacks, and crypto mining which is blocked by iptables. Im working on giving each user their own IP but for now incoming connections are proxied via http proxy and unix sockets and wildcard domain name so that foo.user.webide.se is proxied to /home/user/sock/foo
Similar services use Docker containers or VPS for user isolation.
I don't know about this site in particular but sometimes they're just writing application servers that utilize the ssh protocol.
> But, how does one go about securing a "tilde town".
On top of something like charm, you can also use a force command when using ssh to limit the commands a user can take within the session.
“On top of something like charm”
my autismometer just exploded
These things are always seem really cool but I feel like I don't know how to use them. Anyone have a use case they can share? Like what do you do on this site? How does it provide you with some type of value/or compel you to spend time on?
This brings back fond memories, grex was my first shell and a large influence on everything which followed http://www.cyberspace.org/grex.xhtml
Thirty years old this year, my goodness. Wild that an online space I was using 'talk' on when Hackers was in theaters is still around and kicking.
You might also check out #!, a similar community running for over 20 years.
I wonder what kind of things are interesting to do on a server under ssh. Write files? have websites? Ascii art? It's a bit hard to me to grasp what is the "fun" in this project.
This is one of those moments where "if you have to ask, you'll never know" is appropriate.
All of the above. Socialize with other members. Write CGI scripts to do interactive stuff. Ctrl-C Club keeps a list of neat things their members are doing here: https://ctrl-c.club/#frigginsweet
The fun of creating a website.
Play in the MUD
Interesting, the SSH join form doesn't ask for an email, so they have no way of getting back to me with their answer.
Yes it does. https://cgi.tilde.town/users/signup
"e-mail: "
The hardest part is deciding which answer to "are you a robot?" is correct.
I was just looking around the other day, and can't reccomend enougj to do so yourself-- several user's pages are gems of character, one in particular has great nostalgia links like textfiles.com, and the site really captures small-web vibes.
Tilde.town is pretty great. Nice community and handy as a reserve ssh host.
Be careful though with stuff like port forwarding on a shared computer because forwarded ports are accessible to all users on the same machine.
I miss this small-community feel from the early internet days. Social media really blew up the togetherness you feel from being around a finite number of people.
past discussion:
Ah, shell accounts! Such nostalgia. I ran an Eggdrop bot on one for years. Great way to dip my toes into Linux-land.
One thing I miss from that era (or, at least, one thing I am thankful to experience) is that I got to learn how to _use_ Linux before I had to _administer_ Unix.
I feel bad for "kids these days" who didn't get to find their way around on a well-administered shared university server or similar.
It’s funny none of the links work except for the donate one. What’s the story there?
[dead]
https://tilde.town/wiki/conduct.html
The aesthetic is late 90s, but the attitude towards censorship is squarely late 2010s. Neocities is better; much less pozzed.
> If anyone asks you to stop a particular kind of behavior, always err on the side of respecting their wishes. If you believe their request is unreasonable or unfair, ask an admin, but don't respond with hostility.
That does seem rather lopsided:\
It seems like run-of-the-mill good, mature behavior to me. I'm not perfect in my behavior, but there is rarely a good moment to be hostile. Among other things, it empowers the other person to turn me into someone I don't want to be.
> Among other things, it empowers the other person to turn me into someone I don't want to be.
That's the problem, yes. Considering all input is reasonable. Giving every troll you meet power over you is not.
Meh, this is to be expected by some communities.
The cool thing is the tilde communities in general, not this specific one. Anyone can start one, they're small, community oriented, simple and light little online spaces that can be a lot of fun.
I don't understand the problem with "don't be an ass" as a major rule
> pozzed
? Is this a signal of something?
Crafted by Rajat
Source Code